Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020117599 - DETECTING ATTACKS USING HANDSHAKE REQUESTS SYSTEMS AND METHODS

Publication Number WO/2020/117599
Publication Date 11.06.2020
International Application No. PCT/US2019/063731
International Filing Date 27.11.2019
IPC
H04L 29/06 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
CPC
H04L 63/0227
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
02for separating internal from external traffic, e.g. firewalls
0227Filtering policies
H04L 63/0428
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
04for providing a confidential data exchange among entities communicating through data packet networks
0428wherein the data content is protected, e.g. by encrypting or encapsulating the payload
H04L 63/126
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
12Applying verification of the received information
126the source of the received data
H04L 63/1416
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
14for detecting or protecting against malicious traffic
1408by monitoring network traffic
1416Event detection, e.g. attack signature detection
H04L 63/1441
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
14for detecting or protecting against malicious traffic
1441Countermeasures against malicious traffic
H04L 63/1458
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
14for detecting or protecting against malicious traffic
1441Countermeasures against malicious traffic
1458Denial of Service
Applicants
  • CITRIX SYSTEMS, INC. [US]/[US]
Inventors
  • PENNER, Andrew
  • KANEKAR, Tushar
Agents
  • MCKENNA, Christopher J.
  • PUA, Meng H.
  • WHITE, James M.
Priority Data
16/207,42303.12.2018US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) DETECTING ATTACKS USING HANDSHAKE REQUESTS SYSTEMS AND METHODS
(FR) DÉTECTION D'ATTAQUES À L'AIDE DE SYSTÈMES ET DE PROCÉDÉS DE DEMANDES D'ÉTABLISSEMENT DE LIAISON
Abstract
(EN)
Systems and methods for detecting attacks using a handshake request are provided. A plurality of devices can receive a plurality of handshake requests to establish TLS connections that include a respective application request. At least one of the plurality of handshake requests can include a first application request. The plurality of devices can record each of the respective application requests to a registry of application requests. A first device of the plurality of devices can receive a subsequent handshake request to establish a subsequent TLS connection that includes the first application request. The first device can query, prior to accepting the first application request, the registry for the first application request. The first device can determine whether to accept or reject the first application request responsive to identifying from the query that the first application request has not been or has been recorded in the registry.
(FR)
La présente invention concerne des systèmes et des procédés pour détecter des attaques à l'aide d'une demande d'établissement de liaison. Une pluralité de dispositifs peut recevoir une pluralité de demandes d'établissement de liaison pour établir des connexions TLS qui comprennent une demande d'application respective. Au moins l'une de la pluralité de demandes d'établissement de liaison peut comprendre une première demande d'application. La pluralité de dispositifs peut enregistrer chacune des demandes d'application respectives dans un registre de demandes d'application. Un premier dispositif de la pluralité de dispositifs peut recevoir une demande d'établissement de liaison ultérieure pour établir une connexion TLS ultérieure qui comprend la première demande d'application. Avant d'accepter la première demande d'application, le premier dispositif peut interroger le registre en ce qui concerne la première demande d'application. Le premier dispositif peut déterminer s'il faut accepter ou rejeter la première demande d'application en réponse à l'identification, à partir de l'interrogation, que la première demande d'application n'a pas été ou a été enregistrée dans le registre.
Also published as
Latest bibliographic data on file with the International Bureau