Attack defending system and attack defending method

a technology of attack defense and system, applied in the field of security countermeasure technique in the computer network, can solve the problems of ineffective detection or defense of attacks, loss of network speed, and problems beyond conventional techniques, and achieve the effect of effective defens

What is AI technical title?
AI technical title is built by PatSnap AI team. It summarizes the technical point description of the patent document.
a technology of attack defense and system, applied in the field of security countermeasure technique in the computer network, can solve the problems of ineffective detection or defense of attacks, loss of network speed, and problems beyond conventional techniques, and achieve the effect of effective defens

US20080172739A1Inactive Publication Date: 2008-07-17NEC CORP

3 Cites 49 Cited by

Image

Smart Image Click on the blue labels to locate them in the text.

Viewing Examples

Smart Image

Examples

Experimental program

Comparison scheme

Effect test

first embodiment

[0104]1.1) Structure

[0105]Referring to FIG. 2, the firewall unit 1 is connected with the Internet 3 through an external communication interface 100 and is connected with the internal network 4 through a first internal communication interface 104.

[0106]A packet filter 101 is connected between the external communication interface 100 and a guiding section 103, and executes packet filtering according to access control rules obtained from an access control list management section 102. As described later, the packet filter 101 transfers an IP packet received from one of the external communication interface 100 and the guiding section 103 to the other, or discards the received packet without transferring it.

[0107]A packet accepted by the packet filter 101 is sent to the guiding section 103. The guiding section 103 refers to a guiding list (FIG. 5), which will be described later, to guide the IP packet received from the packet filter 101 to either of the first internal communication interf...

second embodiment

[0159]2.1) Structure

[0160]Referring to FIG. 15, a firewall unit 5 according to a second embodiment of the present invention is provided with a confidence management section 502 added to the firewall unit 1 of the first embodiment as shown in FIG. 2, and is further provided with a guiding section 501 instead of the guiding section 103. The guiding section 501 is capable of determining a packet forwarding direction depending on a confidence level. Hereinafter, blocks similar to those previously described with reference to FIG. 2 are denoted by the same reference numerals and detailed descriptions on them will be omitted.

[0161]In FIG. 15, when having received a packet, the guiding section 501 outputs the source IP address of the received IP packet to the confidence management section 502 and obtains a corresponding confidence level. When having received the confidence level, the guiding section 501 compares the confidence level with a predetermined threshold value and, depending on its...

third embodiment

[0188]FIG. 22 shows a firewall unit of an attack defending system according to a third embodiment of the invention and FIG. 23 shows an example of the firewall unit. A firewall unit 6 in the third embodiment has the guiding section 501 and the confidence management section 502 which are connected as shown in FIG. 15 in addition to the guiding section 103 in the firewall unit 1 as shown in FIG. 2.

[0189]More specifically, as shown in FIG. 23, a second guiding section 501 may be provided as a subsequent stage of a first guiding section 103. To the contrary, the second guiding section 501 may be provided as a previous stage of the first guiding section 103.

[0190]In either of these structures, effective protection can be achieved against worm-like attacks carried out by randomly selecting IP addresses and active targeting attacks. Furthermore, even when a host is infected with a worm after the host has been trusted by the second guiding section 501, the decoy unit 2 can inspect whether a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine

Login to View More

PUM

Login to View More

Abstract

An attack defending system allows effective defense against attacks from external networks even when a communication system uses a communication path encryption technique such as SSL. A firewall device and a decoy device are provided. The firewall device refers to the header of an input IP packet and, when it is determined that the input IP packet is suspicious, it is guided into the decoy device. The decoy device monitors a process providing a service to detect the presence or absence of attacks. When an attack has been detected, an alert including the attack-source IP address is sent to the firewall device so as to reject subsequent packets from attack source.

Description

BACKGROUND OF THE INVENTION[0001]1. Field of the Invention[0002]The present invention relates generally to a security countermeasure technique in a computer network, and more particularly to a system and a method allowing protection of resources on an internal network against attacks from external networks.[0003]2. Description of the Related Art[0004]As defense techniques against attacks from external networks, the following approaches have been proposed: (1) firewall; (2) intrusion detection system; and (3) decoy (or honeypot) system.[0005]An example of the firewall is disclosed in Japanese Patent Application Unexamined Pub. No. H8-44642 (hereafter referred to as Patent Document 1). According to the Patent Document 1, a firewall is installed at an interface between an external IP network and an internal Ethernet. The firewall determines whether a packet to be inspected should pass through from the external network to the internal network. Specifically, the firewall is provided with...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine

Login to View More

Application Information

Patent Timeline

17 Jul 2008

Publication

US20080172739A1

IPC: G06F21/00; G06F13/00; H04L12/66; H04L29/06

CPC: H04L63/0227; H04L63/0263; H04L63/20; H04L63/1408; H04L63/1491; H04L63/101

Inventors: NAKAE, MASAYUKI; YAMAGATA, MASAYA