Invention Grant
US07957372B2 Automatically detecting distributed port scans in computer networks
失效
自动检测计算机网络中的分布式端口扫描
- Patent Title: Automatically detecting distributed port scans in computer networks
- Patent Title (中): 自动检测计算机网络中的分布式端口扫描
-
Application No.: US10896733Application Date: 2004-07-22
-
Publication No.: US07957372B2Publication Date: 2011-06-07
- Inventor: Alan David Boulanger , Robert William Danford , Kevin David Himberger , Clark Debs Jeffries
- Applicant: Alan David Boulanger , Robert William Danford , Kevin David Himberger , Clark Debs Jeffries
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Agency: Dillon & Yudell LLP
- Main IPC: H04L12/28
- IPC: H04L12/28 ; G06F9/00 ; G06F11/00
Abstract:
A detection and response system including a set of algorithms for detecting within a stream of normal computer traffic a subset of (should focus on network traffic eliciting a response) TCP or UDP packets with one IP Source Address (SA) value, one or a few Destination Address (DA) values, and a number exceeding a threshold of distinct Destination Port (DP) values. A lookup mechanism such as a Direct Table and Patricia search tree record and trace sets of packets with one SA and one DA as well as the set of DP values observed for the given SA, DA combination. The detection and response system reports the existence of such a subset and the header values including SA, DA, and multiple DPs of the subset. The detection and response system also includes various administrative responses to reports.
Public/Granted literature
- US20060018262A1 Method, system and program for automatically detecting distributed port scans in computer networks Public/Granted day:2006-01-26
Information query
