公开(公告)号：US09537875B2

公开(公告)日：2017-01-03

申请号：US14194483

申请日：2014-02-28

Applicant: Metaswitch Networks Ltd

Inventor： David Hammond

IPC: H04L29/06

CPC classification number: H04L63/14 ,  H04L63/1425 ,  H04L63/1458

Abstract: At least some incoming traffic is distributed into a first set of traffic groups according to a first grouping scheme. Communication activity from a potentially malicious source may be grouped in a given traffic group in which communication activity from an acceptable source is also grouped. Potentially malicious communication activity is detected in the given traffic group. Traffic in the given traffic group is processed using a first traffic processing mode associated with potentially malicious communication activity, in which at least some traffic that is distributed into the given traffic group is discarded. In response to a dynamic trigger the grouping scheme is altered to one or more further grouping schemes in order that the communication activity from the acceptable source is likely to be subsequently grouped into a traffic group which is different to a group into which the communication activity from the potentially malicious source is subsequently grouped.

Abstract translation: 根据第一分组方案，至少一些传入流量被分配到第一组流量组中。 来自潜在恶意源的通信活动可以分组在给定的业务组中，其中来自可接受源的通信活动也被分组。 在给定的流量组中检测到潜在的恶意通信活动。 使用与潜在恶意通信活动相关联的第一业务处理模式来处理给定业务组中的业务，其中分配给给定业务组的至少一些业务被丢弃。 响应于动态触发，分组方案被改变为一个或多个进一步的分组方案，以便来自可接受的源的通信活动可能随后被分组成与从其中的通信活动的组中不同的业务组 潜在的恶意来源随后被分组。