Direct host access to storage device memory space
US-2021124692-A1 · Apr 29, 2021 · US
Anamoly detection system for peripheral component interconnect express
US12034749B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12034749-B2 |
| Application number | US-202117408942-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 23, 2021 |
| Priority date | Aug 23, 2021 |
| Publication date | Jul 9, 2024 |
| Grant date | Jul 9, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A traffic anomaly detector of a Peripheral Component Interconnect express (PCIe) system, including filters configured to filter headers of PCIe transaction layer packets (TLPs) based on respective filter criterion; a classifier configured to trigger an event based on one of the filter criterion or a logical combination of a plurality of the filter criteria; an event counter configured to count a number of the events; and a processor configured to detect, based on a value of the event counter, an anomaly in the PCIe TLP traffic.
First claim
Opening claim text (preview).
What is claimed is: 1. A traffic anomaly detector of a Peripheral Component Interconnect express (PCIe) system, comprising: filters configured to filter headers of PCIe transaction layer packets (TLPs) based on respective filter criterion; a classifier configured to trigger an event based on one of the filter criterion or a logical combination of a plurality of the filter criteria; an event counter configured to count a number of the events; and a processor configured to detect, based on a value of the event counter, an anomaly in the PCIe TLP traffic. 2. The traffic anomaly detector of claim 1 , wherein the classifier is configured to trigger the event based a logical combination of the plurality of filter criteria. 3. The traffic anomaly detector of claim 1 , wherein one of the filters is configured to filter a type field or a format field such that only memory TLPs result in a trigger. 4. The traffic anomaly detector of claim 1 , wherein the respective filter criterion are selected from the group of fields consisting of type, address, length, and format. 5. The traffic anomaly detector of claim 1 , wherein if a traffic anomaly is detected, the processor is further configured to initiate a countermeasure. 6. A PCIe controller, comprising: the traffic anomaly detector of claim 1 . 7. The traffic anomaly detector of claim 1 , further comprising: a read counter; a push controller; and a trigger controller configured to trigger the push controller to push the value of the event counter from the event counter to the read counter. 8. The traffic anomaly detector of claim 7 , wherein the trigger controller is configured to trigger the push controller to push the value of the event counter from the event counter to the read counter based on time, software control, and/or when the value of the event counter exceeds a threshold. 9. The traffic anomaly detector of claim 1 , wherein the classifier is configured to trigger a plurality of events, each of the events based on one of the filter criterion or a logical combination of a plurality of the filter criteria. 10. The traffic anomaly detector of claim 9 , further comprising: a plurality of event counters corresponding with the plurality of events; a plurality of read counters corresponding with the respective plurality of event counters; and a trigger controller configured to trigger a push controller to push values of the plurality of event counters from the plurality of event counters to the respective plurality of read counters simultaneously. 11. The traffic anomaly detector of claim 1 , further comprising: a trigger controller configured to read the value of the event counter. 12. The traffic anomaly detector of claim 11 , wherein the trigger controller is further configured to trigger a reset controller to reset the event counter. 13. The traffic anomaly detector of claim 11 , wherein the trigger controller comprises a timer, and the trigger controller is further configured to notify a monitor of the value of the event counter periodically. 14. The traffic anomaly detector of claim 11 , wherein the trigger controller is further configured to notify a monitor when the value of the event counter exceeds a threshold. 15. The traffic anomaly detector of claim 14 , wherein the trigger controller is further configured to trigger the reset controller to reset the event counter based on time, software control, or if the value of the event counter exceeds a threshold. 16. A method of detecting a traffic anomaly in a Peripheral Component Interconnect express (PCIe) system, comprising: filtering, by filters, headers of PCIe transaction layer packets (TLPs) based on respective filter criterion; triggering, by a classifier, an event based on one of the filter criterion or a logical combination of a plurality of the filter criteria; counting, by an event counter, a number of the events; and detecting, by a processor based on a value of the event counter, an anomaly in the PCIe TLP traffic. 17. The method of claim 16 , triggering, by the classifier, the event based a logical combination of the plurality of filter criteria. 18. The method of claim 16 , further comprising: periodically notifying, by a trigger controller, a monitor of the value of the event counter. 19. The method of claim 16 , further comprising: reading, by a trigger controller, the value of the event counter; and notifying a monitor if the value of the event counter exceeds a threshold. 20. The method of claim 16 , further comprising: initiating, by the processor, a countermeasure if a traffic anomaly is detected.
Assignees
Inventors
Classifications
Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks · CPC title
- G06F13/4221Primary
being an input/output bus, e.g. ISA bus, EISA bus, PCI bus, SCSI bus · CPC title
at the transport layer · CPC title
PCI express · CPC title
Event detection, e.g. attack signature detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12034749B2 cover?
- A traffic anomaly detector of a Peripheral Component Interconnect express (PCIe) system, including filters configured to filter headers of PCIe transaction layer packets (TLPs) based on respective filter criterion; a classifier configured to trigger an event based on one of the filter criterion or a logical combination of a plurality of the filter criteria; an event counter configured to count …
- Who is the assignee on this patent?
- Infineon Technologies Ag
- What technology area does this patent fall under?
- Primary CPC classification G06F13/4221. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jul 09 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).