Malicious Encrypted Traffic Inhibitor

  • Published: Sep 3, 2015
  • Earliest Priority: Feb 28 2014
  • Family: 5
  • Cited Works: 3
  • Cited by: 3
  • Cites: 4
  • Additional Info: Cited Works Full text
Abstract

A malicious encrypted traffic inhibitor connected to a computer network, the inhibitor comprising: a Shannon entropy estimator; an entropy comparator; a store storing a reference measure of Shannon entropy of a portion of network traffic of a malicious encrypted network connection, wherein the estimator is adapted to estimate a measure of entropy for a corresponding portion of network traffic communicated over the computer network, and the entropy comparator is adapted to compare the estimated measure of entropy with the reference measure so as to determine if malicious encrypted network traffic is communicated over the network connection, the inhibitor further comprising: a connection characteristic extractor; an encrypted payload data extractor; a message generator wherein the connection characteristic extractor is adapted to extract connection characteristics from network traffic for the network connection, the connection characteristics including information for communicating with an endpoint of the network connection, the encrypted payload data extractor is adapted to extract a sample of encrypted payload data from network traffic for the monitored network connection, and the message generator is adapted to generate a plurality of messages for transmission to the endpoint, each of the messages being characterised by the connection characteristics and including a payload derived from the sample of encrypted payload data so as to overwhelm the endpoint with messages plausibly relating to the monitored network connection in order that the endpoint substantially ceases to engage in malicious network communication with another endpoint.


Claims
Download PDF
Document Preview
Document History
  • Publication: Sep 3, 2015
  • Application: Feb 17, 2015
    WO GB 2015050444 W
  • Priority: Feb 28, 2014
    EP EP 14250032 A

Download Citation


Sign in to the Lens

Feedback