Method and network device for detecting malicious network software agents

A technology of network equipment and automatic software agent, applied in the field of computer network, which can solve the problem of inability to detect or respond to software agent

Active Publication Date: 2015-11-25
JUMIPER NETWORKS INC
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Traditional IDS devices cannot detect or react to software agents that implement these application layer attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and network device for detecting malicious network software agents
  • Method and network device for detecting malicious network software agents
  • Method and network device for detecting malicious network software agents

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] figure 1 is a block diagram illustrating an exemplary enterprise computer network 4 in which an intrusion detection and prevention (IDP) device 10 may attempt to detect an Malicious web sessions. References to "bots" in this disclosure should generally be understood to refer to automated software agents that may perform malicious or otherwise undesirable actions. Although the present disclosure primarily relates to an IDP device, an Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) may employ similar techniques. exist figure 1 In the example, IDP10 is a single network device. For example, firewall 9, switch 19, security management device 18, IDP 14 or any one of nodes 8A-8N, or other devices such as routers, virtual private network (VPN) devices or gateways, can realize the Described function.

[0022] Network 4 includes a private enterprise computing network 5 coupled to a public network 6, such as the Internet. Public network 6 may include, f...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

This disclosure describes techniques for determining whether a network session originates from an automated software agent. In one example, a network device, such as a router, includes a network interface to receive packets of a network session, a bot detection module to calculate a plurality of scores for network session data based on a plurality of metrics, wherein each of the metrics corresponds to a characteristic of a network session originated by an automated software agent, to produce an aggregate score from an aggregate of the plurality of scores, and to determine that the network session is originated by an automated software agent when the aggregate score exceeds a threshold, and an attack detection module to perform a programmed response when the network session is determined to be originated by an automated software agent. Each score represents a likelihood that the network session is originated by an automated software agent.

Description

technical field [0001] The present invention relates to computer networks and, more particularly, to the detection of attacks in computer networks. Background technique [0002] A computer network typically includes a collection of interconnected computing devices that exchange data and share resources. These devices may include, for example, web servers, database servers, file servers, routers, printers, end-user computers, and other devices. Various devices can implement a large number of different services and communication protocols. Each of the different services and communication protocols exposes the network to different security vulnerabilities. [0003] Traditional techniques for detecting cyber attacks use pattern matching. Specifically, an intrusion detection system ("IDS (intrusion detection system)") applies regular expressions or substring matching to detect prescribed patterns in data streams. Several modes can be used to try to improve the accuracy of att...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/26H04L29/06H04L29/08
CPCH04L63/1441H04L63/14H04L63/1416H04L2463/144
Inventor 布赖恩·伯恩斯克里希纳·纳拉亚纳斯瓦米
Owner JUMIPER NETWORKS INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap