公开(公告)号：US20170041334A1

公开(公告)日：2017-02-09

申请号：US15299991

申请日：2016-10-21

Applicant: Juniper Networks, Inc.

Inventor： Clifford E. KAHN ,  Stephen R. Hanna

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/0227 ,  H04L63/1433

Abstract: A device may receive information that identifies an attack signature for detecting an intrusion. The device may determine a device configuration that is vulnerable to the intrusion, may determine an endpoint device associated with the device configuration, and may determine a time period during which the endpoint device was associated with the device configuration. The device may determine an endpoint identifier associated with the endpoint device during the time period, and may identify network traffic information associated with the endpoint identifier during the time period. The device may apply the attack signature to the network traffic information, and may determine whether the endpoint device was subjected to the intrusion during the time period based on applying the attack signature to the network traffic information. The device may selectively perform an action based on determining whether the endpoint device was subjected to the intrusion.

Abstract translation: 设备可以接收识别用于检测入侵的攻击签名的信息。 设备可以确定易受入侵的设备配置，可以确定与设备配置相关联的端点设备，并且可以确定端点设备与设备配置相关联的时间段。 该装置可以在该时间段期间确定与该端点装置相关联的端点标识符，并且可以在该时间段期间识别与该端点标识符相关联的网络业务信息。 该设备可以将攻击签名应用于网络流量信息，并且可以基于将攻击签名应用于网络交通信息来确定端点设备在该时间段内是否遭受入侵。 设备可以基于确定端点设备是否遭受入侵来选择性地执行动作。