PL3654606T3 - Sposób i system oczyszczania pakietów danych do przesiewania pakietów danych odbieranych w infrastrukturze usługowej - Google Patents

Sposób i system oczyszczania pakietów danych do przesiewania pakietów danych odbieranych w infrastrukturze usługowej

Info

Publication number
PL3654606T3
PL3654606T3 PL18315043T PL18315043T PL3654606T3 PL 3654606 T3 PL3654606 T3 PL 3654606T3 PL 18315043 T PL18315043 T PL 18315043T PL 18315043 T PL18315043 T PL 18315043T PL 3654606 T3 PL3654606 T3 PL 3654606T3
Authority
PL
Poland
Prior art keywords
data packages
service infrastructure
received
cleaning
screening
Prior art date
Application number
PL18315043T
Other languages
English (en)
Inventor
Aurélien Dudouit
Original Assignee
Ovh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ovh filed Critical Ovh
Publication of PL3654606T3 publication Critical patent/PL3654606T3/pl

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/70Routing based on monitoring results
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/32Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/141Denial of service attacks against endpoints in a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
PL18315043T 2018-11-15 2018-11-15 Sposób i system oczyszczania pakietów danych do przesiewania pakietów danych odbieranych w infrastrukturze usługowej PL3654606T3 (pl)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP18315043.2A EP3654606B1 (en) 2018-11-15 2018-11-15 Method and data packet cleaning system for screening data packets received at a service infrastructure

Publications (1)

Publication Number Publication Date
PL3654606T3 true PL3654606T3 (pl) 2022-04-04

Family

ID=65199280

Family Applications (1)

Application Number Title Priority Date Filing Date
PL18315043T PL3654606T3 (pl) 2018-11-15 2018-11-15 Sposób i system oczyszczania pakietów danych do przesiewania pakietów danych odbieranych w infrastrukturze usługowej

Country Status (5)

Country Link
US (1) US11411986B2 (pl)
EP (1) EP3654606B1 (pl)
CN (1) CN111193594B (pl)
DK (1) DK3654606T3 (pl)
PL (1) PL3654606T3 (pl)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110768975B (zh) * 2019-10-21 2022-05-31 杭州迪普科技股份有限公司 流量清洗方法、装置、电子设备及机器可读存储介质
CN112019575B (zh) * 2020-10-22 2021-01-29 腾讯科技(深圳)有限公司 数据包处理方法、装置、计算机设备以及存储介质
CN112019574B (zh) * 2020-10-22 2021-01-29 腾讯科技(深圳)有限公司 异常网络数据检测方法、装置、计算机设备和存储介质
WO2022228647A1 (en) * 2021-04-26 2022-11-03 Huawei Cloud Computing Technologies Co., Ltd. Method and enforcement unit for supervising connections in a computer network
CN113641874B (zh) * 2021-07-21 2024-12-10 中国第一汽车股份有限公司 一种数据采集处理系统及数据采集处理方法
KR102594137B1 (ko) * 2021-11-17 2023-10-26 주식회사 윈스 DDoS 공격 탐지 방법 및 장치
CN117134918B (zh) * 2023-07-20 2024-09-24 威艾特科技(深圳)有限公司 一种分布式数据签名校验方法及装置
WO2025071938A1 (en) * 2023-09-28 2025-04-03 Microsoft Technology Licensing, Llc User datagram protocol firewall
GB202314936D0 (en) * 2023-09-28 2023-11-15 Microsoft Technology Licensing Llc User datagram protocol firewall

Family Cites Families (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7512980B2 (en) 2001-11-30 2009-03-31 Lancope, Inc. Packet sampling flow-based detection of network intrusions
US7222366B2 (en) 2002-01-28 2007-05-22 International Business Machines Corporation Intrusion event filtering
US7596807B2 (en) * 2003-07-03 2009-09-29 Arbor Networks, Inc. Method and system for reducing scope of self-propagating attack code in network
GB0402739D0 (en) 2004-02-09 2004-03-10 Saviso Group Ltd Methods and apparatus for routing in a network
US7609625B2 (en) 2005-07-06 2009-10-27 Fortinet, Inc. Systems and methods for detecting and preventing flooding attacks in a network environment
US20080127324A1 (en) 2006-11-24 2008-05-29 Electronics And Telecommunications Research Institute DDoS FLOODING ATTACK RESPONSE APPROACH USING DETERMINISTIC PUSH BACK METHOD
US8065729B2 (en) 2006-12-01 2011-11-22 Electronics And Telecommunications Research Institute Method and apparatus for generating network attack signature
US8020207B2 (en) 2007-01-23 2011-09-13 Alcatel Lucent Containment mechanism for potentially contaminated end systems
US8374102B2 (en) * 2007-10-02 2013-02-12 Tellabs Communications Canada, Ltd. Intelligent collection and management of flow statistics
US8813221B1 (en) * 2008-09-25 2014-08-19 Sonicwall, Inc. Reassembly-free deep packet inspection on multi-core hardware
US8677473B2 (en) * 2008-11-18 2014-03-18 International Business Machines Corporation Network intrusion protection
US8336098B2 (en) * 2009-03-25 2012-12-18 Sysmate Co., Ltd. Method and apparatus for classifying harmful packet
US8614955B2 (en) * 2009-09-22 2013-12-24 Ixia Misdirected packet detection apparatus and method
US20110153811A1 (en) 2009-12-18 2011-06-23 Hyun Cheol Jeong System and method for modeling activity patterns of network traffic to detect botnets
US9094288B1 (en) 2011-10-26 2015-07-28 Narus, Inc. Automated discovery, attribution, analysis, and risk assessment of security threats
US8681794B2 (en) * 2011-11-30 2014-03-25 Broadcom Corporation System and method for efficient matching of regular expression patterns across multiple packets
BR112015002323A2 (pt) * 2012-07-31 2017-07-04 Hewlett Packard Development Co sistema de processamento de tráfego de rede
US8856924B2 (en) 2012-08-07 2014-10-07 Cloudflare, Inc. Mitigating a denial-of-service attack in a cloud-based proxy service
KR20140088340A (ko) 2013-01-02 2014-07-10 한국전자통신연구원 오픈플로우 스위치에서의 디도스 공격 처리 장치 및 방법
US9430646B1 (en) 2013-03-14 2016-08-30 Fireeye, Inc. Distributed systems and methods for automatically detecting unknown bots and botnets
US9276955B1 (en) 2014-09-17 2016-03-01 Fortinet, Inc. Hardware-logic based flow collector for distributed denial of service (DDoS) attack mitigation
US10116692B2 (en) 2015-09-04 2018-10-30 Arbor Networks, Inc. Scalable DDoS protection of SSL-encrypted services
US9930057B2 (en) * 2015-10-05 2018-03-27 Cisco Technology, Inc. Dynamic deep packet inspection for anomaly detection
US10038715B1 (en) * 2017-08-01 2018-07-31 Cloudflare, Inc. Identifying and mitigating denial of service (DoS) attacks
US20190052553A1 (en) * 2018-02-27 2019-02-14 Intel Corporation Architectures and methods for deep packet inspection using alphabet and bitmap-based compression

Also Published As

Publication number Publication date
CN111193594B (zh) 2022-10-21
US20200162507A1 (en) 2020-05-21
DK3654606T3 (da) 2022-02-14
CN111193594A (zh) 2020-05-22
US11411986B2 (en) 2022-08-09
EP3654606A1 (en) 2020-05-20
EP3654606B1 (en) 2022-01-05

Similar Documents

Publication Publication Date Title
PL3654606T3 (pl) Sposób i system oczyszczania pakietów danych do przesiewania pakietów danych odbieranych w infrastrukturze usługowej
EP3799392A4 (en) PROCESS FOR OBTAINING SERVICE DATA AND CONVERGED CDN SYSTEM
EP3821586A4 (en) SYSTEMS AND PROCEDURES FOR SECURE DEPOSIT SERVICE
EP4192119C0 (en) METHODS AND APPARATUS FOR DISCOVERING SERVICES
EP4002921C0 (en) METHOD FOR IMPLEMENTING SERVICE CONTINUITY, DEVICE AND SYSTEM FOR IMPLEMENTING SERVICE CONTINUITY
EP3755644A4 (en) BEVERAGE DISTRIBUTION SYSTEMS AND PROCESSES
PT3823207T (pt) Método, aparelho, e sistema para processamento de recursos
EP3694274A4 (en) PROCESS AND APPARATUS FOR TRANSMISSION OF SERVICE DATA
EP3855702A4 (en) BLOCKCHAIN-BASED SERVICE PROCESSING PROCESS AND SYSTEM
PL3399909T3 (pl) Sposób i system do określania połączeń sieci
PL3672199T3 (pl) Sposób, aparat i system do wdrażania aplikacji
PL3792725T3 (pl) Sposób i urządzenie do zgłaszania informacji o trasie lotu oraz sposób i urządzenie do określania informacji
SG11202007691SA (en) Blockchain-based consent management system and method
GB201821278D0 (en) Drone-based cleaning method and system
EP3770841A4 (en) DEMAND PREDICTION SYSTEM AND METHOD
EP4052232C0 (en) METHODS, SYSTEMS AND APPARATUS FOR IMAGE SEGMENTATION
EP3899819C0 (en) SYSTEM AND METHOD FOR REAL-TIME WIKI KNOWLEDGE RESOURCES
EP3848889A4 (en) INFORMATION PROCESSING PROCESS AND SYSTEM
EP4075293A4 (en) METHOD AND DEVICE FOR ACCESSING BLOCKCHAIN CROSS-CHAIN DATA, ADAPTER AND SYSTEM
EP4049241A4 (en) METHODS AND SYSTEMS FOR INFORMATION SHEET ANALYSIS
IL253874A0 (en) Fault test woofer returns everything and review systems and methods
NO20201272A1 (en) System and method for cybersecurity framework among network devices
EP3618374A4 (en) METHODS, DEVICES, APPARATUSES AND SYSTEM FOR DATA TRANSMISSION
EP3724708A4 (en) SYSTEMS, DEVICES AND METHODS FOR SIMULTANEOUS IMAGING OF MULTIPLE LEVELS
IL276384B (en) System, device and method for reconditioning a substrate support