公开(公告)号：US20220131833A1

公开(公告)日：2022-04-28

申请号：US17102209

申请日：2020-11-23

Applicant: Institute For Information Industry

Inventor： Yu-Ting TSOU ,  Ding-Jie HUANG ,  Chih-Ta LIN ,  Ming-Hsuan YANG ,  Mei-Lin LI ,  Saranchon LAMMONGKOL ,  Chin-Fang MAO

IPC: H04L29/06 ,  H04L12/26

Abstract: An abnormal packet detection apparatus and method are provided. The abnormal packet detection apparatus stores a whitelist corresponding to a protocol port, wherein the whitelist includes at least one legal packet record. Each legal packet record includes a legal packet length, a legal source address, and a legal variation position set, and corresponds to a reference packet. The abnormal packet detection apparatus determines that a current packet length and a current source address of a to-be-analyzed packet are respectively the same as the legal packet length and the legal source address of a reference packet record among the at least one legal packet record, determines a current variation position of the to-be-analyzed packet by comparing the to-be-analyzed packet with the reference packet corresponding to the reference packet record, and generates a detection result by comparing the current variation position with the legal variation position set of the reference packet record.