发明名称 |
INTRUSION DETECTION TO PREVENT IMPERSONATION ATTACKS IN COMPUTER NETWORKS |
摘要 |
In an embodiment, a central computer performs a data processing method. The central computer receives telemetry data from intrusion sensors. The central computer stores authentication records in a hosts database. Each authentication record is based on the telemetry data and comprises a thumbprint of a public key certificate and a host identifier of a sender computer. The central computer receives a suspect record that was sent by a first intrusion sensor. The suspect record has a first particular thumbprint of a first particular public key certificate and a first particular host identifier of a suspect sender. From the hosts database, the central computer searches for a matching record having a same host identifier as the first particular host identifier of the suspect record and a same thumbprint as the first particular thumbprint of the suspect record. The central computer generates an intrusion alert when no matching record is found. |
申请公布号 |
US2016344768(A1) |
申请公布日期 |
2016.11.24 |
申请号 |
US201514717127 |
申请日期 |
2015.05.20 |
申请人 |
Cisco Technology, Inc. |
发明人 |
MCGREW DAVID;RIGOUDY TITOUAN |
分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
代理机构 |
|
代理人 |
|
主权项 |
1. A data processing method comprising:
a central computer receiving telemetry data from a plurality of intrusion sensors; the central computer storing authentication records in a hosts database, wherein each authentication record is based on the telemetry data and comprises a thumbprint of a public key certificate and a host identifier of a sender computer; the central computer receiving a suspect record that was sent by a first intrusion sensor and comprising a first particular thumbprint of a first particular public key certificate and a first particular host identifier of a suspect sender computer; the central computer determining whether the hosts database contains a matching record having a same host identifier as the first particular host identifier of the suspect record and a same thumbprint as the first particular thumbprint of the suspect record; and the central computer generating an intrusion alert when no matching record is found. |
地址 |
San Jose CA US |