发明名称 |
Proactive containment of network security attacks |
摘要 |
One embodiment disclosed relates to a method of proactive containment of network security attacks. Filtering parameters corresponding to a specific system vulnerability are determined. These parameters are distributed to network infrastructure components, and the network infrastructure components examine packets using these parameters to detect occurrence of an attack. Once an attack is detected, the network infrastructure components take action to inhibit the attack. Other embodiments are also disclosed. |
申请公布号 |
US9491185(B2) |
申请公布日期 |
2016.11.08 |
申请号 |
US201313893007 |
申请日期 |
2013.05.13 |
申请人 |
HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP |
发明人 |
Selep John;Sanchez Mauricio |
分类号 |
H04L29/06;G06F21/55 |
主分类号 |
H04L29/06 |
代理机构 |
Hewlett Packard Enterprise Patent Department |
代理人 |
Hewlett Packard Enterprise Patent Department |
主权项 |
1. A method of proactive containment of network security attacks, the method comprising:
identifying a specific system vulnerability; analyzing the specific system vulnerability to determine a network behavior that exploits the specific system vulnerability; determining, based upon the analysis, filtering parameters to be applied by packet filters at network infrastructure components; and distributing said filtering parameters to the network infrastructure components, wherein the network infrastructure components are to examine received packets using said filtering parameters to identify whether the packets include a predetermined sequence of packets that signal an occurrence of an attack against the specific system vulnerability, and wherein identifying the specific system vulnerability, analyzing the specific system vulnerability, determining the filtering parameters, and distributing the filtering parameters is performed prior to the identification by the network infrastructure components of a specific virus exploiting said vulnerability. |
地址 |
Houston TX US |