US2014201837A1PendingUtilityA1

Methods and systems to detect an evasion attack

52
Assignee: CISCO TECH INCPriority: Feb 3, 2006Filed: Dec 16, 2013Published: Jul 17, 2014
Est. expiryFeb 3, 2026(expired)· nominal 20-yr term from priority
H04L 63/1408H04L 63/145
52
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method and system to detect an evasion attack are provided. The system may include a repository to store signature fragments that together constitute an attack signature, an interceptor to intercept a data packet associated with a network connection, a string-matching module to determine whether the payload of the data packet includes any of the stored signature fragments thereby identifying a match, a responder to perform a prevention action in response to the match, and a detector to detect that a size of the data packet is less than a size threshold. The system may further include a state machine to commence maintaining a state for the network connection in response to the detector determining that the size of the data packet is less than the size threshold.

Claims

exact text as granted — not AI-modified
1 . An intrusion detection system, the system comprising:
 a slow path to reassemble data packets associated with a network connection; and   a fast path to:
 intercept a data packet associated with the network connection, 
 forward the data packet to its destination if the data packet is not indicative of the attack, and 
 divert the data packet to the slow path if the data packet is indicative of the attack.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.