-
公开(公告)号:US10999323B2
公开(公告)日:2021-05-04
申请号:US16101834
申请日:2018-08-13
Applicant: NEC Laboratories America, Inc.
Inventor: Cristian Lumezanu , Nipun Arora , Haifeng Chen , Bo Zong , Daeki Cho , Mingda Li
IPC: G06F21/00 , H04L29/06 , H04L12/733 , H04L12/26 , H04L12/741 , G06N20/00 , H04L12/751 , H04L12/893 , G06K9/62 , G06N3/08
Abstract: Endpoint security systems and methods include a distance estimation module configured to calculate a travel distance between a source Internet Protocol (IP) address and an IP address for a target network endpoint system from a received packet received by a network gateway system based on time-to-live (TTL) information from the received packet. A machine learning model is configured to estimate an expected travel distance between the source IP address and the target network endpoint system IP address based on a sparse set of known source/target distances. A spoof detection module is configured to determine that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security module is configured to perform a security action at the network gateway system responsive to the determination that the received packet has a spoofed source IP address.
-
Patent Agency Ranking
公开(公告)号:US20190098049A1
公开(公告)日:2019-03-28
申请号:US16101815
申请日:2018-08-13
Applicant: NEC Laboratories America, Inc.
Inventor: Cristian Lumezanu , Nipun Arora , Haifeng Chen , Bo Zong , Daeki Cho , Mingda Li
IPC: H04L29/06 , H04L12/733 , H04L12/751 , H04L12/893
Abstract: Endpoint security systems and methods include a distance estimation module configured to calculate a travel distance between a source Internet Protocol (IP) address and an IP address for a target network endpoint system from a received packet received by the target network endpoint system based on time-to-live (TTL) information from the received packet. A machine learning model is configured to estimate an expected travel distance between the source IP address and the target network endpoint system IP address based on a sparse set of known source/target distances. A spoof detection module is configured to determine that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security module is configured to perform a security action at the target network endpoint system responsive to the determination that the received packet has a spoofed source IP address.
-
公开(公告)号:US10911488B2
公开(公告)日:2021-02-02
申请号:US16101794
申请日:2018-08-13
Applicant: NEC Laboratories America, Inc.
Inventor: Cristian Lumezanu , Nipun Arora , Haifeng Chen , Bo Zong , Daeki Cho , Mingda Li
IPC: G06F11/00 , H04L29/06 , H04L12/733 , H04L12/26 , H04L12/741 , G06N20/00 , H04L12/751 , H04L12/893 , G06K9/62 , G06N3/08
Abstract: Methods and systems for mitigating a spoofing-based attack include calculating a travel distance between a source Internet Protocol (IP) address and a target IP address from a received packet based on time-to-live information from the received packet. An expected travel distance between the source IP address and the target IP address is estimated based on a sparse set of known source/target distances. It is determined that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security action is performed responsive to the determination that the received packet has a spoofed source IP address.
-
公开(公告)号:US20190098048A1
公开(公告)日:2019-03-28
申请号:US16101794
申请日:2018-08-13
Applicant: NEC Laboratories America, Inc.
Inventor: Cristian Lumezanu , Nipun Arora , Haifeng Chen , Bo Zong , Daeki Cho , Mingda Li
IPC: H04L29/06 , H04L12/733 , H04L12/741 , H04L12/26 , G06N3/08 , G06K9/62
Abstract: Methods and systems for mitigating a spoofing-based attack include calculating a travel distance between a source Internet Protocol (IP) address and a target IP address from a received packet based on time-to-live information from the received packet. An expected travel distance between the source IP address and the target IP address is estimated based on a sparse set of known source/target distances. It is determined that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security action is performed responsive to the determination that the received packet has a spoofed source IP address.
-
公开(公告)号:US10887344B2
公开(公告)日:2021-01-05
申请号:US16101815
申请日:2018-08-13
Applicant: NEC Laboratories America, Inc.
Inventor: Cristian Lumezanu , Nipun Arora , Haifeng Chen , Bo Zong , Daeki Cho , Mingda Li
IPC: H04L29/00 , H04L29/06 , H04L12/733 , H04L12/26 , H04L12/741 , G06N20/00 , H04L12/751 , H04L12/893 , G06K9/62 , G06N3/08
Abstract: Endpoint security systems and methods include a distance estimation module configured to calculate a travel distance between a source Internet Protocol (IP) address and an IP address for a target network endpoint system from a received packet received by the target network endpoint system based on time-to-live (TTL) information from the received packet. A machine learning model is configured to estimate an expected travel distance between the source IP address and the target network endpoint system IP address based on a sparse set of known source/target distances. A spoof detection module is configured to determine that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security module is configured to perform a security action at the target network endpoint system responsive to the determination that the received packet has a spoofed source IP address.
-
公开(公告)号:US20190098050A1
公开(公告)日:2019-03-28
申请号:US16101834
申请日:2018-08-13
Applicant: NEC Laboratories America, Inc.
Inventor: Cristian Lumezanu , Nipun Arora , Haifeng Chen , Bo Zong , Daeki Cho , Mingda Li
IPC: H04L29/06 , H04L12/733 , H04L12/741 , H04L12/26 , G06F15/18
Abstract: Endpoint security systems and methods include a distance estimation module configured to calculate a travel distance between a source Internet Protocol (IP) address and an IP address for a target network endpoint system from a received packet received by a network gateway system based on time-to-live (TTL) information from the received packet. A machine learning model is configured to estimate an expected travel distance between the source IP address and the target network endpoint system IP address based on a sparse set of known source/target distances. A spoof detection module is configured to determine that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security module is configured to perform a security action at the network gateway system responsive to the determination that the received packet has a spoofed source IP address.
-
-
-
-
-
Search Results
6
records
(took 0.015 seconds)
