WO2024141796 - TECHNIQUES FOR GENERATING APPLICATION-LAYER SIGNATURES CHARACTERIZING ADVANCED APPLICATION-LAYER FLOOD ATTACK TOOLS
National phase entry:
Publication Number
WO/2024/141796
Publication Date
04.07.2024
International Application No.
PCT/IB2023/051910
International Filing Date
01.03.2023
Title **
[English]
TECHNIQUES FOR GENERATING APPLICATION-LAYER SIGNATURES CHARACTERIZING ADVANCED APPLICATION-LAYER FLOOD ATTACK TOOLS
[French]
TECHNIQUES DE GÉNÉRATION DE SIGNATURES DE COUCHE D'APPLICATION CARACTÉRISANT DES OUTILS D'ATTAQUE PAR INONDATION DE COUCHE D'APPLICATION AVANCÉE
Applicants **
RADWARE LTD.
Inventors
DORON, Ehud
TAMIR, Alon
AVIV, David
Priority Data
63/477,522
28.12.2022
US
Application details
| Total Number of Claims/PCT | * |
| Number of Independent Claims | * |
| Number of Priorities | * |
| Number of Multi-Dependent Claims | * |
| Number of Drawings | * |
| Pages for Publication | * |
| Number of Pages with Drawings | * |
| Pages of Specification | * |
| * | |
| Number of Office Actions | * |
| * | |
International Searching Authority |
ILPO
* |
| Recordal of a Change of the Applicant's Name/Address |
Change of Applicant's Name and Address
* |
| Type of Assignment |
The Standard Agent's Assignment
* |
| Applicant's Legal Status |
Legal Entity
* |
| * | |
| * | |
| * | |
| * | |
| * | |
| Entry into National Phase under |
Chapter I
* |
| Patent Delivery |
Send the Letters Patent by Courier
* |
| Translation |
|
* The data is based on automatic recognition. Please verify and amend if necessary.
** IP-Coster compiles data from publicly available sources. If this data includes your personal information, you can contact us to request its removal.
Quotation for National Phase entry
| Country | Stages | Total | |
|---|---|---|---|
| China | Filing, Examination, Granting | 3100 | |
| EPO | Filing, Examination, Granting | 27990 | |
| Japan | Filing, Examination, Granting | 3164 | |
| South Korea | Filing, Examination, Granting | 4037 | |
| USA | Filing, Examination, Granting | 9740 |
Total:
48,031
The term for entry into the National Phase has expired. This quotation is for informational purposes only
Abstract[English]
The various disclosed embodiments include a method and system for generating application-layer signatures characterizing advanced application-layer attacks are provided. The method includes determining applicative baseline distributions of attributes included in transactions directed to a protected entity during peacetime; determining attack distributions of applicative attributes included in transactions directed to a protected entity during an on-going application-layer attack; determining, based on the applicative baseline distributions and the attack distributions of applicative attributes, a probability of an attacker executing the on-going application-layer attack to generate an attack using at least one attribute; and generating an application-layer signature designating applicative attributes determined to be eligible based on their respective probabilities, wherein the application-layer signature characterizes behavior of the attacker executing the on-going application-layer attack.[French]
Les divers modes de réalisation divulgués comprennent un procédé et un système de génération de signatures de couche d'application caractérisant des attaques de couche d'application avancée. Le procédé consiste à : déterminer des distributions de référence applicatives d'attributs inclus dans des transactions dirigées vers une entité protégée pendant une durée de fonctionnement normale; déterminer des distributions d'attaque d'attributs applicatifs inclus dans des transactions dirigées vers une entité protégée pendant une attaque de couche d'application en cours; déterminer, sur la base des distributions de référence applicatives et des distributions d'attaque d'attributs applicatifs, une probabilité qu'un attaquant exécute l'attaque de couche d'application en cours pour générer une attaque à l'aide d'au moins un attribut; et générer une signature de couche d'application désignant des attributs applicatifs déterminés comme étant éligibles sur la base de leurs probabilités respectives, la signature de couche d'application caractérisant le comportement de l'attaquant exécutant l'attaque de couche d'application en cours.