公开(公告)号：US20070245417A1

公开(公告)日：2007-10-18

申请号：US11279979

申请日：2006-04-17

申请人： Hojae Lee ,  Indra Harijono ,  Prudhvi Nooney ,  Uooyeol Yoon

发明人： Hojae Lee ,  Indra Harijono ,  Prudhvi Nooney ,  Uooyeol Yoon

IPC分类号： G06F12/14

CPC分类号： H04L63/1458

摘要： A malicious attack detection system and associated method of use is disclosed. This includes receiving and parsing a header frame of a data packet into header information and internet protocol (“IP” or “TCP/IP”) addresses, checking the header information for a potential malicious attack condition and if present then a constraint filter result is generated, comparing the internet protocol (“IP”) addresses to determine if an internet protocol (“IP”) address had been previously received, determining if an internet protocol (“IP”) address had been previously received, determining the number of constraint filter results to determine if an incremented count is above a predetermined threshold during a predetermined threshold time period, and dropping at least one data packet based on a determination. Preferably, but not necessarily, the process is carried out at wire-speed meaning when a new data packet arrives, all processing above is complete with regard to the previous data packet.

摘要翻译： 公开了一种恶意攻击检测系统及其相关使用方法。 这包括将数据分组的报头帧接收和解析为报头信息和因特网协议（“IP”或“TCP / IP”）地址，检查报头信息是否存在潜在的恶意攻击条件，如果存在，则约束过滤结果为 生成，比较互联网协议（“IP”）地址以确定是否先前已经接收到因特网协议（“IP”）地址，确定是否先前已经接收到因特网协议（“IP”）地址，确定约束的数量 滤波器结果以在预定阈值时间段内确定递增计数是否高于预定阈值，并且基于确定丢弃至少一个数据分组。 优选但不是必须的，当新的数据分组到达时，该进程以线速表示进行，上述所有处理关于先前的数据分组是完整的。