发明名称 |
Stealth network attack monitoring |
摘要 |
A particular failed connection attempt initiated by a particular source asset in a network is identified and subsequent failed connection attempts initiated by the particular source asset in the network during a time period are tracked. A low frequency sequence of failed connection attempts involving the particular source asset is detected during the time period and the source asset is designated as a potential security risk based on the detected low frequency sequence of failed connection attempts. |
申请公布号 |
US9172715(B2) |
申请公布日期 |
2015.10.27 |
申请号 |
US201314060062 |
申请日期 |
2013.10.22 |
申请人 |
McAfee, Inc. |
发明人 |
Mahadik Vinay;Madhusudan Bharath;Buruganahalli Shivakumar;Vissamsetty Venu |
分类号 |
G06F11/00;H04L29/06 |
主分类号 |
G06F11/00 |
代理机构 |
Patent Capital Group |
代理人 |
Patent Capital Group |
主权项 |
1. At least one machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to: identify a particular failed connection attempt initiated by a particular source asset in a network; track subsequent failed connection attempts initiated by the particular source asset in the network during a time period; determine whether the subsequent failed connection attempts during the time period correspond to a low frequency failed connection attempt rate corresponding to an attempted stealth attack, wherein the stealth attack is characterized by a low frequency series of connection attempts; and designate the source asset as a potential security risk based on a determination that the subsequent failed connection attempts correspond to the low frequency failed connection attempt rate. |
地址 |
Santa Clara CA US |