GB2564357B - Detecting triggering events for distributed denial of service attacks - Google Patents

Detecting triggering events for distributed denial of service attacks Download PDF

Info

Publication number
GB2564357B
GB2564357B GB1816827.8A GB201816827A GB2564357B GB 2564357 B GB2564357 B GB 2564357B GB 201816827 A GB201816827 A GB 201816827A GB 2564357 B GB2564357 B GB 2564357B
Authority
GB
United Kingdom
Prior art keywords
triggering events
distributed denial
service attacks
detecting triggering
detecting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
GB1816827.8A
Other versions
GB2564357B8 (en
GB2564357A (en
GB201816827D0 (en
Inventor
Ackerman Karl
David Harris Mark
Neil Reed Simon
J Thomas Andrew
D Ray Kenneth
Stutz Daniel
Howard Fraser
Samosseiko Dmitri
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sophos Ltd
Original Assignee
Sophos Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US15/136,687 external-priority patent/US11277416B2/en
Priority claimed from US15/136,762 external-priority patent/US10938781B2/en
Application filed by Sophos Ltd filed Critical Sophos Ltd
Priority to GB1817377.3A priority Critical patent/GB2570543B8/en
Priority to GB1817376.5A priority patent/GB2574283B8/en
Publication of GB201816827D0 publication Critical patent/GB201816827D0/en
Publication of GB2564357A publication Critical patent/GB2564357A/en
Application granted granted Critical
Publication of GB2564357B publication Critical patent/GB2564357B/en
Publication of GB2564357B8 publication Critical patent/GB2564357B8/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/3006Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system is distributed, e.g. networked systems, clusters, multiprocessor systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3055Monitoring arrangements for monitoring the status of the computing system or of the computing system component, e.g. monitoring if the computing system is on, off, available, not available
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3466Performance evaluation by tracing or monitoring
    • G06F11/3476Data logging
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3265Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/144Detection or countermeasures against botnets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/146Tracing the source of attacks
GB1816827.8A 2016-04-22 2016-06-29 Detecting triggering events for distributed denial of service attacks Active GB2564357B8 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB1817377.3A GB2570543B8 (en) 2016-04-22 2016-06-29 Detecting triggering events for distributed denial of service attacks
GB1817376.5A GB2574283B8 (en) 2016-04-22 2016-06-29 Detecting triggering events for distributed denial of service attacks

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US15/136,687 US11277416B2 (en) 2016-04-22 2016-04-22 Labeling network flows according to source applications
US15/136,762 US10938781B2 (en) 2016-04-22 2016-04-22 Secure labeling of network flows
PCT/US2016/040094 WO2017184189A1 (en) 2016-04-22 2016-06-29 Detecting triggering events for distributed denial of service attacks

Publications (4)

Publication Number Publication Date
GB201816827D0 GB201816827D0 (en) 2018-11-28
GB2564357A GB2564357A (en) 2019-01-09
GB2564357B true GB2564357B (en) 2020-10-07
GB2564357B8 GB2564357B8 (en) 2021-12-08

Family

ID=60116990

Family Applications (3)

Application Number Title Priority Date Filing Date
GB1816827.8A Active GB2564357B8 (en) 2016-04-22 2016-06-29 Detecting triggering events for distributed denial of service attacks
GB1817377.3A Active GB2570543B8 (en) 2016-04-22 2016-06-29 Detecting triggering events for distributed denial of service attacks
GB1817376.5A Active GB2574283B8 (en) 2016-04-22 2016-06-29 Detecting triggering events for distributed denial of service attacks

Family Applications After (2)

Application Number Title Priority Date Filing Date
GB1817377.3A Active GB2570543B8 (en) 2016-04-22 2016-06-29 Detecting triggering events for distributed denial of service attacks
GB1817376.5A Active GB2574283B8 (en) 2016-04-22 2016-06-29 Detecting triggering events for distributed denial of service attacks

Country Status (2)

Country Link
GB (3) GB2564357B8 (en)
WO (1) WO2017184189A1 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11277416B2 (en) 2016-04-22 2022-03-15 Sophos Limited Labeling network flows according to source applications
US11102238B2 (en) 2016-04-22 2021-08-24 Sophos Limited Detecting triggering events for distributed denial of service attacks
US10986109B2 (en) 2016-04-22 2021-04-20 Sophos Limited Local proxy detection
US11165797B2 (en) 2016-04-22 2021-11-02 Sophos Limited Detecting endpoint compromise based on network usage history
US10938781B2 (en) 2016-04-22 2021-03-02 Sophos Limited Secure labeling of network flows
RU2740027C1 (en) * 2020-02-12 2020-12-30 Варити Менеджмент Сервисез Лимитед Method and system for preventing malicious automated attacks
US11381594B2 (en) * 2020-03-26 2022-07-05 At&T Intellectual Property I, L.P. Denial of service detection and mitigation in a multi-access edge computing environment
US20220239634A1 (en) * 2021-01-26 2022-07-28 Proofpoint, Inc. Systems and methods for sensor trustworthiness
US20240007483A1 (en) * 2022-07-01 2024-01-04 Nozomi Networks Sagl Method for automatic signatures generation from a plurality of sources

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070011740A1 (en) * 2005-07-07 2007-01-11 International Business Machines Corporation System and method for detection and mitigation of distributed denial of service attacks
US20080168559A1 (en) * 2007-01-04 2008-07-10 Cisco Technology, Inc. Protection against reflection distributed denial of service attacks
US20080244074A1 (en) * 2007-03-30 2008-10-02 Paul Baccas Remedial action against malicious code at a client facility
US20100005291A1 (en) * 2008-04-16 2010-01-07 Microsoft Corporation Application reputation service
US20110320816A1 (en) * 2009-03-13 2011-12-29 Rutgers, The State University Of New Jersey Systems and method for malware detection
US20120124666A1 (en) * 2009-07-23 2012-05-17 Ahnlab, Inc. Method for detecting and preventing a ddos attack using cloud computing, and server
US8490190B1 (en) * 2006-06-30 2013-07-16 Symantec Corporation Use of interactive messaging channels to verify endpoints
US8832835B1 (en) * 2010-10-28 2014-09-09 Symantec Corporation Detecting and remediating malware dropped by files
US20150127790A1 (en) * 2013-11-05 2015-05-07 Harris Corporation Systems and methods for enterprise mission management of a computer nework
US20150215187A1 (en) * 2012-08-17 2015-07-30 Janne Einari Tuononen Data Services in a Computer System
US20160080417A1 (en) * 2014-09-14 2016-03-17 Sophos Limited Labeling computing objects for improved threat detection

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8561181B1 (en) * 2008-11-26 2013-10-15 Symantec Corporation Detecting man-in-the-middle attacks via security transitions
US20120324568A1 (en) * 2011-06-14 2012-12-20 Lookout, Inc., A California Corporation Mobile web protection
US20170091482A1 (en) * 2015-09-30 2017-03-30 Symantec Corporation Methods for data loss prevention from malicious applications and targeted persistent threats

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070011740A1 (en) * 2005-07-07 2007-01-11 International Business Machines Corporation System and method for detection and mitigation of distributed denial of service attacks
US8490190B1 (en) * 2006-06-30 2013-07-16 Symantec Corporation Use of interactive messaging channels to verify endpoints
US20080168559A1 (en) * 2007-01-04 2008-07-10 Cisco Technology, Inc. Protection against reflection distributed denial of service attacks
US20080244074A1 (en) * 2007-03-30 2008-10-02 Paul Baccas Remedial action against malicious code at a client facility
US20100005291A1 (en) * 2008-04-16 2010-01-07 Microsoft Corporation Application reputation service
US20110320816A1 (en) * 2009-03-13 2011-12-29 Rutgers, The State University Of New Jersey Systems and method for malware detection
US20120124666A1 (en) * 2009-07-23 2012-05-17 Ahnlab, Inc. Method for detecting and preventing a ddos attack using cloud computing, and server
US8832835B1 (en) * 2010-10-28 2014-09-09 Symantec Corporation Detecting and remediating malware dropped by files
US20150215187A1 (en) * 2012-08-17 2015-07-30 Janne Einari Tuononen Data Services in a Computer System
US20150127790A1 (en) * 2013-11-05 2015-05-07 Harris Corporation Systems and methods for enterprise mission management of a computer nework
US20160080417A1 (en) * 2014-09-14 2016-03-17 Sophos Limited Labeling computing objects for improved threat detection

Also Published As

Publication number Publication date
GB2570543A8 (en) 2020-09-30
GB2564357B8 (en) 2021-12-08
GB2574283A (en) 2019-12-04
GB201817377D0 (en) 2018-12-12
GB2570543B8 (en) 2021-12-08
GB2574283B (en) 2020-05-20
GB201817376D0 (en) 2018-12-12
GB2570543A (en) 2019-07-31
GB2570543B (en) 2020-05-20
WO2017184189A1 (en) 2017-10-26
GB2564357A (en) 2019-01-09
GB201816827D0 (en) 2018-11-28
GB2574283B8 (en) 2021-12-08

Similar Documents

Publication Publication Date Title
GB2574283B (en) Detecting triggering events for distributed denial of service attacks
IL266252B1 (en) Iot security service
ZA201807517B (en) Validation of pal protection areas
IL257852B (en) Systems and methods for detecting and preventing spoofing
EP3195172A4 (en) Blocking forgiveness for ddos
DK3241146T3 (en) SYSTEM AND PROCEDURE FOR COVERING AN IDENTIFICATOR FOR THE PROTECTION OF THE IDENTIFIER FROM UNPERMITTED APPROPRIATION
EP3590063C0 (en) Detecting malicious behavior within local networks
GB2543952B (en) Advanced local-network threat response
GB2555384B (en) Preventing phishing attacks
GB2544309B (en) Advanced local-network threat response
GB201517511D0 (en) Method for privacy protection
GB2574093B (en) Malware barrier
GB2545491B (en) Protection against malicious attacks
GB2543813B (en) Improved malware detection
ITUB20154000A1 (en) Protection device for lock
GB201721378D0 (en) Threat detection system
GB2557954B (en) Method of security threat detection
GB201611301D0 (en) Endpoint malware detection using an event graph
GB201718313D0 (en) Threat detection system
GB2573076B (en) Endpoint malware detection using an event graph
SG10201610911WA (en) Intrusion detection system
GB2548570B (en) Support for an edge protection barrier
GB201518437D0 (en) An insect protection device
GB2563266B (en) Denial of service mitigation
GB2534242B (en) Fire protection barrier

Legal Events

Date Code Title Description
S117 Correction of errors in patents and applications (sect. 117/patents act 1977)

Free format text: REQUEST FILED; REQUEST FOR CORRECTION UNDER SECTION 117 FILED ON 18 OCTOBER 2021

S117 Correction of errors in patents and applications (sect. 117/patents act 1977)

Free format text: CORRECTIONS ALLOWED; REQUEST FOR CORRECTION UNDER SECTION 117 FILED ON 18 OCTOBER 2021 ALLOWED ON 25 NOVEMBER 2021