Automated network interface attack response
First Claim
Patent Images
1. A method comprising:
- detecting, in real-time, an attack on a web interface of a computing system having a plurality of web interfaces, wherein the web interface includes a plurality of potential vulnerable elements and wherein each of the web interfaces includes a plurality of potential vulnerable elements, wherein the detecting comprises identifying a database error signaling that the web interface was not programmed to process the attack;
gathering data on the attack;
determining variants of the attack based on data of the attack, wherein the variants are a subset of a predetermined set of attack variants;
scanning, based on the attack, the web interface with the variants of the attack;
determining vulnerability of the web interface to the variants of the attack; and
responding to the attack without human intervention based on the determined vulnerability of the web interface to the variants of the attack.
1 Assignment
0 Petitions
Accused Products
Abstract
An attack upon a web interface is detected in real-time. The web interface is one of many web interfaces across many ports across many computer systems within a network. Data on the attack is gathered. The attack data includes traffic data. Variants of the attack are determined based on data of the attack. The variants are selected from a predetermined set of attack variants. The attacked interface is scanned with the selected attack variants. The web interface is identified as vulnerable to at least one variant of the attack. In response to this identification, the attack is responded to without human intervention.
13 Citations
20 Claims
-
1. A method comprising:
-
detecting, in real-time, an attack on a web interface of a computing system having a plurality of web interfaces, wherein the web interface includes a plurality of potential vulnerable elements and wherein each of the web interfaces includes a plurality of potential vulnerable elements, wherein the detecting comprises identifying a database error signaling that the web interface was not programmed to process the attack; gathering data on the attack; determining variants of the attack based on data of the attack, wherein the variants are a subset of a predetermined set of attack variants; scanning, based on the attack, the web interface with the variants of the attack; determining vulnerability of the web interface to the variants of the attack; and responding to the attack without human intervention based on the determined vulnerability of the web interface to the variants of the attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer system comprising:
-
a memory; and one or more processing circuits communicatively coupled to the memory, wherein the one or more processing circuits are configured to detect, in real-time, an attack on a web interface of a computing system having a plurality of web interfaces, wherein the web interface includes a plurality of potential vulnerable elements and wherein each of the web interfaces includes a plurality of potential vulnerable elements, by identifying a database error signaling that the web interface was not programmed to process the attack, gather data on the attack, determine variants of the attack based on data of the attack, wherein the variants are a subset of a predetermined set of attack variants, scan, based on the attack, the web interface with the variants of the attack, determine vulnerability of the web interface to the variants of the attack, and respond to the attack without human intervention based on the determined vulnerability of the web interface to the variants of the attack. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer processor to cause the computer processor to:
-
detect, in real-time, an attack on a web interface of a computing system having a plurality of web interfaces, wherein the web interface includes a plurality of potential vulnerable elements and wherein each of the web interfaces includes a plurality of potential vulnerable elements, by identifying a database error signaling that the web interface was not programmed to process the attack; gather data on the attack; determine variants of the attack based on data of the attack, wherein the variants are a subset of a predetermined set of attack variants; scan, based on the attack, the web interface with the variants of the attack; determine vulnerability of the web interface to the variants of the attack; and respond to the attack without human intervention based on the determined vulnerability of the web interface to the variants of the attack. - View Dependent Claims (17, 18, 19, 20)
-
Specification