发明授权
- 专利标题: Identifying source of malicious network messages
- 专利标题(中): 识别恶意网络消息的来源
-
申请号: US11221619申请日: 2005-09-08
-
公开(公告)号: US09191396B2公开(公告)日: 2015-11-17
- 发明人: Richard E. Nesbitt , Brian M. O'Connell , Herbert D. Pearthree , Kevin E. Vaughan
- 申请人: Richard E. Nesbitt , Brian M. O'Connell , Herbert D. Pearthree , Kevin E. Vaughan
- 申请人地址: US NY Armonk
- 专利权人: International Business Machines Corporation
- 当前专利权人: International Business Machines Corporation
- 当前专利权人地址: US NY Armonk
- 代理机构: Yee & Associates, P.C.
- 代理商 Lisa J. Ulrich
- 主分类号: H04L29/06
- IPC分类号: H04L29/06
摘要:
System, method and program for identifying a subset of a multiplicity of source networks. The subset including one or more source networks which have sent messages to one of a plurality of destination locations having a same IP address. For each of the multiplicity of source networks, a determination is made whether there are fewer intervening hops from the source network to the one destination location than from the source network to other of the plurality of destination locations. If so, the source network is included in the subset. If not, the source network is not included in the subset. One application of the present invention is to identify a source of a denial of service attack. After the subset is identified, filters can be sequentially applied to block messages from respective source networks in the subset to determine which source network in the subset is sending the messages.