System and method for reducing false positives during detection of network attacks

摘要

Disclosed are systems and methods for reduction of false positives during detection of network attacks on a protected computer. In one example, the system comprises a proxy device configured to redirect and mirror traffic directed to the protected computer; a traffic sensor configured to collect statistical information about the mirrored traffic; a data collector configured to aggregate information collected by the traffic sensor and to generate traffic filtering rules based on the aggregated statistical information; a filtering center configured to, in parallel with collection of statistical information, filter redirected traffic based on the traffic filtering rules provided by the data collector; and a control module configured to collect and store statistical information about known network attacks and to correct traffic filtering rules used by the filtering center for purpose of reducing false positives during detection of network attacks on the protected computer.