| CPC H04L 63/1416 (2013.01) [H04J 3/0667 (2013.01); H04L 63/145 (2013.01); H04L 63/1475 (2013.01)] | 24 Claims |
|
1. An apparatus, comprising:
a processing circuitry;
a memory coupled to the processing circuitry, the memory to store instructions that when executed by the processing circuitry causes the processing circuitry to:
establish a data stream between a first device and a second device in a network domain, the network domain comprising a plurality of switching nodes;
receive messages from the first device by the second device in the network domain, the messages to comprise time information to synchronize a first clock for the first device and a second clock for the second device to a network time for the network domain;
update a correction field for a received message with a residence time and time delay value by the second device;
determine whether the updated message is benign or malicious;
update the correction field for the updated message with an inference time when the updated message is benign;
prevent relay of the updated message to other devices in the network domain when the updated message is malicious; and
estimate the inference time from an inference model for an intrusion detection system (IDS), the estimated inference time to comprise an estimated time interval between ingress of the updated message to the IDS and egress of the updated message from the IDS.
|