| 发明名称 | Detecting scans using a bloom counter | ||
| 摘要 | In certain embodiments, detecting scans may include receiving packets, where each packet has a target. The number of distinct targets of the packets may be counted using one or more Bloom counters. The number of distinct targets may satisfy a scan threshold for detecting a scan. If the scan threshold is satisfied, it is determined a scan is present. | ||
| 申请公布号 | US8789176(B1) | 申请公布日期 | 2014.07.22 |
| 申请号 | US201113041772 | 申请日期 | 2011.03.07 |
| 申请人 | Amazon Technologies, Inc. | 发明人 | Brandwine Eric J. |
| 分类号 | H04L29/06 | 主分类号 | H04L29/06 |
| 代理机构 | Davis Wright Tremaine LLP | 代理人 | Davis Wright Tremaine LLP |
| 主权项 | 1. A system comprising: one or more interfaces of an edge device of a computer network, the one or more interfaces operable to: receive a plurality of packets, each packet of the plurality of packets having a target; and one or more processing units of the edge device, the one or more processing units operable to: access a Bloom filter comprising an array and associated with a plurality of hash functions, the plurality of hash functions mapping an element of a set of distinct targets to a plurality of element array positions;perform the following for one or more packets of the plurality of packets using one or more Bloom counters, at least a subset of the one or more Bloom counters counting for a predetermined time period to yield a time period count: determine whether a target of a packet is an element of the set of distinct targets recorded in the Bloom filter; andif the target is not an element of the set of distinct targets, add the target to the set of distinct targets;determine if a number of distinct targets in the set of distinct targets satisfies a scan threshold for detecting a scan; anddetermine that a scan is present if the scan threshold is satisfied. | ||
| 地址 | Reno NV US | ||