The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Aug. 04, 2020
Filed:
Aug. 23, 2018
Microsoft Technology Licensing, Llc, Redmond, WA (US);
Navendu Jain, Seattle, WA (US);
Ang Chen, Philadelphia, PA (US);
MICROSOFT TECHNOLOGY LICENSING, LLC, Redmond, WA (US);
Abstract
Embodiments relate to detecting and mitigating network intrusions. Packets are inspected at their source/destination hosts to identify packet trends local to the hosts. The local packet trends are combined to identify network-wide packet trends. The network-wide packet trends are used to detect anomalies or attacks, which in turn informs mitigation actions. The local inspection may be performed by reconfigurable/reprogrammable 'smart' network interfaces (NICs) at each of the hosts. Local inspection involves identifying potentially suspect packet features based on statistical prevalence of recurring commonalities among the packets; pre-defined threat patterns are not required. For network-wide coherence, each host/NIC uses the same packet-identifying and occurrence-measuring algorithms. An overlay or control server collects and combines the local occurrence-measures to derive the network-wide occurrence-measures. The network-wide occurrences can be used to automatically detect and mitigate completely new types of attack packets.