发明名称 |
Automatically detecting malicious computer network reconnaissance by updating state codes in a histogram |
摘要 |
A detection and response system that generates an Alert if unauthorized scanning is detected on a computer network that includes a look-up table to record state value corresponding to the sequence in which SYN, SYN/ACK and RST packets are observed. A set of algorithms executed on a processing engine adjusts the state value in response to observing the packets. When the state value reaches a predetermined value indicating that all three packets have been seen, the algorithm generates an Alert.
|
申请公布号 |
US7734776(B2) |
申请公布日期 |
2010.06.08 |
申请号 |
US20080040065 |
申请日期 |
2008.02.29 |
申请人 |
INTERNATIONAL BUSINESS MACHINES CORPORATION |
发明人 |
BOULANGER ALAN D.;DANFORD ROBERT W.;HIMBERGER KEVIN D.;JEFFRIES CLARK D.;SINGH RAJ K. |
分类号 |
G06F15/173;G06F11/00;G06F12/14;G06F12/16;G08B23/00;H04L12/26;H04L29/06 |
主分类号 |
G06F15/173 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|