DK3654606T3 - Fremgangsmåde og datapakkerensningssystem til screening af datapakker modtaget ved en serviceinfrastruktur - Google Patents

Fremgangsmåde og datapakkerensningssystem til screening af datapakker modtaget ved en serviceinfrastruktur Download PDF

Info

Publication number
DK3654606T3
DK3654606T3 DK18315043.2T DK18315043T DK3654606T3 DK 3654606 T3 DK3654606 T3 DK 3654606T3 DK 18315043 T DK18315043 T DK 18315043T DK 3654606 T3 DK3654606 T3 DK 3654606T3
Authority
DK
Denmark
Prior art keywords
cleaning system
service infrastructure
data
packages received
pack cleaning
Prior art date
Application number
DK18315043.2T
Other languages
English (en)
Inventor
Aurélien Dudouit
Original Assignee
Ovh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ovh filed Critical Ovh
Application granted granted Critical
Publication of DK3654606T3 publication Critical patent/DK3654606T3/da

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/70Routing based on monitoring results
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/32Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/141Denial of service attacks against endpoints in a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer
DK18315043.2T 2018-11-15 2018-11-15 Fremgangsmåde og datapakkerensningssystem til screening af datapakker modtaget ved en serviceinfrastruktur DK3654606T3 (da)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP18315043.2A EP3654606B1 (en) 2018-11-15 2018-11-15 Method and data packet cleaning system for screening data packets received at a service infrastructure

Publications (1)

Publication Number Publication Date
DK3654606T3 true DK3654606T3 (da) 2022-02-14

Family

ID=65199280

Family Applications (1)

Application Number Title Priority Date Filing Date
DK18315043.2T DK3654606T3 (da) 2018-11-15 2018-11-15 Fremgangsmåde og datapakkerensningssystem til screening af datapakker modtaget ved en serviceinfrastruktur

Country Status (5)

Country Link
US (1) US11411986B2 (da)
EP (1) EP3654606B1 (da)
CN (1) CN111193594B (da)
DK (1) DK3654606T3 (da)
PL (1) PL3654606T3 (da)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110768975B (zh) * 2019-10-21 2022-05-31 杭州迪普科技股份有限公司 流量清洗方法、装置、电子设备及机器可读存储介质
WO2022228647A1 (en) * 2021-04-26 2022-11-03 Huawei Cloud Computing Technologies Co., Ltd. Method and enforcement unit for supervising connections in a computer network

Family Cites Families (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7512980B2 (en) 2001-11-30 2009-03-31 Lancope, Inc. Packet sampling flow-based detection of network intrusions
US7222366B2 (en) 2002-01-28 2007-05-22 International Business Machines Corporation Intrusion event filtering
US7596807B2 (en) * 2003-07-03 2009-09-29 Arbor Networks, Inc. Method and system for reducing scope of self-propagating attack code in network
GB0402739D0 (en) 2004-02-09 2004-03-10 Saviso Group Ltd Methods and apparatus for routing in a network
US7609625B2 (en) 2005-07-06 2009-10-27 Fortinet, Inc. Systems and methods for detecting and preventing flooding attacks in a network environment
US20080127324A1 (en) 2006-11-24 2008-05-29 Electronics And Telecommunications Research Institute DDoS FLOODING ATTACK RESPONSE APPROACH USING DETERMINISTIC PUSH BACK METHOD
US8065729B2 (en) 2006-12-01 2011-11-22 Electronics And Telecommunications Research Institute Method and apparatus for generating network attack signature
US8020207B2 (en) 2007-01-23 2011-09-13 Alcatel Lucent Containment mechanism for potentially contaminated end systems
US8374102B2 (en) * 2007-10-02 2013-02-12 Tellabs Communications Canada, Ltd. Intelligent collection and management of flow statistics
US8813221B1 (en) * 2008-09-25 2014-08-19 Sonicwall, Inc. Reassembly-free deep packet inspection on multi-core hardware
US8677473B2 (en) * 2008-11-18 2014-03-18 International Business Machines Corporation Network intrusion protection
US8336098B2 (en) * 2009-03-25 2012-12-18 Sysmate Co., Ltd. Method and apparatus for classifying harmful packet
US8614955B2 (en) * 2009-09-22 2013-12-24 Ixia Misdirected packet detection apparatus and method
US20110153811A1 (en) 2009-12-18 2011-06-23 Hyun Cheol Jeong System and method for modeling activity patterns of network traffic to detect botnets
US9094288B1 (en) 2011-10-26 2015-07-28 Narus, Inc. Automated discovery, attribution, analysis, and risk assessment of security threats
US8681794B2 (en) * 2011-11-30 2014-03-25 Broadcom Corporation System and method for efficient matching of regular expression patterns across multiple packets
JP2015528263A (ja) * 2012-07-31 2015-09-24 ヒューレット−パッカード デベロップメント カンパニー エル.ピー.Hewlett‐Packard Development Company, L.P. ネットワークトラフィック処理システム
US8856924B2 (en) 2012-08-07 2014-10-07 Cloudflare, Inc. Mitigating a denial-of-service attack in a cloud-based proxy service
KR20140088340A (ko) 2013-01-02 2014-07-10 한국전자통신연구원 오픈플로우 스위치에서의 디도스 공격 처리 장치 및 방법
US9430646B1 (en) 2013-03-14 2016-08-30 Fireeye, Inc. Distributed systems and methods for automatically detecting unknown bots and botnets
US9276955B1 (en) 2014-09-17 2016-03-01 Fortinet, Inc. Hardware-logic based flow collector for distributed denial of service (DDoS) attack mitigation
US10116692B2 (en) 2015-09-04 2018-10-30 Arbor Networks, Inc. Scalable DDoS protection of SSL-encrypted services
US9930057B2 (en) * 2015-10-05 2018-03-27 Cisco Technology, Inc. Dynamic deep packet inspection for anomaly detection
US10038715B1 (en) * 2017-08-01 2018-07-31 Cloudflare, Inc. Identifying and mitigating denial of service (DoS) attacks
US20190052553A1 (en) * 2018-02-27 2019-02-14 Intel Corporation Architectures and methods for deep packet inspection using alphabet and bitmap-based compression

Also Published As

Publication number Publication date
US11411986B2 (en) 2022-08-09
US20200162507A1 (en) 2020-05-21
EP3654606B1 (en) 2022-01-05
CN111193594A (zh) 2020-05-22
CN111193594B (zh) 2022-10-21
PL3654606T3 (pl) 2022-04-04
EP3654606A1 (en) 2020-05-20

Similar Documents

Publication Publication Date Title
DK3254059T3 (da) Apparat og fremgangsmåde til kompensation af en navigationsrute
DK3602865T3 (da) Fremgangsmåder og knuder til bestemmelse af en transmissionsdatablokstørrelse
DK3180136T3 (da) Fremgangsmåde, apparat og system til sortering af affald
DK3789973T3 (da) Fremgangsmåde til optagelse, behandling og transmission af data fra en mobil enhed
PL3792725T3 (pl) Sposób i urządzenie do zgłaszania informacji o trasie lotu oraz sposób i urządzenie do określania informacji
SG11201913347TA (en) System, method, and apparatus for implementing a blockchain-based entity identification network
DK3181050T3 (da) System og fremgangsmåde til dannelse af et afgørelsesstøttemateriale, som angiver skade på et anatomisk led
DK3538963T3 (da) Fremgangsmåde til drift af et tilstandsovervågningssystem for en vibrationsmaskine og tilstandsovervågningssystem
EP3909204C0 (en) METHOD FOR CORRELATION OF ANALYTICAL NETWORK DATA INFORMATION
DK3818721T3 (da) Fremgangsmåder og anordning til udvidelse af et tidsstempelområde understøttet af et vandmærke
DK3442872T3 (da) Fremgangsmåde og apparat til fyldning af et lyofiliseringssystem
DK3379883T3 (da) Fremgangsmåde, mobilstation og netværksapparat til at transmittere en tjeneste
DK3720031T3 (da) Fremgangsmåde og anordning til afsendelse af data samt fremgangsmåde og anordning til modtagelse af data
DK3245610T3 (da) System og fremgangsmåde til identifikation af en tag på et emne i bevægelse
DK3648419T3 (da) Fremgangsmåde og apparat til routing af datapakker i en netværkstopologi
GB201915443D0 (en) Data Structure for efficiently verifying data
DK3777180T3 (da) Fremgangsmåde og apparat til kodning/afkodning af en punktsky, der repræsenterer et 3d-objekt
DK3654606T3 (da) Fremgangsmåde og datapakkerensningssystem til screening af datapakker modtaget ved en serviceinfrastruktur
DK3814718T3 (da) Fremgangsmåde, indretning og system til fyldning af farmaceutiske beholdere
DK3285085T3 (da) Fremgangsmåde og system til identificering af en lokalitet for en beholder inden for en gruppe af beholdere
DK3617887T3 (da) Fremgangsmåde og system til tilvejebringelse af serviceredundans mellem en masterserver og en slaveserver
DK3392427T3 (da) Fastgørelsessystem og fremgangsmåde til montering af et panel på en holdeliste
DK3580422T3 (da) Indretning til registrering af et fald af en portplade, system til registrering af et fald af en portplade og fremgangsmåde til registrering af et fald af en portplade
DK3665909T3 (da) Metode og system til tilpasning af et høreapparat
DK3331638T3 (da) System og fremgangsmåde til modtagelse af en engangsbeholder