主权项 |
1. A method of determining a first suspect in a resource exhaustion attack against a target automated processor communicatively connected to a data communication network, the method comprising:
monitoring a plurality of data processing requests received over the data communication network from a remote sender; identifying a first transition, dependent on a first sequence of data processing requests comprising a first data processing request of the plurality of data processing requests and a second data processing request of the plurality of data processing requests; determining, with an automated processor, a first anomaly profile for the remote sender based on a first anomaly representation assigned to the first transition and a second anomaly representation determined for the remote sender; determining, with the automated processor, based on the first anomaly profile, that the remote sender is the first suspect in the resource exhaustion attack; and based on the determining of the first suspect, taking action with the automated processor of at least one of: communicating a message dependent on the determining, and modifying at least one data processing request of the plurality of data processing requests. |