公开(公告)号：US07464404B2

公开(公告)日：2008-12-09

申请号：US11283380

申请日：2005-11-17

申请人： Brian Edward Carpenter ,  Kevin David Himberger ,  Clark Debs Jeffries ,  Mohammad Peyravian

发明人： Brian Edward Carpenter ,  Kevin David Himberger ,  Clark Debs Jeffries ,  Mohammad Peyravian

IPC分类号： G06F9/00 ,  G06F11/00 ,  G06F15/173 ,  G06F15/16

CPC分类号： H04L63/1458 ,  G06F21/00 ,  G06F21/552 ,  H04L69/22

摘要： A method of progressive response for invoking and suspending blocking measures that defend against network anomalies such as malicious network traffic so that false positives and false negatives are minimized. When a truncated secure session attack is detected, the detector notifies protective equipment such as a firewall or a router to invoke a blocking measure. The blocking measure is maintained for an initial duration, after which it is suspended while another test for the anomaly is made. If the attack is no longer evident, the method returns to the state of readiness. Otherwise, a loop is executed to re-applying the blocking measure for a specified duration, then suspend the blocking measure and test again for the attack. If the attack is detected, the blocking measure is re-applied, and its duration is adapted. If the attack is no longer detected, the method returns to the state of readiness.

摘要翻译： 一种逐步响应的方法，用于调用和中止阻止网络异常（如恶意网络流量）的阻塞措施，从而最大限度地减少误报和假阴性。 当检测到截断的安全会话攻击时，检测器通知防火墙或路由器等防护设备调用阻塞措施。 阻塞措施保持初始持续时间，之后暂停，并进行另一次异常测试。 如果攻击不再明显，则该方法返回到准备状态。 否则，执行一个循环以在指定的持续时间内重新应用阻塞度量，然后暂停阻止措施并再次测试攻击。 如果检测到攻击，则重新应用阻塞措施，并适应其持续时间。 如果不再检测到攻击，该方法返回到准备状态。