DK3654606T3 - Fremgangsmåde og datapakkerensningssystem til screening af datapakker modtaget ved en serviceinfrastruktur - Google Patents
Fremgangsmåde og datapakkerensningssystem til screening af datapakker modtaget ved en serviceinfrastruktur Download PDFInfo
- Publication number
- DK3654606T3 DK3654606T3 DK18315043.2T DK18315043T DK3654606T3 DK 3654606 T3 DK3654606 T3 DK 3654606T3 DK 18315043 T DK18315043 T DK 18315043T DK 3654606 T3 DK3654606 T3 DK 3654606T3
- Authority
- DK
- Denmark
- Prior art keywords
- cleaning system
- service infrastructure
- data
- packages received
- pack cleaning
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/16—Threshold monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/70—Routing based on monitoring results
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/32—Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/141—Denial of service attacks against endpoints in a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/164—Implementing security features at a particular protocol layer at the network layer
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP18315043.2A EP3654606B1 (en) | 2018-11-15 | 2018-11-15 | Method and data packet cleaning system for screening data packets received at a service infrastructure |
Publications (1)
Publication Number | Publication Date |
---|---|
DK3654606T3 true DK3654606T3 (da) | 2022-02-14 |
Family
ID=65199280
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
DK18315043.2T DK3654606T3 (da) | 2018-11-15 | 2018-11-15 | Fremgangsmåde og datapakkerensningssystem til screening af datapakker modtaget ved en serviceinfrastruktur |
Country Status (5)
Country | Link |
---|---|
US (1) | US11411986B2 (da) |
EP (1) | EP3654606B1 (da) |
CN (1) | CN111193594B (da) |
DK (1) | DK3654606T3 (da) |
PL (1) | PL3654606T3 (da) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110768975B (zh) * | 2019-10-21 | 2022-05-31 | 杭州迪普科技股份有限公司 | 流量清洗方法、装置、电子设备及机器可读存储介质 |
WO2022228647A1 (en) * | 2021-04-26 | 2022-11-03 | Huawei Cloud Computing Technologies Co., Ltd. | Method and enforcement unit for supervising connections in a computer network |
Family Cites Families (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7512980B2 (en) | 2001-11-30 | 2009-03-31 | Lancope, Inc. | Packet sampling flow-based detection of network intrusions |
US7222366B2 (en) | 2002-01-28 | 2007-05-22 | International Business Machines Corporation | Intrusion event filtering |
US7596807B2 (en) * | 2003-07-03 | 2009-09-29 | Arbor Networks, Inc. | Method and system for reducing scope of self-propagating attack code in network |
GB0402739D0 (en) | 2004-02-09 | 2004-03-10 | Saviso Group Ltd | Methods and apparatus for routing in a network |
US7609625B2 (en) | 2005-07-06 | 2009-10-27 | Fortinet, Inc. | Systems and methods for detecting and preventing flooding attacks in a network environment |
US20080127324A1 (en) | 2006-11-24 | 2008-05-29 | Electronics And Telecommunications Research Institute | DDoS FLOODING ATTACK RESPONSE APPROACH USING DETERMINISTIC PUSH BACK METHOD |
US8065729B2 (en) | 2006-12-01 | 2011-11-22 | Electronics And Telecommunications Research Institute | Method and apparatus for generating network attack signature |
US8020207B2 (en) | 2007-01-23 | 2011-09-13 | Alcatel Lucent | Containment mechanism for potentially contaminated end systems |
US8374102B2 (en) * | 2007-10-02 | 2013-02-12 | Tellabs Communications Canada, Ltd. | Intelligent collection and management of flow statistics |
US8813221B1 (en) * | 2008-09-25 | 2014-08-19 | Sonicwall, Inc. | Reassembly-free deep packet inspection on multi-core hardware |
US8677473B2 (en) * | 2008-11-18 | 2014-03-18 | International Business Machines Corporation | Network intrusion protection |
US8336098B2 (en) * | 2009-03-25 | 2012-12-18 | Sysmate Co., Ltd. | Method and apparatus for classifying harmful packet |
US8614955B2 (en) * | 2009-09-22 | 2013-12-24 | Ixia | Misdirected packet detection apparatus and method |
US20110153811A1 (en) | 2009-12-18 | 2011-06-23 | Hyun Cheol Jeong | System and method for modeling activity patterns of network traffic to detect botnets |
US9094288B1 (en) | 2011-10-26 | 2015-07-28 | Narus, Inc. | Automated discovery, attribution, analysis, and risk assessment of security threats |
US8681794B2 (en) * | 2011-11-30 | 2014-03-25 | Broadcom Corporation | System and method for efficient matching of regular expression patterns across multiple packets |
JP2015528263A (ja) * | 2012-07-31 | 2015-09-24 | ヒューレット−パッカード デベロップメント カンパニー エル.ピー.Hewlett‐Packard Development Company, L.P. | ネットワークトラフィック処理システム |
US8856924B2 (en) | 2012-08-07 | 2014-10-07 | Cloudflare, Inc. | Mitigating a denial-of-service attack in a cloud-based proxy service |
KR20140088340A (ko) | 2013-01-02 | 2014-07-10 | 한국전자통신연구원 | 오픈플로우 스위치에서의 디도스 공격 처리 장치 및 방법 |
US9430646B1 (en) | 2013-03-14 | 2016-08-30 | Fireeye, Inc. | Distributed systems and methods for automatically detecting unknown bots and botnets |
US9276955B1 (en) | 2014-09-17 | 2016-03-01 | Fortinet, Inc. | Hardware-logic based flow collector for distributed denial of service (DDoS) attack mitigation |
US10116692B2 (en) | 2015-09-04 | 2018-10-30 | Arbor Networks, Inc. | Scalable DDoS protection of SSL-encrypted services |
US9930057B2 (en) * | 2015-10-05 | 2018-03-27 | Cisco Technology, Inc. | Dynamic deep packet inspection for anomaly detection |
US10038715B1 (en) * | 2017-08-01 | 2018-07-31 | Cloudflare, Inc. | Identifying and mitigating denial of service (DoS) attacks |
US20190052553A1 (en) * | 2018-02-27 | 2019-02-14 | Intel Corporation | Architectures and methods for deep packet inspection using alphabet and bitmap-based compression |
-
2018
- 2018-11-15 EP EP18315043.2A patent/EP3654606B1/en active Active
- 2018-11-15 DK DK18315043.2T patent/DK3654606T3/da active
- 2018-11-15 PL PL18315043T patent/PL3654606T3/pl unknown
-
2019
- 2019-11-05 US US16/674,821 patent/US11411986B2/en active Active
- 2019-11-14 CN CN201911112665.0A patent/CN111193594B/zh active Active
Also Published As
Publication number | Publication date |
---|---|
US11411986B2 (en) | 2022-08-09 |
US20200162507A1 (en) | 2020-05-21 |
EP3654606B1 (en) | 2022-01-05 |
CN111193594A (zh) | 2020-05-22 |
CN111193594B (zh) | 2022-10-21 |
PL3654606T3 (pl) | 2022-04-04 |
EP3654606A1 (en) | 2020-05-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DK3254059T3 (da) | Apparat og fremgangsmåde til kompensation af en navigationsrute | |
DK3602865T3 (da) | Fremgangsmåder og knuder til bestemmelse af en transmissionsdatablokstørrelse | |
DK3180136T3 (da) | Fremgangsmåde, apparat og system til sortering af affald | |
DK3789973T3 (da) | Fremgangsmåde til optagelse, behandling og transmission af data fra en mobil enhed | |
PL3792725T3 (pl) | Sposób i urządzenie do zgłaszania informacji o trasie lotu oraz sposób i urządzenie do określania informacji | |
SG11201913347TA (en) | System, method, and apparatus for implementing a blockchain-based entity identification network | |
DK3181050T3 (da) | System og fremgangsmåde til dannelse af et afgørelsesstøttemateriale, som angiver skade på et anatomisk led | |
DK3538963T3 (da) | Fremgangsmåde til drift af et tilstandsovervågningssystem for en vibrationsmaskine og tilstandsovervågningssystem | |
EP3909204C0 (en) | METHOD FOR CORRELATION OF ANALYTICAL NETWORK DATA INFORMATION | |
DK3818721T3 (da) | Fremgangsmåder og anordning til udvidelse af et tidsstempelområde understøttet af et vandmærke | |
DK3442872T3 (da) | Fremgangsmåde og apparat til fyldning af et lyofiliseringssystem | |
DK3379883T3 (da) | Fremgangsmåde, mobilstation og netværksapparat til at transmittere en tjeneste | |
DK3720031T3 (da) | Fremgangsmåde og anordning til afsendelse af data samt fremgangsmåde og anordning til modtagelse af data | |
DK3245610T3 (da) | System og fremgangsmåde til identifikation af en tag på et emne i bevægelse | |
DK3648419T3 (da) | Fremgangsmåde og apparat til routing af datapakker i en netværkstopologi | |
GB201915443D0 (en) | Data Structure for efficiently verifying data | |
DK3777180T3 (da) | Fremgangsmåde og apparat til kodning/afkodning af en punktsky, der repræsenterer et 3d-objekt | |
DK3654606T3 (da) | Fremgangsmåde og datapakkerensningssystem til screening af datapakker modtaget ved en serviceinfrastruktur | |
DK3814718T3 (da) | Fremgangsmåde, indretning og system til fyldning af farmaceutiske beholdere | |
DK3285085T3 (da) | Fremgangsmåde og system til identificering af en lokalitet for en beholder inden for en gruppe af beholdere | |
DK3617887T3 (da) | Fremgangsmåde og system til tilvejebringelse af serviceredundans mellem en masterserver og en slaveserver | |
DK3392427T3 (da) | Fastgørelsessystem og fremgangsmåde til montering af et panel på en holdeliste | |
DK3580422T3 (da) | Indretning til registrering af et fald af en portplade, system til registrering af et fald af en portplade og fremgangsmåde til registrering af et fald af en portplade | |
DK3665909T3 (da) | Metode og system til tilpasning af et høreapparat | |
DK3331638T3 (da) | System og fremgangsmåde til modtagelse af en engangsbeholder |