Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2011-08-16
2011-08-16
Arani, Taghi T (Department: 2438)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C713S188000, C713S194000
Reexamination Certificate
active
08001601
ABSTRACT:
A multi-staged framework for detecting and diagnosing Denial of Service attacks is disclosed in which a low-cost anomaly detection mechanism is first used to collect coarse data, such as may be obtained from Simple Network Management Protocol (SNMP) data flows. Such data is analyzed to detect volume anomalies that could possibly be indicative of a DDoS attack. If such an anomaly is suspected, incident reports are then generated and used to trigger the collection and analysis of fine grained data, such as that available in Netflow data flows. Both types of collection and analysis are illustratively conducted at edge routers within the service provider network that interface customers and customer networks to the service provider. Once records of the more detailed information have been retrieved, they are examined to determine whether the anomaly represents a distributed denial of service attack, at which point an alarm is generated.
REFERENCES:
patent: 6477669 (2002-11-01), Agarwal et al.
patent: 6499107 (2002-12-01), Gleichauf et al.
patent: 6598034 (2003-07-01), Kloth
patent: 6636512 (2003-10-01), Lorrain et al.
patent: 6654373 (2003-11-01), Maher, III et al.
patent: 6675211 (2004-01-01), Mamaghani et al.
patent: 6687732 (2004-02-01), Bector et al.
patent: 6725378 (2004-04-01), Schuba et al.
patent: 6735219 (2004-05-01), Clauberg
patent: 6735702 (2004-05-01), Yavatkar et al.
patent: 6738814 (2004-05-01), Cox et al.
patent: 6742123 (2004-05-01), Foote
patent: 6751668 (2004-06-01), Lin et al.
patent: 6772334 (2004-08-01), Glawitsch
patent: 6775657 (2004-08-01), Baker
patent: 6789203 (2004-09-01), Belissent
patent: 6801503 (2004-10-01), Wetherall et al.
patent: 6816910 (2004-11-01), Ricciulli
patent: 6901517 (2005-05-01), Redmore
patent: 6904459 (2005-06-01), Alam et al.
patent: 6911827 (2005-06-01), Kantorovich et al.
patent: 6928549 (2005-08-01), Brock et al.
patent: 6944673 (2005-09-01), Malan et al.
patent: 6957258 (2005-10-01), Maher, II et al.
patent: 6965574 (2005-11-01), Cook et al.
patent: 6965922 (2005-11-01), Holland et al.
patent: 7058974 (2006-06-01), Maher, II et al.
patent: 7278159 (2007-10-01), Kaashoek et al.
patent: 7363656 (2008-04-01), Weber et al.
patent: 7506372 (2009-03-01), Mulrane et al.
patent: 2002/0101819 (2002-08-01), Goldstone
patent: 2002/0107953 (2002-08-01), Ontiveros et al.
patent: 2002/0108059 (2002-08-01), Canion et al.
patent: 2002/0131366 (2002-09-01), Sharp et al.
patent: 2002/0133586 (2002-09-01), Shanklin et al.
patent: 2002/0147925 (2002-10-01), Lingafelt et al.
patent: 2002/0169982 (2002-11-01), Brock et al.
patent: 2002/0174220 (2002-11-01), Johnson
patent: 2002/0184362 (2002-12-01), Banerjee et al.
patent: 2003/0009554 (2003-01-01), Burch et al.
patent: 2004/0148520 (2004-07-01), Talpade et al.
patent: 2004/0199793 (2004-10-01), Wilken et al.
patent: 2005/0111367 (2005-05-01), Jonathan Chao et al.
patent: 2006/0272018 (2006-11-01), Fouant
Chen, Yao-Min, et al., “Policy Management for Network-Based Intrusion Detection and Prevention”, Network Operations & Management Symposium, 2004, pp. 219-232.
PCT International Search Report corresponding to PCT Patent Application PCT/US2007/012125 filed May 22, 2007 (4 pages).
PCT Written Opinion of the International Searching Authority corresponding to PCT Patent Application PCT/US2007/012125 filed May 22, 2007 (7 pages).
Duffield Nicholas
Sekar Vyas
Spatscheck Oliver
Van Der Merwe Jacobus
Arani Taghi T
AT&T Intellectual Property II L.P.
Victoria Narciso
LandOfFree
Method and apparatus for large-scale automated distributed... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for large-scale automated distributed..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for large-scale automated distributed... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2663613