公开(公告)号：US20180159878A1

公开(公告)日：2018-06-07

申请号：US15372235

申请日：2016-12-07

Applicant: Institute For Information Industry

Inventor： Chia-Min LAI ,  Ching-Hao MAO ,  Chih-Hung HSIEH ,  Te-EN WEI ,  Chi-Ping LAI

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F21/55 ,  G06F2221/2135 ,  H04L63/1408 ,  H04L63/1433 ,  H04L63/1441

Abstract: An attacking node detection apparatus, method, and computer program product thereof are provided. The attacking node detection apparatus is stored with a plurality of access records of an application, wherein each access record includes a network address of a host and an access content. The attacking node detection apparatus filters the access records into a plurality of filtered access records according to a predetermined rule so that the access content of each filtered access record conforms to the predetermined rule. The attacking node detection apparatus creates at least one access relation of each of the network addresses according to the filtered access records, wherein each access relation is defined by one of the network addresses and one of the access contents. The attacking node detection apparatus identifies a specific network address as an attacking node according to the access relations.

公开(公告)号：US20180159868A1

公开(公告)日：2018-06-07

申请号：US15372294

申请日：2016-12-07

Applicant: Institute For Information Industry

Inventor： Chia-Min LAI ,  Ching-Hao MAO ,  Chih-Hung HSIEH ,  Te-EN WEI ,  Chi-Ping LAI

IPC: H04L29/06 ,  H04L9/32

Abstract: A network attack pattern determination apparatus, method, and non-transitory computer readable storage medium thereof are provided. The apparatus is stored with several attack patterns and access records. Each access record includes a network address, time stamp, and access content. Each attack pattern corresponds to at least one attack access relation. Each attack access relation is defined by a network address and access content. The apparatus retrieves several attack records according to at least one attack address. The network address of each attack record is one of the attack address(s). The apparatus divides the attack records into several groups according to the time stamps and performs the following operations for each group: (a) creating at least one access relation for each attack address included in the group and (b) determining that the group corresponds to one of the attack patterns according to the at least one access relation of the group.