Patent
Method and apparatus for detecting a distributed denial of service attack
Aiguo Fei,Kai Sun,Fengmin Gong +2 more
- 13 Jun 2002
40
TL;DR: In this paper, a method of identifying a distributed denial of service attack is described in which a rate profile is determined, where the rate profile corresponds to information transfer rates at which information is received from a network.
read more
Abstract: A method of identifying a distributed denial of service attack is described in which a rate profile is determined, where the rate profile corresponds to information transfer rates at which information is received from a network. A burst magnitude threshold based on this rate profile is then established. A burst duration profile characterizing periods of time during which the information transfer rate exceeds this burst magnitude threshold is also calculated, and a burst duration threshold is then defined based upon this burst duration profile. A distributed denial of service attack is identified when the information transfer rate exceeds the burst magnitude threshold for a period of time exceeding the burst duration threshold.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Patent
Location enrichment in enterprise threat detection
Marco Rodeck,Harish Mehta,Hartwig Seifert,Thomas Kunz,Eugen Pritzkau,Wei-Guo Peng,Lin Luo,Rita Merkel,Florian Chrosziel,Jona Hassforther,Thorsten Menke +10 more
- 31 Aug 2016
TL;DR: In this article, a smart data streaming engine (SDS) is used to extract subnet information and location information from a database, and a particular subnet of the subnet is associated with a particular location of the location information by a globally unique location ID value.
14
Patent
Anomaly detection in enterprise threat detection
Jona Hassforther,Jens Baumgart,Thorsten Menke,Volker Guzman,Florian Kraemer,Anne Jacobi,Thanh-Phong Lam,Omar-Alexander Al-Hujaj,Kathrin Nos +8 more
- 16 Dec 2016
TL;DR: In this paper, a selection of data types is defined from available log data for an evaluation of events associated with an entity, one or more evaluations associated with the entity are defined and reference data is generated from the selection of the data types based on the defined evaluations.
14
Patent
Providing semantic connectivity between a java application server and enterprise threat detection system using a J2EE data
Thanh-Phong Lam,Jens Baumgart,Florian Kraemer,Volker Guzman,Anne Jacobi,Kathrin Nos,Jona Hassforther,Omar-Alexander Al-Hujaj,Stefan Rossmanith,Thorsten Menke +9 more
- 15 Dec 2016
TL;DR: In this paper, a log processing job executing on a log producing computing system is initiated for processing log data associated with the log-processing computing system and a recovery point is stored with a recovery timestamp indicating a next log entry in the log data to process.
13
Patent
Real-time push API for log events in enterprise threat detection
Florian Chrosziel,Thomas Kunz,Kathrin Nos,Marco Rodeck +3 more
- 23 Sep 2016
TL;DR: In this paper, a log entry is received at a streaming component of an enterprise threat detection (ETD) system from a real-time push application programming interface (API) associated with a backend computing system.
13
Patent
Snapshot of a forensic investigation for enterprise threat detection
Florian Chrosziel,Jona Hassforther,Thomas Kunz,Harish Mehta,Rita Merkel,Kathrin Nos,Wei-Guo Peng,Eugen Pritzkau,Marco Rodeck,Hartwig Seifert,Nan Zhang,Thorsten Menke,Hristina Dinkova,Lin Luo +13 more
- 23 Sep 2016
TL;DR: An enterprise threat detection (ETD) forensic workspace is established according to a particular timeframe and permitting defining a selection of data types from available log data for an evaluation of events associated with one or more entities as discussed by the authors.
13
References
Practical network support for IP traceback
Stefan Savage,David Wetherall,Anna R. Karlin,Thomas Anderson +3 more
- 28 Aug 2000
TL;DR: A general purpose traceback mechanism based on probabilistic packet marking in the network that allows a victim to identify the network path(s) traversed by attack traffic without requiring interactive operational support from Internet Service Providers (ISPs).
A secure and reliable bootstrap architecture
William A. Arbaugh,D.J. Farber,Jonathan M. Smith +2 more
- 04 May 1997
TL;DR: The AEGIS architecture for initializing a computer system validates integrity at each layer transition in the bootstrap process, and it is shown how this results in robust systems.
Advanced and authenticated marking schemes for IP traceback
Dawn Song,Adrian Perrig +1 more
- 22 Apr 2001
TL;DR: Two new schemes are presented, the advanced marking scheme and the authenticated marking scheme, which allow the victim to trace-back the approximate origin of spoofed IP packets and provide efficient authentication of routers' markings such that even a compromised router cannot forge or tamper markings from other uncompromised routers.
Patent
Firewall providing enhanced network security and user transparency
Ralph Wesinger,Christopher Coley +1 more
- 06 Nov 2003
TL;DR: In this paper, the authors proposed a firewall that achieves maximum network security and maximum user convenience by employing envoys that exhibit the security robustness of prior-art proxies and the transparency and ease-of-use of packet filters, combining the best of both worlds.
751
Patent
System and method for attaching a downloadable security profile to a downloadable
Shlomo Touboul,Nachshon Gal +1 more
- 16 Dec 1998
TL;DR: In this article, the authors propose a system consisting of an inspector and a protection engine, which includes a content inspection engine that uses a set of rules to generate a Downloadable security profile corresponding to a downloadable, e.g., Java applets, ActiveX controls, JavaScript scripts, or Visual Basic scripts.
432