METHOD OF DETECTING REMOTE ATTACKS ON AUTOMATED CONTROL SYSTEMS Russian patent published in 2017 - IPC G06F12/14 

FIELD: radio engineering, communication.

SUBSTANCE: in the method, the initial graph of the communication network is formed, reflecting the topology and structure of the communication network, the set of N reference packets is stored, the log of the processed traffic is created on each routing node of the specified network, and when the k-th message packet passes its header is stored in the log, check the incoming data packets for compliance with the specified rules and in accordance with them make a conclusion about the presence of an attack, record the time of its detection and send a formalized request to all nodes of the network, the comparison operation on the routing nodes of the information from the logs with the received query is obtained, a formalized response is received from the routing nodes, a variational series of the packet transit times with the detected attack attributes and the corresponding route of malicious traffic through the network are constructed, the first node of the variational series is identified as a node, the subscriber of which is the source of a remote attack.

EFFECT: increase the reliability of detection of the source of remote computer attacks.

5 dwg