GB2570543B - Detecting triggering events for distributed denial of service attacks - Google Patents

Detecting triggering events for distributed denial of service attacks Download PDF

Info

Publication number
GB2570543B
GB2570543B GB1817377.3A GB201817377A GB2570543B GB 2570543 B GB2570543 B GB 2570543B GB 201817377 A GB201817377 A GB 201817377A GB 2570543 B GB2570543 B GB 2570543B
Authority
GB
United Kingdom
Prior art keywords
triggering events
distributed denial
service attacks
detecting triggering
detecting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
GB1817377.3A
Other versions
GB201817377D0 (en
GB2570543A8 (en
GB2570543B8 (en
GB2570543A (en
Inventor
Ackerman Karl
David Harris Mark
Neil Reed Simon
J Thomas Andrew
D Ray Kenneth
Stutz Daniel
Howard Fraser
Samosseiko Dmitri
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sophos Ltd
Original Assignee
Sophos Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US15/136,762 external-priority patent/US10938781B2/en
Priority claimed from US15/136,687 external-priority patent/US11277416B2/en
Application filed by Sophos Ltd filed Critical Sophos Ltd
Publication of GB201817377D0 publication Critical patent/GB201817377D0/en
Publication of GB2570543A publication Critical patent/GB2570543A/en
Publication of GB2570543B publication Critical patent/GB2570543B/en
Publication of GB2570543A8 publication Critical patent/GB2570543A8/en
Application granted granted Critical
Publication of GB2570543B8 publication Critical patent/GB2570543B8/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/3006Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system is distributed, e.g. networked systems, clusters, multiprocessor systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3055Monitoring arrangements for monitoring the status of the computing system or of the computing system component, e.g. monitoring if the computing system is on, off, available, not available
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3466Performance evaluation by tracing or monitoring
    • G06F11/3476Data logging
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3265Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/144Detection or countermeasures against botnets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/146Tracing the source of attacks
GB1817377.3A 2016-04-22 2016-06-29 Detecting triggering events for distributed denial of service attacks Active GB2570543B8 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US15/136,762 US10938781B2 (en) 2016-04-22 2016-04-22 Secure labeling of network flows
US15/136,687 US11277416B2 (en) 2016-04-22 2016-04-22 Labeling network flows according to source applications
GB1816827.8A GB2564357B8 (en) 2016-04-22 2016-06-29 Detecting triggering events for distributed denial of service attacks

Publications (5)

Publication Number Publication Date
GB201817377D0 GB201817377D0 (en) 2018-12-12
GB2570543A GB2570543A (en) 2019-07-31
GB2570543B true GB2570543B (en) 2020-05-20
GB2570543A8 GB2570543A8 (en) 2020-09-30
GB2570543B8 GB2570543B8 (en) 2021-12-08

Family

ID=60116990

Family Applications (3)

Application Number Title Priority Date Filing Date
GB1816827.8A Active GB2564357B8 (en) 2016-04-22 2016-06-29 Detecting triggering events for distributed denial of service attacks
GB1817376.5A Active GB2574283B8 (en) 2016-04-22 2016-06-29 Detecting triggering events for distributed denial of service attacks
GB1817377.3A Active GB2570543B8 (en) 2016-04-22 2016-06-29 Detecting triggering events for distributed denial of service attacks

Family Applications Before (2)

Application Number Title Priority Date Filing Date
GB1816827.8A Active GB2564357B8 (en) 2016-04-22 2016-06-29 Detecting triggering events for distributed denial of service attacks
GB1817376.5A Active GB2574283B8 (en) 2016-04-22 2016-06-29 Detecting triggering events for distributed denial of service attacks

Country Status (2)

Country Link
GB (3) GB2564357B8 (en)
WO (1) WO2017184189A1 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10986109B2 (en) 2016-04-22 2021-04-20 Sophos Limited Local proxy detection
US10938781B2 (en) 2016-04-22 2021-03-02 Sophos Limited Secure labeling of network flows
US11165797B2 (en) 2016-04-22 2021-11-02 Sophos Limited Detecting endpoint compromise based on network usage history
US11102238B2 (en) 2016-04-22 2021-08-24 Sophos Limited Detecting triggering events for distributed denial of service attacks
US11277416B2 (en) 2016-04-22 2022-03-15 Sophos Limited Labeling network flows according to source applications
RU2740027C1 (en) * 2020-02-12 2020-12-30 Варити Менеджмент Сервисез Лимитед Method and system for preventing malicious automated attacks
US11381594B2 (en) * 2020-03-26 2022-07-05 At&T Intellectual Property I, L.P. Denial of service detection and mitigation in a multi-access edge computing environment
US20220239634A1 (en) * 2021-01-26 2022-07-28 Proofpoint, Inc. Systems and methods for sensor trustworthiness
US20240007483A1 (en) * 2022-07-01 2024-01-04 Nozomi Networks Sagl Method for automatic signatures generation from a plurality of sources

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8561181B1 (en) * 2008-11-26 2013-10-15 Symantec Corporation Detecting man-in-the-middle attacks via security transitions

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7930740B2 (en) * 2005-07-07 2011-04-19 International Business Machines Corporation System and method for detection and mitigation of distributed denial of service attacks
US8490190B1 (en) * 2006-06-30 2013-07-16 Symantec Corporation Use of interactive messaging channels to verify endpoints
US8156557B2 (en) * 2007-01-04 2012-04-10 Cisco Technology, Inc. Protection against reflection distributed denial of service attacks
US8782786B2 (en) * 2007-03-30 2014-07-15 Sophos Limited Remedial action against malicious code at a client facility
US8769702B2 (en) * 2008-04-16 2014-07-01 Micosoft Corporation Application reputation service
EP2406717A4 (en) * 2009-03-13 2012-12-26 Univ Rutgers Systems and methods for the detection of malware
KR100942456B1 (en) * 2009-07-23 2010-02-12 주식회사 안철수연구소 Method for detecting and protecting ddos attack by using cloud computing and server thereof
US8832835B1 (en) * 2010-10-28 2014-09-09 Symantec Corporation Detecting and remediating malware dropped by files
US20120324568A1 (en) * 2011-06-14 2012-12-20 Lookout, Inc., A California Corporation Mobile web protection
WO2014026718A1 (en) * 2012-08-17 2014-02-20 Nokia Siemens Networks Oy Data services in a computer system
US9503324B2 (en) * 2013-11-05 2016-11-22 Harris Corporation Systems and methods for enterprise mission management of a computer network
US9967282B2 (en) * 2014-09-14 2018-05-08 Sophos Limited Labeling computing objects for improved threat detection
US20170091482A1 (en) * 2015-09-30 2017-03-30 Symantec Corporation Methods for data loss prevention from malicious applications and targeted persistent threats

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8561181B1 (en) * 2008-11-26 2013-10-15 Symantec Corporation Detecting man-in-the-middle attacks via security transitions

Also Published As

Publication number Publication date
GB201817377D0 (en) 2018-12-12
GB2574283B8 (en) 2021-12-08
GB2570543A8 (en) 2020-09-30
GB2564357B (en) 2020-10-07
GB2564357B8 (en) 2021-12-08
GB2574283A (en) 2019-12-04
GB2570543B8 (en) 2021-12-08
GB201817376D0 (en) 2018-12-12
WO2017184189A1 (en) 2017-10-26
GB2564357A (en) 2019-01-09
GB2574283B (en) 2020-05-20
GB2570543A (en) 2019-07-31
GB201816827D0 (en) 2018-11-28

Similar Documents

Publication Publication Date Title
GB2570543B (en) Detecting triggering events for distributed denial of service attacks
IL266252A (en) Iot security service
ZA201807517B (en) Validation of pal protection areas
IL257852B (en) Systems and methods for detecting and preventing spoofing
EP3195172A4 (en) Blocking forgiveness for ddos
DK3241146T3 (en) SYSTEM AND PROCEDURE FOR COVERING AN IDENTIFICATOR FOR THE PROTECTION OF THE IDENTIFIER FROM UNPERMITTED APPROPRIATION
GB201720990D0 (en) Security service for an unmanaged device
EP3590063C0 (en) Detecting malicious behavior within local networks
GB2543952B (en) Advanced local-network threat response
GB2555384B (en) Preventing phishing attacks
GB2544309B (en) Advanced local-network threat response
GB201517511D0 (en) Method for privacy protection
GB2574093B (en) Malware barrier
GB2545491B (en) Protection against malicious attacks
GB2543813B (en) Improved malware detection
ITUB20154000A1 (en) Protection device for lock
GB201611301D0 (en) Endpoint malware detection using an event graph
GB2573076B (en) Endpoint malware detection using an event graph
SG10201610911WA (en) Intrusion detection system
GB2548570B (en) Support for an edge protection barrier
GB201518437D0 (en) An insect protection device
GB2563266B (en) Denial of service mitigation
GB2534242B (en) Fire protection barrier
HK1223243A2 (en) Thermal protection for speakers
GB201522887D0 (en) Detecting malicious software

Legal Events

Date Code Title Description
S117 Correction of errors in patents and applications (sect. 117/patents act 1977)

Free format text: REQUEST FILED; REQUEST FOR CORRECTION UNDER SECTION 117 FILED ON 18 OCTOBER 2021

S117 Correction of errors in patents and applications (sect. 117/patents act 1977)

Free format text: CORRECTIONS ALLOWED; REQUEST FOR CORRECTION UNDER SECTION 117 FILED ON 18 OCTOBER 2021 ALLOWED ON 25 NOVEMBER 2021