发明名称 |
ATTACK DETECTION AND PREVENTION USING GLOBAL DEVICE FINGERPRINTING |
摘要 |
This disclosure describes a global attacker database that utilizes device fingerprinting to uniquely identify devices. For example, a device includes one or more processors and network interface cards to receive network traffic directed to one or more computing devices protected by the device, send, to the remote device, a request for data points of the remote device, wherein the data points include characteristics associated with the remote device, and receive at least a portion of the requested data points. The device also includes a fingerprint module to compare the received portion of the data points to sets of data points associated with known attacker devices, and determine, based on the comparison, whether a first set of data points of a first known attacker device satisfies a similarity threshold. The device also includes an security module to selectively manage, based on the determination, additional network traffic directed to the computing devices. |
申请公布号 |
US2014283061(A1) |
申请公布日期 |
2014.09.18 |
申请号 |
US201313910019 |
申请日期 |
2013.06.04 |
申请人 |
Juniper Networks, Inc. |
发明人 |
Quinlan Daniel J.;Adams Kyle;Ibatullin Oskar;Morales Yuly Tenorio;Cameron Robert W.;Burns Bryan |
分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
代理机构 |
|
代理人 |
|
主权项 |
1. A method comprising:
receiving, by a security device and from a device, network traffic directed to one or more computing devices protected by the security device; responsive to receiving the network traffic, sending, by the security device and to the device, a request for a plurality of data points for the device, wherein the data points include characteristics associated with the device; receiving, by the security device and from the device, at least a portion of the requested plurality of data points; comparing, by the security device, the received portion of the requested plurality of data points to respective sets of data points associated with one or more known attacker devices; determining, based on the comparison, whether a first respective set of data points associated with a first known attacker device satisfies a similarity threshold; and selectively manage, based on the determination, additional network traffic directed to the one or more computing devices protected by the security device and received from the device. |
地址 |
Sunnyvale CA US |