GB2564357A - Detecting triggering events for distributed denial of service attacks - Google Patents
Detecting triggering events for distributed denial of service attacks Download PDFInfo
- Publication number
- GB2564357A GB2564357A GB1816827.8A GB201816827A GB2564357A GB 2564357 A GB2564357 A GB 2564357A GB 201816827 A GB201816827 A GB 201816827A GB 2564357 A GB2564357 A GB 2564357A
- Authority
- GB
- United Kingdom
- Prior art keywords
- distributed denial
- triggering events
- service attacks
- detecting triggering
- endpoint
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/3006—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system is distributed, e.g. networked systems, clusters, multiprocessor systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3055—Monitoring arrangements for monitoring the status of the computing system or of the computing system component, e.g. monitoring if the computing system is on, off, available, not available
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
- G06F11/3476—Data logging
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3265—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/144—Detection or countermeasures against botnets
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/146—Tracing the source of attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- Software Systems (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
An endpoint in an enterprise network is monitored, and when a potential trigger for a distributed denial of service (DDoS) attack is followed by an increase in network traffic from the endpoint to a high reputation network address, the endpoint is treated as a DDoS service bot and isolated from the network until remediation can be performed.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB1817377.3A GB2570543B8 (en) | 2016-04-22 | 2016-06-29 | Detecting triggering events for distributed denial of service attacks |
GB1817376.5A GB2574283B8 (en) | 2016-04-22 | 2016-06-29 | Detecting triggering events for distributed denial of service attacks |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/136,687 US11277416B2 (en) | 2016-04-22 | 2016-04-22 | Labeling network flows according to source applications |
US15/136,762 US10938781B2 (en) | 2016-04-22 | 2016-04-22 | Secure labeling of network flows |
PCT/US2016/040094 WO2017184189A1 (en) | 2016-04-22 | 2016-06-29 | Detecting triggering events for distributed denial of service attacks |
Publications (4)
Publication Number | Publication Date |
---|---|
GB201816827D0 GB201816827D0 (en) | 2018-11-28 |
GB2564357A true GB2564357A (en) | 2019-01-09 |
GB2564357B GB2564357B (en) | 2020-10-07 |
GB2564357B8 GB2564357B8 (en) | 2021-12-08 |
Family
ID=60116990
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB1817377.3A Active GB2570543B8 (en) | 2016-04-22 | 2016-06-29 | Detecting triggering events for distributed denial of service attacks |
GB1816827.8A Active GB2564357B8 (en) | 2016-04-22 | 2016-06-29 | Detecting triggering events for distributed denial of service attacks |
GB1817376.5A Active GB2574283B8 (en) | 2016-04-22 | 2016-06-29 | Detecting triggering events for distributed denial of service attacks |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB1817377.3A Active GB2570543B8 (en) | 2016-04-22 | 2016-06-29 | Detecting triggering events for distributed denial of service attacks |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB1817376.5A Active GB2574283B8 (en) | 2016-04-22 | 2016-06-29 | Detecting triggering events for distributed denial of service attacks |
Country Status (2)
Country | Link |
---|---|
GB (3) | GB2570543B8 (en) |
WO (1) | WO2017184189A1 (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10938781B2 (en) | 2016-04-22 | 2021-03-02 | Sophos Limited | Secure labeling of network flows |
US11102238B2 (en) | 2016-04-22 | 2021-08-24 | Sophos Limited | Detecting triggering events for distributed denial of service attacks |
US11277416B2 (en) | 2016-04-22 | 2022-03-15 | Sophos Limited | Labeling network flows according to source applications |
US10986109B2 (en) | 2016-04-22 | 2021-04-20 | Sophos Limited | Local proxy detection |
US11165797B2 (en) | 2016-04-22 | 2021-11-02 | Sophos Limited | Detecting endpoint compromise based on network usage history |
CN114374560A (en) * | 2018-02-07 | 2022-04-19 | 阿里巴巴集团控股有限公司 | Data processing method, device and storage medium |
RU2740027C1 (en) * | 2020-02-12 | 2020-12-30 | Варити Менеджмент Сервисез Лимитед | Method and system for preventing malicious automated attacks |
US11381594B2 (en) * | 2020-03-26 | 2022-07-05 | At&T Intellectual Property I, L.P. | Denial of service detection and mitigation in a multi-access edge computing environment |
US20220239634A1 (en) * | 2021-01-26 | 2022-07-28 | Proofpoint, Inc. | Systems and methods for sensor trustworthiness |
US20240007483A1 (en) * | 2022-07-01 | 2024-01-04 | Nozomi Networks Sagl | Method for automatic signatures generation from a plurality of sources |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070011740A1 (en) * | 2005-07-07 | 2007-01-11 | International Business Machines Corporation | System and method for detection and mitigation of distributed denial of service attacks |
US20080168559A1 (en) * | 2007-01-04 | 2008-07-10 | Cisco Technology, Inc. | Protection against reflection distributed denial of service attacks |
US20080244074A1 (en) * | 2007-03-30 | 2008-10-02 | Paul Baccas | Remedial action against malicious code at a client facility |
US20100005291A1 (en) * | 2008-04-16 | 2010-01-07 | Microsoft Corporation | Application reputation service |
US20110320816A1 (en) * | 2009-03-13 | 2011-12-29 | Rutgers, The State University Of New Jersey | Systems and method for malware detection |
US8490190B1 (en) * | 2006-06-30 | 2013-07-16 | Symantec Corporation | Use of interactive messaging channels to verify endpoints |
US8832835B1 (en) * | 2010-10-28 | 2014-09-09 | Symantec Corporation | Detecting and remediating malware dropped by files |
US20150127790A1 (en) * | 2013-11-05 | 2015-05-07 | Harris Corporation | Systems and methods for enterprise mission management of a computer nework |
US20150215187A1 (en) * | 2012-08-17 | 2015-07-30 | Janne Einari Tuononen | Data Services in a Computer System |
US20160080417A1 (en) * | 2014-09-14 | 2016-03-17 | Sophos Limited | Labeling computing objects for improved threat detection |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8561181B1 (en) * | 2008-11-26 | 2013-10-15 | Symantec Corporation | Detecting man-in-the-middle attacks via security transitions |
KR100942456B1 (en) * | 2009-07-23 | 2010-02-12 | 주식회사 안철수연구소 | Method for detecting and protecting ddos attack by using cloud computing and server thereof |
US20120324568A1 (en) * | 2011-06-14 | 2012-12-20 | Lookout, Inc., A California Corporation | Mobile web protection |
US20170091482A1 (en) * | 2015-09-30 | 2017-03-30 | Symantec Corporation | Methods for data loss prevention from malicious applications and targeted persistent threats |
-
2016
- 2016-06-29 GB GB1817377.3A patent/GB2570543B8/en active Active
- 2016-06-29 GB GB1816827.8A patent/GB2564357B8/en active Active
- 2016-06-29 WO PCT/US2016/040094 patent/WO2017184189A1/en active Application Filing
- 2016-06-29 GB GB1817376.5A patent/GB2574283B8/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070011740A1 (en) * | 2005-07-07 | 2007-01-11 | International Business Machines Corporation | System and method for detection and mitigation of distributed denial of service attacks |
US8490190B1 (en) * | 2006-06-30 | 2013-07-16 | Symantec Corporation | Use of interactive messaging channels to verify endpoints |
US20080168559A1 (en) * | 2007-01-04 | 2008-07-10 | Cisco Technology, Inc. | Protection against reflection distributed denial of service attacks |
US20080244074A1 (en) * | 2007-03-30 | 2008-10-02 | Paul Baccas | Remedial action against malicious code at a client facility |
US20100005291A1 (en) * | 2008-04-16 | 2010-01-07 | Microsoft Corporation | Application reputation service |
US20110320816A1 (en) * | 2009-03-13 | 2011-12-29 | Rutgers, The State University Of New Jersey | Systems and method for malware detection |
US8832835B1 (en) * | 2010-10-28 | 2014-09-09 | Symantec Corporation | Detecting and remediating malware dropped by files |
US20150215187A1 (en) * | 2012-08-17 | 2015-07-30 | Janne Einari Tuononen | Data Services in a Computer System |
US20150127790A1 (en) * | 2013-11-05 | 2015-05-07 | Harris Corporation | Systems and methods for enterprise mission management of a computer nework |
US20160080417A1 (en) * | 2014-09-14 | 2016-03-17 | Sophos Limited | Labeling computing objects for improved threat detection |
Also Published As
Publication number | Publication date |
---|---|
GB2570543A8 (en) | 2020-09-30 |
GB2574283B (en) | 2020-05-20 |
GB201817377D0 (en) | 2018-12-12 |
GB201816827D0 (en) | 2018-11-28 |
GB2564357B (en) | 2020-10-07 |
GB2570543B8 (en) | 2021-12-08 |
GB2564357B8 (en) | 2021-12-08 |
GB2570543A (en) | 2019-07-31 |
GB2570543B (en) | 2020-05-20 |
GB2574283B8 (en) | 2021-12-08 |
GB201817376D0 (en) | 2018-12-12 |
GB2574283A (en) | 2019-12-04 |
WO2017184189A1 (en) | 2017-10-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
GB2564357A (en) | Detecting triggering events for distributed denial of service attacks | |
WO2016067290A3 (en) | Method and system for mitigating malicious messages attacks | |
MX2018012396A (en) | Systems and methods for protecting network devices by a firewall. | |
CO2017003283A2 (en) | Systems and methods for protecting network devices | |
EP3393089A4 (en) | Security device, network system and attack detection method | |
EP4274166A3 (en) | Methods and systems for protecting a secured network | |
WO2013013189A3 (en) | Security gateway communication | |
WO2014052756A3 (en) | Identifying and mitigating malicious network threats | |
ATE544283T1 (en) | METHOD FOR DEFENSE AGAINST DENIAL OF SERVICE ATTACKS ON IP NETWORKS USING TARGET VICTIM SELF-IDENTIFICATION AND CONTROL | |
WO2009134900A3 (en) | Trusted network interface | |
WO2015029037A3 (en) | Method and system handling malware | |
GB201211875D0 (en) | Social network protection system | |
SG11201809981QA (en) | Processing method for preventing copy attack, and server and client | |
MX2018000268A (en) | Content protection. | |
WO2015008143A3 (en) | Methods and devices for protecting private data | |
GB201900670D0 (en) | Methods and devices for detecting denial of service attacks in secure interactions | |
Vasilomanolakis et al. | Did you really hack a nuclear power plant? An industrial control mobile honeypot | |
EP3593499A4 (en) | Method to mitigate transients based attacks on key agreement schemes over controller area network | |
MY196450A (en) | Method, Apparatus, and System for Detecting Terminal Device Anomaly | |
MX2018001874A (en) | Method and device for lawful interception for proximity services. | |
WO2018063544A3 (en) | Addressing inside-enterprise hack attempts | |
IN2013CH05877A (en) | ||
SG10201910425SA (en) | Methods and devices for preventing denial-of-service attack on blockchain system | |
WO2013189457A3 (en) | Terminal, cloud system server and interaction method and system thereof | |
AR085393A1 (en) | ROUTER, A METHOD AND PROGRAM FOR THE CONTROL OF PACKAGES, BASED ON THE ADMINSTRATION OF THE PREFIXES |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
S117 | Correction of errors in patents and applications (sect. 117/patents act 1977) |
Free format text: REQUEST FILED; REQUEST FOR CORRECTION UNDER SECTION 117 FILED ON 18 OCTOBER 2021 |
|
S117 | Correction of errors in patents and applications (sect. 117/patents act 1977) |
Free format text: CORRECTIONS ALLOWED; REQUEST FOR CORRECTION UNDER SECTION 117 FILED ON 18 OCTOBER 2021 ALLOWED ON 25 NOVEMBER 2021 |