-
1.发明授权System and method for correlating historical attacks with diverse indicators to generate indicator profiles for detecting and predicting future network attacks 有权将历史攻击与各种指标相关联的系统和方法,以生成用于检测和预测未来网络攻击的指标简档公开(公告)号:US09386030B2
公开(公告)日:2016-07-05
申请号:US14029474
申请日:2013-09-17
发明人: Akshay Vashist , Ritu Chadha , Abhrajit Ghosh , Alexander Poylisher , Yukiko Sawaya , Akira Yamada , Ayumu Kubota
CPC分类号: H04L63/1416 , H04L63/1425 , H04L67/22
摘要: An apparatus and method predict and detect network attacks by using a diverse set of indicators to measure aspects of the traffic and by encoding traffic characteristics using these indicators of potential attacks or anomalous behavior. The set of indicators is analyzed by supervised learning to automatically learn a decision rule which examines the temporal patterns in the coded values of the set of indicators to accurately detect and predict network attacks. The rules automatically evolve in response to new attacks as the system updates its rules periodically by analyzing new data and feedback signals about attacks associated with that data. To assist human operators, the system also provides human interpretable explanations of detection and prediction rules by pointing to indicators whose values contribute to a decision that there is an existing network attack or an imminent network attack. When such indictors are detected, an operator can take remediation actions.
摘要翻译: 一种装置和方法通过使用各种各样的指标来测量和检测网络攻击,以测量流量的各个方面,并通过使用潜在攻击或异常行为的这些指标来编码流量特征。 通过监督学习分析该组指标,以自动学习一个决策规则,该决策规则检查该组指标的编码值中的时间模式,以准确检测和预测网络攻击。 当系统通过分析关于与该数据相关的攻击的新数据和反馈信号来定期更新其规则时,规则将自动演变为响应新的攻击。 为了帮助人类操作人员,系统还通过指向其值有助于确定存在现有网络攻击或即将发生的网络攻击的指标,为检测和预测规则提供人类可解释的解释。 当检测到这些指示时,操作者可以采取补救措施。
-
2.发明授权System and method for real-time reporting of anomalous internet protocol attacks 有权实时报告异常互联网协议攻击的系统和方法公开(公告)号:US09130982B2
公开(公告)日:2015-09-08
申请号:US13916693
申请日:2013-06-13
发明人: Yitzchak Gottlieb , Aditya Naidu , Abhrajit Ghosh , Akira Yamada , Yukiko Sawaya , Ayumu Kubota
CPC分类号: H04L63/1416 , H04L63/1458
摘要: A system and a method for detecting anomalous attacks in Internet network flow operate by counting a number of Internet traffic messages that are detected as anomalous attacks to provide a count; computing a running average of the number of messages that are detected as anomalous attacks; and comparing the count to the running average to provide an anomalous attack alarm if the count is greater than a multiple of the running average. The attacks can include at least one of spoofing attacks or denial of service attacks. A computer readable storage medium stores instructions of a computer program, which when executed by a computer system, results in performance of steps of the method.
摘要翻译: 用于检测因特网网络流量异常攻击的系统和方法通过对被检测为异常攻击的多个因特网流量消息进行计数来提供计数来进行操作; 计算被检测为异常攻击的消息数量的运行平均值; 并且将计数与运行平均值进行比较,以在计数大于运行平均值的倍数时提供异常攻击报警。 这些攻击可以包括至少一种欺骗攻击或拒绝服务攻击。 计算机可读存储介质存储计算机程序的指令,该计算机程序在由计算机系统执行时导致执行该方法的步骤。
-
搜索结果
2 条记录 (耗时 0.015 秒)
