-
1.发明授权System and method for reducing false positives during detection of network attacks 有权的系统和方法用于检测网络攻击的过程中减少假阳性结果
公开(公告)号:EP2528005B1
公开(公告)日:2015-06-17
申请号:EP12151223.0
申请日:2012-01-16
申请人: Kaspersky Lab, ZAO
CPC分类号: H04L63/1408 , H04L63/0263 , H04L63/1458 , H04L2463/141
-
2.发明公开System and method for reducing false positives during detection of network attacks 有权的系统和方法用于检测网络攻击的过程中减少假阳性结果
公开(公告)号:EP2528005A1
公开(公告)日:2012-11-28
申请号:EP12151223.0
申请日:2012-01-16
申请人: Kaspersky Lab, ZAO
CPC分类号: H04L63/1408 , H04L63/0263 , H04L63/1458 , H04L2463/141
摘要: Disclosed are systems and methods for reduction of false positives during detection of network attacks on a protected computer. In one example, the system comprises a proxy device configured to redirect and mirror traffic directed to the protected computer; a traffic sensor configured to collect statistical information about the mirrored traffic; a data collector configured to aggregate information collected by the traffic sensor and to generate traffic filtering rules based on the aggregated statistical information; a filtering center configured to, in parallel with collection of statistical information, filter redirected traffic based on the traffic filtering rules provided by the data collector; and a control module configured to collect and store statistical information about known network attacks and to correct traffic filtering rules used by the filtering center for purpose of reducing false positives during detection of network attacks on the protected computer.
摘要翻译: 本发明公开了用于检测的受保护的计算机上的网络攻击时减少误报的系统和方法。 在一个示例中,该系统包括被配置成重定向和针对受保护的计算机镜流量的代理装置; 配置为收集有关镜像流量的统计信息的交通传感器; 配置成由所述交通传感器,并产生基于所聚集的统计交通信息的过滤规则收集聚集体的信息的datacollector; 配置成,在平行的统计信息收集,过滤基于由datacollector提供的流量过滤规则重定向的通信的滤波中心; 和控制模块,用于收集和储存有关已知网络攻击的统计信息,更正通过过滤中心检测的受保护的计算机上的网络攻击过程中减少误报的目的而使用流量过滤规则。
-
搜索结果
2 条记录 (耗时 0.007 秒)
