Processing

Please wait...

Settings

Settings

Goto Application

1. WO2002021244 - METHOD AND SYSTEM FOR PROTECTING PUBLICLY ACCESSIBLE NETWORK COMPUTER SERVICES FROM UNDESIRABLE NETWORK TRAFFIC IN REAL-TIME

Publication Number WO/2002/021244
Publication Date 14.03.2002
International Application No. PCT/US2001/015701
International Filing Date 16.05.2001
Chapter 2 Demand Filed 28.02.2002
IPC
H04L 12/24 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
12Data switching networks
02Details
24Arrangements for maintenance or administration
H04L 12/26 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
12Data switching networks
02Details
26Monitoring arrangements; Testing arrangements
H04L 29/06 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
CPC
H04L 2463/141
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
2463Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
141Denial of service attacks against endpoints in a network
H04L 2463/146
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
2463Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
146Tracing the source of attacks
H04L 41/12
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
41Arrangements for maintenance or administration or management of packet switching networks
12network topology discovery or management
H04L 41/22
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
41Arrangements for maintenance or administration or management of packet switching networks
22using GUI [Graphical User Interface]
H04L 41/28
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
41Arrangements for maintenance or administration or management of packet switching networks
28Security in network management, e.g. restricting network management access
H04L 43/00
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
43Arrangements for monitoring or testing packet switching networks
Applicants
  • THE REGENTS OF THE UNIVERSITY OF MICHIGAN [US]/[US] (AllExceptUS)
  • MALAN, Gerald, R. [US]/[US] (UsOnly)
  • JAHANIAN, Farnam [US]/[US] (UsOnly)
Inventors
  • MALAN, Gerald, R.
  • JAHANIAN, Farnam
Agents
  • SYROWIK, David, R.
Priority Data
60/231,47908.09.2000US
60/231,48008.09.2000US
60/231,48108.09.2000US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) METHOD AND SYSTEM FOR PROTECTING PUBLICLY ACCESSIBLE NETWORK COMPUTER SERVICES FROM UNDESIRABLE NETWORK TRAFFIC IN REAL-TIME
(FR) PROCEDE ET SYSTEME PERMETTANT DE PROTEGER EN TEMPS REEL DES SERVICES INFORMATIQUES DE RESEAU ACCESSIBLE AU PUBLIC CONTRE UN TRAFIC DE RESEAU INDESIRABLE
Abstract
(EN)
A method and system are provided for protecting publicly accessible network computer services from undesirable network traffic in real-time. The method includes receiving network destined for the services and analyzing the network traffic to identify an undesirable user of the services. Access of the undesirable user to the services is limited to protect the services. The method and system identify and remove a new level of security threat that is not addressable by current techniques. Specifically, the method and system identify topologically anomalous application-level patterns of traffic and remove these data flows in real-time from the network.
(FR)
L'invention concerne un procédé et un système permettant de protéger en temps réel des services informatiques de réseau accessible au public contre un trafic de réseau indésirable. Ledit procédé consiste à recevoir un trafic de réseau destiné à des services, et à analyser ledit trafic de réseau afin d'identifier un utilisateur de services indésirable. L'accès de l'utilisateur indésirable aux services est limité afin de protéger ces services. Le procédé et le système permettent d'identifier et de supprimer un nouveau niveau de menace contre la sécurité auquel il n'est pas possible d'accéder au moyen des techniques actuelles. Lesdits procédé et système permettent également d'identifier des modèles de niveau d'application topologiquement anormaux, et de supprimer en temps réel ces trains de données du réseau.
Also published as
Latest bibliographic data on file with the International Bureau