Detecting volumetric attacks
US-2017359372-A1 · Dec 14, 2017 · US
Device and method for detecting attack in network
US11057400B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11057400-B2 |
| Application number | US-201816001754-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 6, 2018 |
| Priority date | Jun 29, 2017 |
| Publication date | Jul 6, 2021 |
| Grant date | Jul 6, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An attack detection device includes: a receiver configured to receive messages that are periodically transmitted from a communication device in a network; and a processor. The processor predicts a number of messages to be received by the receiver in a specified monitor range based on a transmission cycle of the messages so as to generate a predicted value. The processor counts a number of messages received by the receiver in the specified monitor range so as to generate a count value. The processor detects an attack in the network according to a result of a comparison between the predicted value and the count value.
First claim
Opening claim text (preview).
What is claimed is: 1. An attack detection device comprising: a receiver configured to receive messages that are periodically transmitted from a communication device in a network; and a processor configured to predict a number of messages to be received by the receiver in a specified monitor range based on a transmission cycle of the messages so as to generate a predicted value, count a number of messages received by the receiver in the specified monitor range so as to generate a count value, reset the count value and the predicted value when the count value is greater than or equal to a specified threshold; and detect an attack in the network according to a result of a comparison between the predicted value and the count value, wherein the processor updates the count value to zero and updates the predicted value to a value obtained by subtracting the count value from the predicted value in a process of resetting the count value and the predicted value. 2. The attack detection device according to claim 1 , wherein the processor decides that the network has been attacked when the count value is greater than the predicted value. 3. The attack detection device according to claim 1 , wherein the processor resets the count value and the predicted value when the count value is greater than or equal to the threshold and a time at which a message is received by the receiver is within an acceptable range that is determined for a target reception time. 4. The attack detection device according to claim 1 , wherein the processor resets the count value and the predicted value when the count value is greater than or equal to the threshold and a difference between the reception times of two consecutive messages received by the receiver is within an acceptable range that is determined with respect to the transmission cycle. 5. The attack detection device according to claim 1 , wherein when a difference between the predicted value and the count value is not zero over a period of time in which the receiver receives a specified number of messages, the processor updates both the count value and the predicted value to zero in the process of resetting the count value and the predicted value. 6. The attack detection device according to claim 1 , wherein when a difference between the predicted value and the count value is a constant value other than zero over a period of time in which the receiver receives a specified number of messages, the processor updates both the count value and the predicted value to zero in the process of resetting the count value and the predicted value. 7. The attack detection device according to claim 1 , wherein when a difference between reception times of two consecutive messages received by the receiver is within an acceptable range that is determined with respect to the transmission cycle over a period of time in which the receiver receives a specified number of messages, the processor updates both the count value and the predicted value to zero in the process of resetting the count value and the predicted value. 8. An attack detection method comprising: receiving, using a receiver, messages that are periodically transmitted from a communication device in a network; predicting a number of messages to be received by the receiver in a specified monitor range based on a transmission cycle of the messages so as to generate a predicted value; counting a number of messages received by the receiver in the specified monitor range so as to generate a count value; resetting the count value and the predicted value when the count value is greater than or equal to a specified threshold; and detecting an attack in the network according to a result of a comparison between the predicted value and the count value, wherein the count value is updated to zero and the predicted value is updated to a value obtained by subtracting the count value from the predicted value in a process of resetting the count value and the predicted value. 9. A non-transitory computer-readable recording medium having stored therein a program for causing a processor to execute an attack detection process, the processor being implemented in an attack detection device, the attack detection device including a receiver, the attack detection device being connected to a network in which messages are periodically transmitted from a communication device, the attack detection process comprising: predicting a number of messages to be received by the receiver in a specified monitor range based on a transmission cycle of the messages so as to generate a predicted value; counting a number of messages received by the receiver in the specified monitor range so as to generate a count value; resetting the count value and the predicted value when the count value is greater than or equal to a specified threshold; and detecting an attack in the network according to a result of a comparison between the predicted value and the count value, wherein the count value is updated to zero and the predicted value is updated to a value obtained by subtracting the count value from the predicted value in a process of resetting the count value and the predicted value.
Assignees
Inventors
Classifications
Traffic logging, e.g. anomaly detection · CPC title
when the policy decisions are valid for a limited amount of time · CPC title
Timestamp · CPC title
- H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11057400B2 cover?
- An attack detection device includes: a receiver configured to receive messages that are periodically transmitted from a communication device in a network; and a processor. The processor predicts a number of messages to be received by the receiver in a specified monitor range based on a transmission cycle of the messages so as to generate a predicted value. The processor counts a number of messa…
- Who is the assignee on this patent?
- Fujitsu Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1416. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 06 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).