METHOD, PROGRAM AND SYSTEM FOR AUTOMATICALLY DETECTING MALICIUS COMPUTER NETWORK RECONNAISSANCE
摘要
<p>A detection and response system that generates an Alert if unauthorized scanning is detected on a computer network that includes a look-up table to record state value corresponding to the sequence in which SYN, SYN/ACK and RST packets are observed. A set of algorithms executed on a processing engine adjusts the state value in response to observing the packets. When the state value reaches a predetermined value indicating that all three packets have been seen, the algorithm generates an Alert.</p>
申请公布号
WO2005015871(A1)
申请公布日期
2005.02.17
申请号
WO2004EP50968
申请日期
2004.06.08
申请人
INTERNATIONAL BUSINESS MACHINES CORPORATION;IBM UNITED KINGDOM LIMITED;BOULANGER, ALAN;DANFORD, ROBERT;HIMBERGER, KEVIN;JEFFRIES, CLARK;SINGH, RAJ
