Stealth network attack monitoring
First Claim
Patent Images
1. At least one machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- identify a particular failed connection attempt initiated by a particular source asset in a network;
track subsequent failed connection attempts initiated by the particular source asset in the network during a time period;
determine whether the subsequent failed connection attempts during the time period correspond to a low frequency failed connection attempt rate corresponding to an attempted stealth attack, wherein the stealth attack is characterized by a low frequency series of connection attempts; and
designate the source asset as a potential security risk based on a determination that the subsequent failed connection attempts correspond to the low frequency failed connection attempt rate.
9 Assignments
0 Petitions
Accused Products
Abstract
A particular failed connection attempt initiated by a particular source asset in a network is identified and subsequent failed connection attempts initiated by the particular source asset in the network during a time period are tracked. A low frequency sequence of failed connection attempts involving the particular source asset is detected during the time period and the source asset is designated as a potential security risk based on the detected low frequency sequence of failed connection attempts.
-
Citations
23 Claims
-
1. At least one machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- identify a particular failed connection attempt initiated by a particular source asset in a network;
track subsequent failed connection attempts initiated by the particular source asset in the network during a time period;
determine whether the subsequent failed connection attempts during the time period correspond to a low frequency failed connection attempt rate corresponding to an attempted stealth attack, wherein the stealth attack is characterized by a low frequency series of connection attempts; and
designate the source asset as a potential security risk based on a determination that the subsequent failed connection attempts correspond to the low frequency failed connection attempt rate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- identify a particular failed connection attempt initiated by a particular source asset in a network;
-
14. A method comprising:
-
identifying a particular failed connection attempt initiated by a particular source asset in a network; tracking subsequent failed connection attempts initiated by the particular source asset in the network during a time period; determining that the subsequent failed connection attempts during the time period comprise a low frequency sequence of repeated failed connection attempts according to a low frequency failed connection attempt rate corresponding to an attempted stealth attack; and designating the source asset as a potential security risk based on determining that the sequence of failed connection attempts correspond to the low frequency failed connection attempt rate. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. A system comprising:
-
a data processing apparatus; a storage medium; and attack detection logic, executable by the data processing apparatus to; identify a particular failed connection attempt initiated by a particular source asset in a network; track subsequent failed connection attempts initiated by the particular source asset in the network during a time period; determine whether the subsequent failed connection attempts during the time period correspond to a low frequency failed connection attempt rate corresponding to a stealth attack, wherein the stealth attack is characterized by a low frequency sequence of connection attempts; and designate the source asset as a potential security risk based on a determination that the subsequent failed connection attempts correspond to the low frequency failed connection attempt rate. - View Dependent Claims (22, 23)
-
Specification