公开(公告)号：US10735379B2

公开(公告)日：2020-08-04

申请号：US16111141

申请日：2018-08-23

Applicant: Microsoft Technology Licensing, LLC

Inventor： Navendu Jain ,  Ang Chen

IPC: H04L9/00 ,  H04L29/06

Abstract: Embodiments relate to detecting and mitigating network intrusions. Packets are inspected at their source/destination hosts to identify packet trends local to the hosts. The local packet trends are combined to identify network-wide packet trends. The network-wide packet trends are used to detect anomalies or attacks, which in turn informs mitigation actions. The local inspection may be performed by reconfigurable/reprogrammable “smart” network interfaces (NICs) at each of the hosts. Local inspection involves identifying potentially suspect packet features based on statistical prevalence of recurring commonalities among the packets; pre-defined threat patterns are not required. For network-wide coherence, each host/NIC uses the same packet-identifying and occurrence-measuring algorithms. An overlay or control server collects and combines the local occurrence-measures to derive the network-wide occurrence-measures. The network-wide occurrences can be used to automatically detect and mitigate completely new types of attack packets.

公开(公告)号：US20170250953A1

公开(公告)日：2017-08-31

申请号：US15054671

申请日：2016-02-26

Applicant: Microsoft Technology Licensing, LLC

Inventor： Navendu Jain ,  Ang Chen

IPC: H04L29/06

CPC classification number: H04L63/0254 ,  G06F21/55 ,  G06F21/552 ,  G06F21/56 ,  G06F21/577 ,  H04L63/0218 ,  H04L63/0227 ,  H04L63/08 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/20

Abstract: Embodiments relate to detecting and mitigating network intrusions. Packets are inspected at their source/destination hosts to identify packet trends local to the hosts. The local packet trends are combined to identify network-wide packet trends. The network-wide packet trends are used to detect anomalies or attacks, which in turn informs mitigation actions. The local inspection may be performed by reconfigurable/reprogrammable “smart” network interfaces (NICs) at each of the hosts. Local inspection involves identifying potentially suspect packet features based on statistical prevalence of recurring commonalities among the packets; pre-defined threat patterns are not required. For network-wide coherence, each host/NIC uses the same packet-identifying and occurrence-measuring algorithms. An overlay or control server collects and combines the local occurrence-measures to derive the network-wide occurrence-measures. The network-wide occurrences can be used to automatically detect and mitigate completely new types of attack packets.

公开(公告)号：US10608992B2

公开(公告)日：2020-03-31

申请号：US15054671

申请日：2016-02-26

Applicant: Microsoft Technology Licensing, LLC

Inventor： Navendu Jain ,  Ang Chen

IPC: H04L29/06 ,  G06F21/56 ,  G06F21/57 ,  G06F21/55

Abstract: Embodiments relate to detecting and mitigating network intrusions. Packets are inspected at their source/destination hosts to identify packet trends local to the hosts. The local packet trends are combined to identify network-wide packet trends. The network-wide packet trends are used to detect anomalies or attacks, which in turn informs mitigation actions. The local inspection may be performed by reconfigurable/reprogrammable “smart” network interfaces (NICs) at each of the hosts. Local inspection involves identifying potentially suspect packet features based on statistical prevalence of recurring commonalities among the packets; pre-defined threat patterns are not required. For network-wide coherence, each host/NIC uses the same packet-identifying and occurrence-measuring algorithms. An overlay or control server collects and combines the local occurrence-measures to derive the network-wide occurrence-measures. The network-wide occurrences can be used to automatically detect and mitigate completely new types of attack packets.

公开(公告)号：US20190014084A1

公开(公告)日：2019-01-10

申请号：US16111141

申请日：2018-08-23

Applicant: Microsoft Technology Licensing, LLC

Inventor： Navendu Jain ,  Ang Chen

IPC: H04L29/06

CPC classification number: H04L63/0254 ,  H04L63/1416 ,  H04L63/1441

Abstract: Embodiments relate to detecting and mitigating network intrusions. Packets are inspected at their source/destination hosts to identify packet trends local to the hosts. The local packet trends are combined to identify network-wide packet trends. The network-wide packet trends are used to detect anomalies or attacks, which in turn informs mitigation actions. The local inspection may be performed by reconfigurable/reprogrammable “smart” network interfaces (NICs) at each of the hosts. Local inspection involves identifying potentially suspect packet features based on statistical prevalence of recurring commonalities among the packets; pre-defined threat patterns are not required. For network-wide coherence, each host/NIC uses the same packet-identifying and occurrence-measuring algorithms. An overlay or control server collects and combines the local occurrence-measures to derive the network-wide occurrence-measures. The network-wide occurrences can be used to automatically detect and mitigate completely new types of attack packets.

公开(公告)号：US10084752B2

公开(公告)日：2018-09-25

申请号：US15054692

申请日：2016-02-26

Applicant: Microsoft Technology Licensing, LLC

Inventor： Navendu Jain ,  Ang Chen

IPC: H04L29/06

CPC classification number: H04L63/0254 ,  H04L63/1416 ,  H04L63/1441

Abstract: Embodiments relate to detecting and mitigating network intrusions. Packets are inspected at their source/destination hosts to identify packet trends local to the hosts. The local packet trends are combined to identify network-wide packet trends. The network-wide packet trends are used to detect anomalies or attacks, which in turn informs mitigation actions. The local inspection may be performed by reconfigurable/reprogrammable “smart” network interfaces (NICs) at each of the hosts. Local inspection involves identifying potentially suspect packet features based on statistical prevalence of recurring commonalities among the packets; pre-defined threat patterns are not required. For network-wide coherence, each host/NIC uses the same packet-identifying and occurrence-measuring algorithms. An overlay or control server collects and combines the local occurrence-measures to derive the network-wide occurrence-measures. The network-wide occurrences can be used to automatically detect and mitigate completely new types of attack packets.

公开(公告)号：US20170250954A1

公开(公告)日：2017-08-31

申请号：US15054692

申请日：2016-02-26

Applicant: Microsoft Technology Licensing, LLC

Inventor： Navendu Jain ,  Ang Chen

IPC: H04L29/06

CPC classification number: H04L63/0254 ,  H04L63/1416 ,  H04L63/1441

Abstract: Embodiments relate to detecting and mitigating network intrusions. Packets are inspected at their source/destination hosts to identify packet trends local to the hosts. The local packet trends are combined to identify network-wide packet trends. The network-wide packet trends are used to detect anomalies or attacks, which in turn informs mitigation actions. The local inspection may be performed by reconfigurable/reprogrammable “smart” network interfaces (NICs) at each of the hosts. Local inspection involves identifying potentially suspect packet features based on statistical prevalence of recurring commonalities among the packets; pre-defined threat patterns are not required. For network-wide coherence, each host/NIC uses the same packet-identifying and occurrence-measuring algorithms. An overlay or control server collects and combines the local occurrence-measures to derive the network-wide occurrence-measures. The network-wide occurrences can be used to automatically detect and mitigate completely new types of attack packets.