公开(公告)号：US20140201837A1

公开(公告)日：2014-07-17

申请号：US14107768

申请日：2013-12-16

Applicant: Cisco Technology, Inc.

Inventor： George Varghese ,  Flavio Giovanni Bonomi ,  John Andrew Fingerhut

IPC: H04L29/06

CPC classification number: H04L63/1408 ,  H04L63/145

Abstract: A method and system to detect an evasion attack are provided. The system may include a repository to store signature fragments that together constitute an attack signature, an interceptor to intercept a data packet associated with a network connection, a string-matching module to determine whether the payload of the data packet includes any of the stored signature fragments thereby identifying a match, a responder to perform a prevention action in response to the match, and a detector to detect that a size of the data packet is less than a size threshold. The system may further include a state machine to commence maintaining a state for the network connection in response to the detector determining that the size of the data packet is less than the size threshold.

Abstract translation: 提供了一种检测逃避攻击的方法和系统。 系统可以包括存储器，用于存储一起构成攻击签名的签名片段，拦截与网络连接相关联的数据分组的拦截器，字符串匹配模块，用于确定数据分组的有效载荷是否包括任何存储的签名 片段，从而识别匹配，响应者执行响应于匹配的预防动作;以及检测器，用于检测数据包的大小小于尺寸阈值。 该系统还可以包括状态机，以响应于检测器确定数据分组的大小小于该大小阈值开始维持网络连接的状态。