| CPC H04L 63/1466 (2013.01) [H04L 63/1433 (2013.01)] | 17 Claims |
|
1. A method for detection and mitigation of software attacks exploiting a zero-day vulnerability against a computer server, the method comprising:
by at least one processor, detecting an occurrence of an initial stage of an attack pattern definition by detecting at least one initial identifier associated with the initial stage within an activity log of the computer server, the at least one initial identifier indicating an attempt to extract a predetermined type of information on the computer server;
by the at least one processor, responsive to the detection of the initial stage, commencing a search window having a predetermined time duration;
by the at least one processor, detecting an occurrence of a subsequent stage of the attack pattern definition by detecting at least one subsequent identifier associated with the subsequent stage within the activity log of the computer server prior to an elapsing of the search window, the at least one subsequent identifier indicating an attempt to perform remote code execution on the computer server;
by the at least one processor, responsive to the detection of the initial stage and the subsequent stage, identifying a source of network activity associated with the detected at least one initial identifier and at least one subsequent identifier; and
by the at least one processor, performing a security response associated with the identified source of network activity to thereby mitigate exploitation of the zero-day vulnerability against the computer server.
|