Patent number 8566936 is assigned to
The following quote was obtained by the news editors from the background information supplied by the inventors: "A significant problem facing the Internet community is that on-line businesses and organizations are vulnerable to malicious attacks. Recently, attacks have been committed using a wide arsenal of attack techniques and tools targeting both the information maintained by the on-line businesses and their IT infrastructure. For example, recently identified attacks were committed using a combination of attack techniques at the network and application levels. In most cases, various attacks have been executed simultaneously in order to conduct a successful attack campaign against the target. Attackers use different tools to execute different attack techniques. Each such attack tool is designed to exploit weaknesses identified in one of the target's defense layers.
"The scale of recent attacks has also been increased to include a multitude number of infected machines and groups of organized attackers who take part in a coordinated attack campaign. Thus, it has become a significant challenge to secure online businesses and organizations against targeted attack campaigns.
"There are many different security systems designed to identify and mitigate attacks. However, typically each solution is designed to protect a single layer of the protected entity. For example, anti-virus programs may protect attacks in the form of viruses, worms, and/or Trojan horses. However, anti-virus programs cannot be efficient against network type attacks, such as denial-of-service (DoS), system intrusions, and the like which are typically handled by firewalls, intrusion prevention systems (IPS), or network appliances.
"Most security systems detect attacks based on predefined patterns. The pattern may be related to the attack (e.g., a signature), to the behavior of the protected entity (e.g., a normal request rate, incoming and outgoing traffic attributes, etc.), and/or the behavior of the attack tool. Typically, a security system is configured with one or more policies that define a detection attack pattern and a mitigation action to be performed once a potential attack has been identified. For example, an attack pattern for detecting a DoS attack may be based on an average packet rate of an incoming traffic, while the mitigation action would be to drop incoming packets.
"The disadvantage of this approach is that the security systems are limited to a 'one dimensional' policy or attack rule. That is, currently available security systems, in most cases, take into consideration only the detection attack pattern without correlation to other inputs that can be utilized for better detection. Some security solutions consider attack patterns of the normal behavior of the protected entity (e.g., a web application, a server) and to the properties of the attacks. However, the major drawback of existing security solutions is that the detection and mitigation of attacks is not based on the attack tools that generated the attack and their operational limitations (weaknesses). As a result, existing security solutions do not provide any means for executing mitigation actions against the attack tools that generated the attack to exploit the operational limitations of such tools.
Most Popular Stories
- Bipartisan Budget Deal Gets Key Support in House
- Bitcoin Clones Lurch Onto Financial Scene
- Clinton to Keynote Annual Simmons Leadership Conference
- GM to Stop Making Autos in Australia
- Selena Gomez, Shakira Among Top Hispanic Searches
- PhD Project Grooms Business Profs
- How Bitcoin and Other Cryptocurrencies Work
- It's Primary Time in Texas
- How to Survive a Subzero Stranding
- Pacific Trade Pact Delay Hinders U.S. Pivot to Asia