Patent application number | Description | Published |
20090043724 | Method, System and Computer Program Product for Preventing SIP Attacks - A method for preventing session initiation protocol (SIP) attacks is provided. The method includes receiving a plurality of SIP response messages comprising at least one pre-defined SIP response code, and extracting at least one user identifier from the plurality of SIP response messages. The method further includes computing at least one of a frequency of the plurality of SIP response messages and a count of the plurality of SIP response messages corresponding to each user identifier of the at least one user identifier. The method further includes calculating a degree of attack corresponding to each user identifier using at least one of the frequency and the count. The method further includes determining a monitoring interval for each user identifier based upon the degree of attack for monitoring the plurality of SIP response messages. An apparatus and a computer program product for preventing SIP attacks are also provided. | 02-12-2009 |
20120071131 | METHOD AND SYSTEM FOR PROFILING DATA COMMUNICATION ACTIVITY OF USERS OF MOBILE DEVICES - A method for profiling data communication activity of users of mobile devices, comprises sniffing traffic flows between a mobile device and the Internet through a cellular network; extracting a plurality of traffic attributes included in the traffic flows and associated with the mobile device; logging the extracted plurality of traffic attributes; analyzing the plurality of traffic attributes for generating a user profile for a user of the mobile device based on the plurality of traffic attributes, wherein the user profile includes at least one of an advertising targeted user profile and a security targeted user profile; and sharing information and alerts related to the generated user profile with at least one external system. | 03-22-2012 |
20130139214 | MULTI DIMENSIONAL ATTACK DECISION SYSTEM AND METHOD THEREOF - A method and system for protecting a protected entity using a multi-dimensional protection surface. The method comprises detecting at least one potential attack against the protected entity in incoming data traffic directed to the protected entity; detecting a type of each attack tool committing the at least one potential attack; generating a multi-dimensional protection surface by correlating a plurality of inputs related to the at least one detected attack, wherein the plurality of inputs include at least a first input identifying the at least one detected attack and a second input identifying each attack tool that performs the at least one detected attack, wherein the protection multi-dimensional surface includes at least one protection point that defines at least one attack mitigation action to mitigate the at least one detected attack; and executing the at least one attack mitigation action defined in the multi-dimensional protection surface. | 05-30-2013 |
20130254879 | METHOD AND SYSTEM FOR DETECTING AND MITIGATING ATTACKS PERFORMED USING CRYPTOGRAPHIC PROTOCOLS - A method and security system for detecting and mitigating encrypted denial-of-service (DoS) attacks. The system includes a DoS defense (DoSD) module configured to detect an encrypted DoS attack in an inbound traffic by analyzing attributes only in the inbound traffic that relate to at least one of a network layer and an application layer, wherein the DoSD module is further configured to mitigate a detected encrypted attack, the inbound traffic originates at a client and is addressed to a protected server; and a cryptographic protocol engine (CPE) configured to establish a new encrypted session between the client and the security system, decrypt requests included in the inbound traffic, and send encrypted responses to the client over the new encrypted session between the client and the security system. | 09-26-2013 |
20130283373 | TECHNIQUES FOR SEPARATING THE PROCESSING OF CLIENTS' TRAFFIC TO DIFFERENT ZONES - A system and method for separation of traffic processing in a computing farm. The method comprises allocating a first group of computing resources of the computing farm to a trusted zone and a second group of computing resources to an un-trusted zone, wherein the computing resources in the first group are allocated to ensure at least service-level agreements (SLA) guaranteed to a group of trusted clients; determining, based on a plurality of security risk indication parameters, if a client associated with an incoming traffic is a trusted client or an un-trusted client; forwarding the incoming traffic to the second group of computing resources when the client is determined to be an un-trusted client; and diverting the incoming traffic to the first group of computing resources when the client is determined to be a trusted client, thereby ensuring at least the SLA guaranteed to the trusted client. | 10-24-2013 |
20130283374 | TECHNIQUES FOR SEPARATING THE PROCESSING OF CLIENTS' TRAFFIC TO DIFFERENT ZONES IN SOFTWARE DEFINED NETWORKS - A method and system for separation of traffic processing in a software defined network (SDN). The method comprises allocating a first group of computing resources of a computing farm to a trusted zone and a second group of computing resources to an un-trusted zone; assigning the computing resources in the first group to a first ADC and the computing resources in the second group with a second ADC; triggering a zoning mode in the computing frame to mitigate a potential cyber-attack; and causing at least one network element in the SDN to divert traffic from a trusted client to the first group of computing resources and traffic from an un-trusted client to the second group of computing resources based on a plurality of zoning rules implemented by the at least one network element. | 10-24-2013 |
20130329734 | TECHNIQUES FOR PROVIDING VALUE-ADDED SERVICES IN SDN-BASED NETWORKS - A method for providing value added services (VAS) in a software defined network (SDN). The method comprises determining which value added services and their order should be assigned to an incoming traffic; determining for each of the one or more value added services their respective servers providing the value added services and assigning a unique diversion value to each server; instructing at least one peer network element to set a diversion field in each packet in the incoming traffic with a diversion value corresponding to a server providing a first value added service of the one or more value added services; and instructing each edge network element to set the diversion field of each packet output by the server to designate a destination node for the packet, wherein the destination node is any one of the destination server and a server providing a subsequent value added service. | 12-12-2013 |
20130333029 | TECHNIQUES FOR TRAFFIC DIVERSION IN SOFTWARE DEFINED NETWORKS FOR MITIGATING DENIAL OF SERVICE ATTACKS - A method for mitigating of denial of service (DoS) attacks in a software defined network (SDN). The method comprises receiving a DoS attack indication performed against at least one destination server; programming each network element in the SDN to forward a packet based on a diversion value designated in a packet diversion field, upon reception of the DoS attack indication; instructing at least one peer network element in the SDN to mark a diversion field in each packet in the incoming traffic addressed to the destination server to allow diversion of the packet to a security server; and instructing edge network elements in the SDN to unmark the diversion field of each packet output by the security server, wherein each network element in the SDN is programmed to forward the unmarked packets processed by the security server to the at least one destination server. | 12-12-2013 |
20140283051 | SYSTEM AND METHOD THEREOF FOR MITIGATING DENIAL OF SERVICE ATTACKS IN VIRTUAL NETWORKS - A method for efficient mitigation of denial of service (DoS) attacks in a virtual network. The method maintains a security service level agreement (SLA) guaranteed to protected objects. The method comprises ascertaining that a denial of service (DoS) attack is performed in the virtual network; checking if the DoS attack affects at least one physical machine hosting at least one protected object, wherein the protected object is provisioned with at least a guaranteed security service level agreement (SLA); determining, by a central controller of the virtual network, an optimal mitigation action to ensure the at least one security SLA guaranteed to the least one protected object; and executing the determined optimal mitigation action to mitigate the DoS attack, wherein the optimal mitigation action is facilitated by means of resources of the virtual network. | 09-18-2014 |
20140373143 | METHOD AND SYSTEM FOR DETECTING AND MITIGATING ATTACKS PERFORMED USING CRYPTOGRAPHIC PROTOCOLS - A method and system for detecting and mitigating attacks performed using a cryptographic protocol are provided. The method comprises establishing an encrypted connection with the client using the cryptographic protocol, upon receiving an indication about a potential attack; receiving an inbound traffic from a client, wherein the inbound traffic is originally directed to a protected entity; analyzing application layer attributes of only the inbound traffic received on the encrypted connection to detect at least one encrypted attack; and causing to establish a new encrypted connection between the client and the protected entity, if the at least one encrypted attack at the application layer has not been detected. | 12-18-2014 |
20150089566 | ESCALATION SECURITY METHOD FOR USE IN SOFTWARE DEFINED NETWORKS - A method for performing an escalation security policy in a software defined network (SDN) includes receiving at least one attack indication performed against at least one destination server; upon determination that an attack is being performed against the at least one destination server, for each client sending traffic to the at least one destination server: determining a risk state for a user of the each client; obtaining an escalation security policy respective of the determined risk state of the user, wherein the escalation security policy defines a sequence of at least one challenge action for challenging the each client, an order and at least one condition for execution of the sequence of at least one challenge action; and causing network elements of the SDN to divert incoming traffic from the each client to security servers connected to the SDN and configured to perform the at least one challenge action. | 03-26-2015 |