Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2002-01-31
2010-06-22
Barron, Jr., Gilberto (Department: 2432)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
Reexamination Certificate
active
07743415
ABSTRACT:
A system architecture for thwarting denial of service attacks on a victim data center is described. The system includes a first plurality of data monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network. The central controller analyzes network traffic statistics to identify malicious network traffic. In one embodiment, a gateway device is disposed to pass network packets between the network and the victim site. The gateway includes a computing device executing a process to build a histogram for any attribute or function of an attribute of network packets and a process to determine if the values of the attribute exceed normal, threshold values expected for the attribute to indicate an attack on the site.
REFERENCES:
patent: 5796956 (1998-08-01), Jones
patent: 6012152 (2000-01-01), Douik et al.
patent: 6061341 (2000-05-01), Andersson et al.
patent: 6061789 (2000-05-01), Hauser et al.
patent: 6108782 (2000-08-01), Fletcher et al.
patent: 6253321 (2001-06-01), Nikander et al.
patent: 6272537 (2001-08-01), Kekic et al.
patent: 6279113 (2001-08-01), Vaidya
patent: 6301668 (2001-10-01), Gleichauf et al.
patent: 6304262 (2001-10-01), Maloney et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6353385 (2002-03-01), Molini et al.
patent: 6370116 (2002-04-01), Giroux et al.
patent: 6388992 (2002-05-01), Aubert et al.
patent: 6389448 (2002-05-01), Primak et al.
patent: 6442694 (2002-08-01), Bergman et al.
patent: 6535484 (2003-03-01), Hughes et al.
patent: 6597661 (2003-07-01), Bonn
patent: 6597957 (2003-07-01), Beakley
patent: 6606744 (2003-08-01), Mikurak
patent: 6678827 (2004-01-01), Rothermel et al.
patent: 6691213 (2004-02-01), Luu et al.
patent: 6725378 (2004-04-01), Schuba et al.
patent: 6735702 (2004-05-01), Yavatkar et al.
patent: 6738814 (2004-05-01), Cox et al.
patent: 6769066 (2004-07-01), Botros et al.
patent: 6775657 (2004-08-01), Baker
patent: 6779118 (2004-08-01), Ikudome et al.
patent: 6789203 (2004-09-01), Belissent
patent: 6807667 (2004-10-01), Bar et al.
patent: 6816910 (2004-11-01), Ricciulli
patent: 6848005 (2005-01-01), Plevyak et al.
patent: 6856676 (2005-02-01), Pirot et al.
patent: 2002/0031134 (2002-03-01), Poletto et al.
patent: 2002/0035628 (2002-03-01), Gil et al.
patent: 2002/0073337 (2002-06-01), Ioele et al.
patent: 2002/0095492 (2002-07-01), Kaashoek et al.
patent: 2002/0103916 (2002-08-01), Chen et al.
patent: 2002/0107960 (2002-08-01), Wetherall et al.
patent: 2002/0157021 (2002-10-01), Sorkin et al.
patent: 2003/0014665 (2003-01-01), Anderson et al.
Communications News, Jun. 2000, 37, 6, 48.
McFadden, Oct. 25, 2000, Ent, 5, 17, 22.
Greene, Feb. 16, 1998, p. 20.
Johnson, Nov. 27, 2000, Network World.
Martin, Aug. 14, 2000, Network World, p. 86.
Snyder, Jul. 19, 1999, Network World, p. 53.
Mansfield et al., “Towards trapping wily intruders in the large”, RAID 1999, Sep. 99, pp. 1-13.
Stallings, William, “Cryptography and Network Security”,Principles and Practice, 2ndEdition, Intruders and Viruses, Chapter 15, pp. 478-501.
Roesch, Martin, “Snort—Lightweight Intrusion Detection for Networks”, Proceedings of Lisa XIII '99: 13thSystems Administration Conference, Nov. 7-12, 1999, pp. 229-238.
Ohta et al., “Detection, Defense, and Tracking of Internet-Wide Illegal Access in a Distributed Manner”, Internet Society, Jul. 18-21, 2000, Retrieved from the Internet on Oct. 27, 2004: <URL: http://www.isoc.org/inet2000/cdproceedings/lf/lf—2.htm>.
Mell, P. et al., “Mobile Agent Attack Resistant Distributed Hierarchical Intrusion Detection Systems,” RAID 1999, Sep. 99, pp. 1-8.
Messmer, E., “Security needs spawn services—Manged detection services growing in popularity”, Network World, Apr. 00, Retrieved from the Internet on May 8, 2005: <URL: http://www.networkworld.com
ews/2000/0403 intrusion.html>.
Gorelik Andrew
Poletto Massimiliano Antonio
Ratin Andrew
Barron Jr. Gilberto
Park Vaughan & Fleming LLP
Perungavoor Venkat
Riverbed Technology, Inc.
LandOfFree
Denial of service attacks characterization does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Denial of service attacks characterization, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Denial of service attacks characterization will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4224024