GB2564357B - Detecting triggering events for distributed denial of service attacks - Google Patents
Detecting triggering events for distributed denial of service attacks Download PDFInfo
- Publication number
- GB2564357B GB2564357B GB1816827.8A GB201816827A GB2564357B GB 2564357 B GB2564357 B GB 2564357B GB 201816827 A GB201816827 A GB 201816827A GB 2564357 B GB2564357 B GB 2564357B
- Authority
- GB
- United Kingdom
- Prior art keywords
- triggering events
- distributed denial
- service attacks
- detecting triggering
- detecting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/3006—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system is distributed, e.g. networked systems, clusters, multiprocessor systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3055—Monitoring arrangements for monitoring the status of the computing system or of the computing system component, e.g. monitoring if the computing system is on, off, available, not available
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
- G06F11/3476—Data logging
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3265—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/144—Detection or countermeasures against botnets
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/146—Tracing the source of attacks
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB1817377.3A GB2570543B8 (en) | 2016-04-22 | 2016-06-29 | Detecting triggering events for distributed denial of service attacks |
GB1817376.5A GB2574283B8 (en) | 2016-04-22 | 2016-06-29 | Detecting triggering events for distributed denial of service attacks |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/136,687 US11277416B2 (en) | 2016-04-22 | 2016-04-22 | Labeling network flows according to source applications |
US15/136,762 US10938781B2 (en) | 2016-04-22 | 2016-04-22 | Secure labeling of network flows |
PCT/US2016/040094 WO2017184189A1 (en) | 2016-04-22 | 2016-06-29 | Detecting triggering events for distributed denial of service attacks |
Publications (4)
Publication Number | Publication Date |
---|---|
GB201816827D0 GB201816827D0 (en) | 2018-11-28 |
GB2564357A GB2564357A (en) | 2019-01-09 |
GB2564357B true GB2564357B (en) | 2020-10-07 |
GB2564357B8 GB2564357B8 (en) | 2021-12-08 |
Family
ID=60116990
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB1816827.8A Active GB2564357B8 (en) | 2016-04-22 | 2016-06-29 | Detecting triggering events for distributed denial of service attacks |
GB1817377.3A Active GB2570543B8 (en) | 2016-04-22 | 2016-06-29 | Detecting triggering events for distributed denial of service attacks |
GB1817376.5A Active GB2574283B8 (en) | 2016-04-22 | 2016-06-29 | Detecting triggering events for distributed denial of service attacks |
Family Applications After (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB1817377.3A Active GB2570543B8 (en) | 2016-04-22 | 2016-06-29 | Detecting triggering events for distributed denial of service attacks |
GB1817376.5A Active GB2574283B8 (en) | 2016-04-22 | 2016-06-29 | Detecting triggering events for distributed denial of service attacks |
Country Status (2)
Country | Link |
---|---|
GB (3) | GB2564357B8 (en) |
WO (1) | WO2017184189A1 (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11277416B2 (en) | 2016-04-22 | 2022-03-15 | Sophos Limited | Labeling network flows according to source applications |
US11102238B2 (en) | 2016-04-22 | 2021-08-24 | Sophos Limited | Detecting triggering events for distributed denial of service attacks |
US10986109B2 (en) | 2016-04-22 | 2021-04-20 | Sophos Limited | Local proxy detection |
US11165797B2 (en) | 2016-04-22 | 2021-11-02 | Sophos Limited | Detecting endpoint compromise based on network usage history |
US10938781B2 (en) | 2016-04-22 | 2021-03-02 | Sophos Limited | Secure labeling of network flows |
RU2740027C1 (en) * | 2020-02-12 | 2020-12-30 | Варити Менеджмент Сервисез Лимитед | Method and system for preventing malicious automated attacks |
US11381594B2 (en) * | 2020-03-26 | 2022-07-05 | At&T Intellectual Property I, L.P. | Denial of service detection and mitigation in a multi-access edge computing environment |
US20220239634A1 (en) * | 2021-01-26 | 2022-07-28 | Proofpoint, Inc. | Systems and methods for sensor trustworthiness |
US20240007483A1 (en) * | 2022-07-01 | 2024-01-04 | Nozomi Networks Sagl | Method for automatic signatures generation from a plurality of sources |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070011740A1 (en) * | 2005-07-07 | 2007-01-11 | International Business Machines Corporation | System and method for detection and mitigation of distributed denial of service attacks |
US20080168559A1 (en) * | 2007-01-04 | 2008-07-10 | Cisco Technology, Inc. | Protection against reflection distributed denial of service attacks |
US20080244074A1 (en) * | 2007-03-30 | 2008-10-02 | Paul Baccas | Remedial action against malicious code at a client facility |
US20100005291A1 (en) * | 2008-04-16 | 2010-01-07 | Microsoft Corporation | Application reputation service |
US20110320816A1 (en) * | 2009-03-13 | 2011-12-29 | Rutgers, The State University Of New Jersey | Systems and method for malware detection |
US20120124666A1 (en) * | 2009-07-23 | 2012-05-17 | Ahnlab, Inc. | Method for detecting and preventing a ddos attack using cloud computing, and server |
US8490190B1 (en) * | 2006-06-30 | 2013-07-16 | Symantec Corporation | Use of interactive messaging channels to verify endpoints |
US8832835B1 (en) * | 2010-10-28 | 2014-09-09 | Symantec Corporation | Detecting and remediating malware dropped by files |
US20150127790A1 (en) * | 2013-11-05 | 2015-05-07 | Harris Corporation | Systems and methods for enterprise mission management of a computer nework |
US20150215187A1 (en) * | 2012-08-17 | 2015-07-30 | Janne Einari Tuononen | Data Services in a Computer System |
US20160080417A1 (en) * | 2014-09-14 | 2016-03-17 | Sophos Limited | Labeling computing objects for improved threat detection |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8561181B1 (en) * | 2008-11-26 | 2013-10-15 | Symantec Corporation | Detecting man-in-the-middle attacks via security transitions |
US20120324568A1 (en) * | 2011-06-14 | 2012-12-20 | Lookout, Inc., A California Corporation | Mobile web protection |
US20170091482A1 (en) * | 2015-09-30 | 2017-03-30 | Symantec Corporation | Methods for data loss prevention from malicious applications and targeted persistent threats |
-
2016
- 2016-06-29 GB GB1816827.8A patent/GB2564357B8/en active Active
- 2016-06-29 GB GB1817377.3A patent/GB2570543B8/en active Active
- 2016-06-29 GB GB1817376.5A patent/GB2574283B8/en active Active
- 2016-06-29 WO PCT/US2016/040094 patent/WO2017184189A1/en active Application Filing
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070011740A1 (en) * | 2005-07-07 | 2007-01-11 | International Business Machines Corporation | System and method for detection and mitigation of distributed denial of service attacks |
US8490190B1 (en) * | 2006-06-30 | 2013-07-16 | Symantec Corporation | Use of interactive messaging channels to verify endpoints |
US20080168559A1 (en) * | 2007-01-04 | 2008-07-10 | Cisco Technology, Inc. | Protection against reflection distributed denial of service attacks |
US20080244074A1 (en) * | 2007-03-30 | 2008-10-02 | Paul Baccas | Remedial action against malicious code at a client facility |
US20100005291A1 (en) * | 2008-04-16 | 2010-01-07 | Microsoft Corporation | Application reputation service |
US20110320816A1 (en) * | 2009-03-13 | 2011-12-29 | Rutgers, The State University Of New Jersey | Systems and method for malware detection |
US20120124666A1 (en) * | 2009-07-23 | 2012-05-17 | Ahnlab, Inc. | Method for detecting and preventing a ddos attack using cloud computing, and server |
US8832835B1 (en) * | 2010-10-28 | 2014-09-09 | Symantec Corporation | Detecting and remediating malware dropped by files |
US20150215187A1 (en) * | 2012-08-17 | 2015-07-30 | Janne Einari Tuononen | Data Services in a Computer System |
US20150127790A1 (en) * | 2013-11-05 | 2015-05-07 | Harris Corporation | Systems and methods for enterprise mission management of a computer nework |
US20160080417A1 (en) * | 2014-09-14 | 2016-03-17 | Sophos Limited | Labeling computing objects for improved threat detection |
Also Published As
Publication number | Publication date |
---|---|
GB2570543A8 (en) | 2020-09-30 |
GB2564357B8 (en) | 2021-12-08 |
GB2574283A (en) | 2019-12-04 |
GB201817377D0 (en) | 2018-12-12 |
GB2570543B8 (en) | 2021-12-08 |
GB2574283B (en) | 2020-05-20 |
GB201817376D0 (en) | 2018-12-12 |
GB2570543A (en) | 2019-07-31 |
GB2570543B (en) | 2020-05-20 |
WO2017184189A1 (en) | 2017-10-26 |
GB2564357A (en) | 2019-01-09 |
GB201816827D0 (en) | 2018-11-28 |
GB2574283B8 (en) | 2021-12-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
GB2574283B (en) | Detecting triggering events for distributed denial of service attacks | |
IL266252B1 (en) | Iot security service | |
ZA201807517B (en) | Validation of pal protection areas | |
IL257852B (en) | Systems and methods for detecting and preventing spoofing | |
EP3195172A4 (en) | Blocking forgiveness for ddos | |
DK3241146T3 (en) | SYSTEM AND PROCEDURE FOR COVERING AN IDENTIFICATOR FOR THE PROTECTION OF THE IDENTIFIER FROM UNPERMITTED APPROPRIATION | |
EP3590063C0 (en) | Detecting malicious behavior within local networks | |
GB2543952B (en) | Advanced local-network threat response | |
GB2555384B (en) | Preventing phishing attacks | |
GB2544309B (en) | Advanced local-network threat response | |
GB201517511D0 (en) | Method for privacy protection | |
GB2574093B (en) | Malware barrier | |
GB2545491B (en) | Protection against malicious attacks | |
GB2543813B (en) | Improved malware detection | |
ITUB20154000A1 (en) | Protection device for lock | |
GB201721378D0 (en) | Threat detection system | |
GB2557954B (en) | Method of security threat detection | |
GB201611301D0 (en) | Endpoint malware detection using an event graph | |
GB201718313D0 (en) | Threat detection system | |
GB2573076B (en) | Endpoint malware detection using an event graph | |
SG10201610911WA (en) | Intrusion detection system | |
GB2548570B (en) | Support for an edge protection barrier | |
GB201518437D0 (en) | An insect protection device | |
GB2563266B (en) | Denial of service mitigation | |
GB2534242B (en) | Fire protection barrier |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
S117 | Correction of errors in patents and applications (sect. 117/patents act 1977) |
Free format text: REQUEST FILED; REQUEST FOR CORRECTION UNDER SECTION 117 FILED ON 18 OCTOBER 2021 |
|
S117 | Correction of errors in patents and applications (sect. 117/patents act 1977) |
Free format text: CORRECTIONS ALLOWED; REQUEST FOR CORRECTION UNDER SECTION 117 FILED ON 18 OCTOBER 2021 ALLOWED ON 25 NOVEMBER 2021 |