发明名称 |
A device for evaluating traffic on a computer network to detect traffic abnormalities such as a denial of service attack |
摘要 |
A traffic evaluation device includes a data interface to receive one or both network traffic and data indicative of the characteristics of network traffic and processing means operable to evaluate the network traffic and/or data received by the data interface for predetermined characteristics that indicate that the network traffic contains a subset of abnormal traffic and upon detection of the predetermined characteristics retrieve from memory information defining a superset and provide an output defining the superset. The superset is a portion of the network traffic that contains the subset and defines network traffic that may be redirected and/or clocked by a network device. An apparatus for monitoring network traffic for a traffic profile abnormality includes data volume observing means for observing the volume of data communicated to or within a network and data classification means for classifying data communicated to or within the network into one or more of a plurality of classes and a processing means to operable to: a) for at least one pair of classes compute a ratio of observed data volume of one class or a function of the observed data volume of one or more classes to observed data volume of another class or function of observed data volume of one or more classes; b) evaluate whether the one or more ratios indicate abnormal network traffic against predetermined criteria and if so output either or both of a signal indicating the potential occurrence of an abnormality or instructions to a network device to take predetermined action in response to the abnormality.
|
申请公布号 |
NZ516346(A) |
申请公布日期 |
2004.09.24 |
申请号 |
NZ20010516346 |
申请日期 |
2001.12.21 |
申请人 |
ESPHION LIMITED |
发明人 |
BRENDEL, JEURGEN |
分类号 |
H04L12/24;H04L12/26;H04L29/06;(IPC1-7):H04L29/06;H04L29/10;H04L12/56 |
主分类号 |
H04L12/24 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|