Unlock instant, AI-driven research and patent intelligence for your innovation.

Attack Detection And Prevention Using Global Device Fingerprinting

A device fingerprint and security device technology, applied in the field of computing systems, can solve the problem that the IP address is not the identity of the attacker

Active Publication Date: 2014-09-17
JUMIPER NETWORKS INC
View PDF4 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, IP addresses are not a reliable way to trace the identity of attackers

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack Detection And Prevention Using Global Device Fingerprinting
  • Attack Detection And Prevention Using Global Device Fingerprinting
  • Attack Detection And Prevention Using Global Device Fingerprinting

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0066] Example 1. A method includes: receiving, by a security device, network traffic from a device directed to one or more computing devices protected by the security device; in response to receiving the network traffic, sending, by the security device to the device, a request for A request for a plurality of data points of the device, wherein the data points include characteristics associated with the device; receiving, by the security device, at least a portion of the requested plurality of data points from the device; receiving, by the security device, the requested The received portion of the plurality of data points is compared with a corresponding set of data points associated with one or more known attacker devices; based on the comparison, determining the number of data points associated with the first known attacker device Whether the first corresponding set satisfies a similarity threshold; and based on the determination, selectively managing additional network traf...

example 2

[0067] Example 2. The method of Example 1, further comprising: prior to sending the request for the plurality of data points, injecting code requesting the plurality of data points into a response received from at least one of the one or more computing devices , wherein the received response is sent by the at least one computing device of the one or more computing devices in response to the network traffic.

example 3

[0068] Example 3. The method of any combination of examples 1-2, further comprising: analyzing the network traffic to extract information related to one or more data points about the device; and extracting, by the security device, information related to the one or more data points The information and the received portion of the requested plurality of data points are used to generate a device fingerprint for the device, wherein the device fingerprint identifies the device.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

This disclosure describes a global attacker database that utilizes device fingerprinting to uniquely identify devices. For example, a device includes one or more processors and network interface cards to receive network traffic directed to one or more computing devices protected by the device, send, to the remote device, a request for data points of the remote device, wherein the data points include characteristics associated with the remote device, and receive at least a portion of the requested data points. The device also includes a fingerprint module to compare the received portion of the data points to sets of data points associated with known attacker devices, and determine, based on the comparison, whether a first set of data points of a first known attacker device satisfies a similarity threshold. The device also includes an security module to selectively manage, based on the determination, additional network traffic directed to the computing devices.

Description

technical field [0001] The present disclosure relates to computing systems, and more particularly to computing system attack detection and prevention. Background technique [0002] The number and sophistication of cyber-attacks is increasing, especially those targeting web applications and servers that run high-value businesses. Insecure applications and servers can result in customer loss, financial loss, reputational damage, and legal conflicts. In an attempt to block a network attack from a group of hackers, for example, a company may identify an Internet Protocol (IP) address associated with the hacker and block any attempt to connect to the company's servers through the identified IP address. However, IP addresses are not a reliable way to trace an attacker's identity. An attacker may use a proxy server, network address translation server, or other mechanism to hide and / or change the IP addresses from which the attacker is attacking the company. Contents of the inve...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1408H04L63/1441H04L63/14H04L2463/146H04L67/02
Inventor D·J·奎因兰K·亚当斯O·伊巴图林Y·T·莫拉莱斯R·W·卡梅伦B·伯恩斯
Owner JUMIPER NETWORKS INC