System and method for software defined behavioral DDoS attack mitigation
First Claim
Patent Images
1. A method for controlling a plurality of distributed denial of service (DDoS) mitigation appliances, comprising:
- decoupling control plane functionality, responsible for storage of behavioral data and creation of DDoS attack mitigation policies, and data plane functionality, responsible for collection of the behavioral data and performing DDoS attack mitigation based on the DDoS attack mitigation policies, wherein the control plane functionality is implemented within a DDoS attack mitigation central controller and includes adaptive, continuous estimation of behavioral thresholds based on past traffic and management of the DDoS attack mitigation policies and wherein the data plane functionality is implemented within and distributed among the plurality of DDoS mitigation appliances and includes collection of granular traffic rate information regarding traffic observed by each of the plurality of DDoS mitigation appliances;
configuring, by the DDoS attack mitigation central controller, the DDoS attack mitigation policies for the plurality of DDoS attack mitigation appliances comprising collecting, by the DDoS attack mitigation central controller, the granular traffic rate information from the plurality of DDoS attack mitigation appliances, and estimating granular behavioral packet rate thresholds based on the granular traffic rate information; and
causing, by the DDoS attack mitigation central controller, the plurality of DDoS attack mitigation appliances to enforce the granular behavioral packet rate thresholds by sending the DDoS attack mitigation policies to the plurality of DDoS attack mitigation appliances through a network connecting the DDoS attack mitigation central controller and the plurality of DDoS attack mitigation appliances.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for controlling multiple distributed denial of service (DDoS) mitigation appliances. A DDoS attack mitigation central controller configures attack mitigation policies for the DDoS attack mitigation appliances. The DDoS attack mitigation policies are sent to the DDoS attack mitigation appliances through a network connecting the DDoS attack mitigation central controller and the DDoS attack mitigation appliances.
17 Citations
14 Claims
-
1. A method for controlling a plurality of distributed denial of service (DDoS) mitigation appliances, comprising:
-
decoupling control plane functionality, responsible for storage of behavioral data and creation of DDoS attack mitigation policies, and data plane functionality, responsible for collection of the behavioral data and performing DDoS attack mitigation based on the DDoS attack mitigation policies, wherein the control plane functionality is implemented within a DDoS attack mitigation central controller and includes adaptive, continuous estimation of behavioral thresholds based on past traffic and management of the DDoS attack mitigation policies and wherein the data plane functionality is implemented within and distributed among the plurality of DDoS mitigation appliances and includes collection of granular traffic rate information regarding traffic observed by each of the plurality of DDoS mitigation appliances; configuring, by the DDoS attack mitigation central controller, the DDoS attack mitigation policies for the plurality of DDoS attack mitigation appliances comprising collecting, by the DDoS attack mitigation central controller, the granular traffic rate information from the plurality of DDoS attack mitigation appliances, and estimating granular behavioral packet rate thresholds based on the granular traffic rate information; and causing, by the DDoS attack mitigation central controller, the plurality of DDoS attack mitigation appliances to enforce the granular behavioral packet rate thresholds by sending the DDoS attack mitigation policies to the plurality of DDoS attack mitigation appliances through a network connecting the DDoS attack mitigation central controller and the plurality of DDoS attack mitigation appliances. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A distributed denial of service (DDoS) mitigation central controller for controlling a plurality of DDoS attack mitigation appliances, the DDoS mitigation central controller comprising:
-
a non-transitory storage device having tangibly embodied therein instructions representing a security application; and one or more processors coupled to the non-transitory storage device and operable to execute the security application to perform a method comprising; configuring, by the DDoS attack mitigation central controller, DDoS attack mitigation policies for the plurality of DDoS attack mitigation appliances, comprising collecting, by the DDoS attack mitigation central controller, granular traffic rate information and estimating granular behavioral packet rate thresholds based on the granular traffic rate information; causing, by the DDoS attack mitigation central controller, the plurality of DDoS attack mitigation appliances to enforce the granular behavioral packet rate thresholds by sending the DDoS attack mitigation policies to the plurality of DDoS attack mitigation appliances through a network connecting the DDoS attack mitigation central controller and the plurality of DDoS attack mitigation appliances; wherein the DDoS mitigation central controller and the plurality of DDoS attack mitigation appliances facilitate decoupling of control plane functionality, responsible for storage of behavioral data and creation of the DDoS attack mitigation policies, and data plane functionality, responsible for collection of the behavioral data and performing DDoS attack mitigation based on the DDoS attack mitigation policies; wherein the control plane functionality is implemented within the DDoS attack mitigation central controller and includes adaptive, continuous estimation of behavioral thresholds based on past traffic and management of the DDoS attack mitigation policies; and wherein the data plane functionality is implemented within and distributed among the plurality of DDoS mitigation appliances and includes collection of the granular traffic rate information. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification