首页>
外国专利>
Detecting malicious attacks using network behavior and header analysis
Detecting malicious attacks using network behavior and header analysis
展开▼
机译:使用网络行为和标头分析检测恶意攻击
展开▼
页面导航
摘要
著录项
相似文献
摘要
A method and apparatus for detecting malicious attacks is described. The method may comprise obtaining routing information from a packet communicated via a network and maintaining a count of packets associated with a device associated with the routing information. For example, the routing information may a source or destination IP address, a port number, or any other routing information. The device may be classified as a potentially malicious device when the count exceeds a threshold. The count may be incremented when the TCP SYN flag is set and the TCP ACK flag is not set. An embodiment comprises obtaining a source hash of the source IP address and a destination hash of the destination IP address. Thereafter, the source hash and the destination hash may be mapped to multi stage filters. The device associated with the packet may then be selectively categorizing as a suspicious device.
展开▼