×

Methods and systems to detect an evasion attack

  • US 8,613,088 B2
  • Filed: 10/23/2006
  • Issued: 12/17/2013
  • Est. Priority Date: 02/03/2006
  • Status: Active Grant
First Claim
Patent Images

1. A system comprising:

  • a repository to store a plurality of signature fragments that together constitute an attack signature;

    an interceptor to intercept data packets associated with a network connection;

    a detector to detect that a size of a data packet from the data packets is less than a size threshold, the detection that the size of the data packet is less than the size threshold indicating that the data packet cannot include at least one of the plurality of signature fragments; and

    a state machine to;

    commence maintaining a state for the network connection in response to the detector detecting that the size of the data packet is less than the size threshold, andbased on the state of the network connection, causing a reassembler to reassemble one or more of the intercepted data packets to identify a match between the reassembled data packets and a signature fragment from the plurality of signature fragments, wherein the match may cause a responder to perform a prevention action.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×