Method of and system for computer system denial-of-service protection
First Claim
Patent Images
1. A method of denial-of-service protection for a computer system comprises:
- collecting network data information from an interface receiving network data from one or more sources;
collecting application data describing attributes of one or more software applications utilized by the computer system;
identifying a subset of the network data as associated with the application data, the subset of network data including less than all of the collected network data;
receiving a system exploitation indication identifying detection of an attempt by malicious code to access a predetermined memory address;
analyzing the subset of the network data information to identify a malicious source corresponding to the malicious code, from the one or more sources; and
processing network data originating from the malicious source to prevent denial-of-service, wherein processing the network data includes redirecting network traffic associated with the malicious source to another system, wherein at least a portion of the redirected traffic is analysed at the other system.
11 Assignments
0 Petitions
Accused Products
Abstract
A method of and system for protecting a computer system against denial-of-service attacks or other exploitation. The method comprises collecting network data and analyzing the network data using statistical and heuristic techniques to identify the source of the exploitation upon receiving an indication of exploitation. Upon identifying the network source, the network data associated with the network is blocked, redirected, or flow controlled. Preferably, the method also includes identifying when the system is being exploited.
-
Citations
26 Claims
-
1. A method of denial-of-service protection for a computer system comprises:
-
collecting network data information from an interface receiving network data from one or more sources; collecting application data describing attributes of one or more software applications utilized by the computer system; identifying a subset of the network data as associated with the application data, the subset of network data including less than all of the collected network data; receiving a system exploitation indication identifying detection of an attempt by malicious code to access a predetermined memory address; analyzing the subset of the network data information to identify a malicious source corresponding to the malicious code, from the one or more sources; and processing network data originating from the malicious source to prevent denial-of-service, wherein processing the network data includes redirecting network traffic associated with the malicious source to another system, wherein at least a portion of the redirected traffic is analysed at the other system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for denial-of-service protection comprising:
-
a storage component containing network data information; a network interface component configured to collect network data information from one or more sources; an analysis component configured to collect application data describing attributes of one or more software applications utilized by the system, identify a subset of the network data information associated with the application data, the subset of network data information including less than all of the collected network data information, receive a system exploitation indication identifying detection of an attempt by malicious code to access a predetermined memory address, and analyze the subset of the network data to identify a malicious source corresponding to the malicious code; and a processing component configured to process network data from the malicious source, wherein processing the network data includes redirecting network traffic associated with the malicious source to another system, wherein at least a portion of the redirected traffic is analysed at the other system. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer device comprising a non-transitory, computer-readable storage medium having computer executable instruction thereon for denial-of-service protection by performing the steps:
-
collecting network data information from an interface receiving network data from one or more sources; collecting application data describing attributes of one or more software applications utilized by the system; identifying a subset of the network data as associated with the application data, the subset of network data including less than all of the collected network data; receiving a system exploitation indication identifying detection of an attempt by malicious code to access a predetermined memory address; analyzing the subset of the network data information to identify a malicious source corresponding to the malicious code, from the one or more sources; and processing the network data originating from the malicious source, wherein processing the network data includes redirecting network traffic associated with the malicious source to another system, wherein at least a portion of the redirected traffic is analysed at the other system. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
Specification