System and method thereof for multi-tiered mitigation of cyber-attacks

US 10,129,297 B2
Filed: 09/18/2017
Issued: 11/13/2018
Est. Priority Date: 03/06/2015
Status: Active Grant

First Claim

Patent Images

1. A method for mitigating cyber attacks in a multi-tiered communication network, comprising:

selecting at least one new protection resource to secure a protected entity in a tier of the multi-tiered communication network when a protection resource currently assigned to the protected entity cannot efficiently handle a detected cyber attack, wherein the selection is based on at least one of a computed current aggregated load metric (ALM) and a security capability of the at least one protection resource, and wherein the at least one new protection resource is in a higher tier than the tier of the multi-tiered communication network that the protected entity resides.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for controlling multi-tiered mitigation of cyber-attacks. The method comprises monitoring at least availability and load of each protection resource in a multi-tiered communication network, wherein each tier in the multi-tiered communication network includes a plurality of protection resources having capacity and security capabilities set according to the respective tier; for each protection resource, computing a current aggregated load metric (ALM); determining based on at least one of the computed ALM and security capabilities of a respective protection resource, if the respective protection resource assigned to a protected entity can efficiently handle a detected cyber-attack against the protected entity; and selecting at least one new protection resource to secure the protected entity, upon determining the protection resource cannot efficiently handle the detected cyber-attack, wherein the selection is based on at least one of the computed ALM and a security capabilities of the at least one protection resource.

8 Citations

20 Claims

1. A method for mitigating cyber attacks in a multi-tiered communication network, comprising:
- selecting at least one new protection resource to secure a protected entity in a tier of the multi-tiered communication network when a protection resource currently assigned to the protected entity cannot efficiently handle a detected cyber attack, wherein the selection is based on at least one of a computed current aggregated load metric (ALM) and a security capability of the at least one protection resource, and wherein the at least one new protection resource is in a higher tier than the tier of the multi-tiered communication network that the protected entity resides.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein each tier in the multi-tiered communication network includes a plurality of protection resources having capacity and security capabilities set according to the respective tier, further comprising:
    - monitoring at least availability and load of each of the protection resources in the multi-tiered communication network.
  - 3. The method of claim 2, further comprising:
    - computing a ALM for each of the protection resources.
  - 4. The method of claim 2, wherein monitoring the at least availability and load of each protection resource further comprises:
    - monitoring a plurality of load parameters for the load of each protection resource; and
      
      comparing a value for each monitored load parameter based on current load conditions.
  - 5. The method of claim 1, wherein the computed ALM is a unified metric representing the global normalized load on a respective protection resource.
  - 6. The method of claim 1, wherein a determination that the protection resource currently assigned to the protected entity cannot efficiently handle the detected cyber attack is based on at least one of the computed ALM and security capabilities of the protection resource.
  - 7. The method of claim 1, wherein selecting the at least one new protection resource further comprises:
    - evaluating at least one selection parameter;
      
      assigning a weight to the at least one selection parameter;
      
      computing a selection score for each of a plurality of available protection resources; and
      
      selecting the new protection resource based on the computed selection score.
  - 8. The method of claim 7, wherein a protection resource having the lowest selection score is selected as the new protection resource, and wherein computing the selection score further comprises:
    - computing a linear combination of the at least one selection parameter and its respective weight.
  - 9. The method of claim 7, wherein a protection resource having the lowest selection score is selected as the new protection resource, and wherein computing the selection score further comprises:
    - computing a maximum among the at least one selection parameter multiplied by its respective weight.
  - 10. The method of claim 1, further comprising:
    - assigning the new selected protection resource to the protected entity; and
      
      diverting incoming traffic intended to be processed by the protected entity to the new selected protection resource.

11. A system for mitigating cyber attacks in a multi-tiered communication network, comprising:
- at least one processing unit; and
  
  a memory, the memory containing instructions that, when executed by the at least one processing unit, configure the system to;
  
  select at least one new protection resource to secure a protected entity in a tier of the multi-tiered communication network when a protection resource currently assigned to the protected entity cannot efficiently handle a detected cyber attack, wherein the selection is based on at least one of a computed current aggregated load metric (ALM) and a security capability of the at least one protection resource, and wherein the at least one new protection resource is in a higher tier than the tier of the multi-tiered communication network that the protected entity resides.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein each tier in the multi-tiered communication network includes a plurality of protection resources having capacity and security capabilities set according to the respective tier, the system being further configured to:
    - monitor at least availability and load of each of the protection resources in the multi-tiered communication network.
  - 13. The method of claim 12, the system is further configured to:
    - compute a ALM for each of the protection resources.
  - 14. The method of claim 12, wherein when monitoring the at least availability and load of each protection resource the system is further configured to:
    - monitor a plurality of load parameters for the load of each protection resource; and
      
      compare a value for each monitored load parameter based on current load conditions.
  - 15. The method of claim 11, wherein the computed ALM is a unified metric representing the global normalized load on a respective protection resource.
  - 16. The method of claim 11, wherein the system is further configured to make a determination that the protection resource currently assigned to the protected entity cannot efficiently handle the detected cyber attack based on at least one of the computed ALM and security capabilities of the protection resource.
  - 17. The method of claim 11, wherein when selecting the at least one new protection resource the system is further configured to:
    - evaluate at least one selection parameter;
      
      assign a weight to the at least one selection parameter;
      
      compute a selection score for each of a plurality of available protection resources; and
      
      select the new protection resource based on the computed selection score.
  - 18. The method of claim 17, wherein a protection resource having the lowest selection score is selected as the new protection resource, and wherein when computing the selection score the system is further configured to:
    - compute a linear combination of the at least one selection parameter and its respective weight.
  - 19. The method of claim 17, wherein a protection resource having the lowest selection score is selected as the new protection resource, and wherein when computing the selection score the system is further configured to:
    - compute a maximum among the at least one selection parameter multiplied by its respective weight.
  - 20. The method of claim 11, the system is further configured to:
    - assign the new selected protection resource to the protected entity; and
      
      divert incoming traffic intended to be processed by the protected entity to the new selected protection resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Radware Limited
Original Assignee
Radware Limited
Inventors
Doron, Ehud, Aviv, David, Ben Ezra, Yotam, Medvedovsky, Lev
Primary Examiner(s)
Li, Meng

Application Number

US15/707,292
Publication Number

US 20180020023A1
Time in Patent Office

421 Days
Field of Search
US Class Current
CPC Class Codes

H04L 47/726   Reserving resources in mult...

H04L 63/14   for detecting or protecting...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1458   Denial of Service

System and method thereof for multi-tiered mitigation of cyber-attacks

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

8 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System and method thereof for multi-tiered mitigation of cyber-attacks

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others