DETECTING VOLUMETRIC ATTACKS

DETECTING VOLUMETRIC ATTACKS

Detecting a volumetric attack on a computer network with fewer false positives and while also requiring fewer processing resources is provided. The systems and methods described herein use observations taken at the network level to observe network traffic to form a predictive model for future traffi...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: YANOVSKY OLEG, SHTEINGART HANAN, RONEN ROYI, GABAEV YURI, NAHUM SHAI BARUCH, NEUVIRTH-TELEM HANI, KORSUNSKY VLAD, TELLER TOMER
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Detecting a volumetric attack on a computer network with fewer false positives and while also requiring fewer processing resources is provided. The systems and methods described herein use observations taken at the network level to observe network traffic to form a predictive model for future traffic. When the network's future traffic sufficiently exceeds the predictive model, the monitoring systems and methods will indicate to the network to take security measures. The traffic to the network may be observed in subsets, corresponding to various groupings of sources, destinations, and protocolsso that security measures may be targeted to that subset without affecting other machines in the network. 提供了在较少的错误肯定且同时还要求较少的处理资源的情况下检测计算机网络上的容量耗尽攻击。在此所描述的系统和方法使用在网络层处取得的观察以观察网络业务以形成用于未来业务的预测模型。当网络的未来业务足够超过预测模型时,监视系统和方法将指示网络以采取安全措施。可以在对应于源、目的地和协议的各分组的子集中观察网络的业务,使得安全措施可以在不影响网络中的其他机器的情况下针对该子集。