METHOD OF DETECTING UNAUTHORIZED USE OF NETWORK DEVICES OF LIMITED FUNCTIONALITY FROM A LOCAL NETWORK AND PREVENTING DISTRIBUTED NETWORK ATTACKS FROM THEM Russian patent published in 2019 - IPC H04L29/06 

FIELD: computer engineering.

SUBSTANCE: invention relates to computer engineering. Method of detecting unauthorized use of network devices of limited functionality and prevention of distributed attacks consists in the fact that reduced functionality devices send a message-protected message containing a network address to the gateway analysis module when detecting intrinsic abnormal activity; in analysis module checking whether messages are authentic; calculating a parameter characterizing the relationship between authentic messages; checking in the analysis module the performance of the condition of unauthorized use of devices of limited functionality, and if the condition is met, then forming a list of network addresses of devices of limited functionality, for which there is a conclusion on their unauthorized use, requesting gateway network traffic listed in the list of devices, analyzing network activity listed in the list of devices for signs of outgoing distributed attack, in case of detection, rules of filtering network traffic are formed, filtering rules are applied in gateway, preventing coordinated distributed network attack on the side of network devices of limited functionality until conditions of unauthorized use of devices are fulfilled in gateway analysis module.

EFFECT: detection of unauthorized use of network devices of limited functionality from a local network and prevention of distributed network attacks on network nodes in a global network directly in the attack source.

10 cl