Health monitor based distributed denial of service attack mitigation

US 10,187,423 B2
Filed: 12/21/2017
Issued: 01/22/2019
Est. Priority Date: 08/26/2013
Status: Active Grant

First Claim

Patent Images

1. A system for mitigating a DDoS event, the system comprising:

an application delivery controller comprising;

a hardware processor; and

a memory coupled to the hardware processor, the memory storing instructions executable by the hardware processor, the hardware processor of the application delivery controller being configured to;

send a request to a health monitor concerning a state of a network, the health monitor determining a presence of a network data traffic in a collapsible virtual data circuit that normally conveys the network data traffic and collapses in response to the DDoS event associated with the network by stopping a flow of the network data traffic;

determine that the health monitor has failed, the failure being evidenced by a lack of a response to the request from the health monitor to the application delivery controller, the lack of the response to the request being an indication of a collapse of the collapsible virtual data circuit; and

based on the indication of the collapse of the collapsible virtual data circuit, redirect network data traffic associated with the collapsible virtual data circuit.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are methods and systems for mitigating a DDoS event. The method may comprise receiving an indication of a collapse of a collapsible virtual data circuit associated with network data traffic. In response to the received indication of the collapse, the collapse may be attributed to the DDoS event. Furthermore, the method may comprise redirecting the network data traffic to one or more DDoS mitigation services. The method may further comprise mitigating the DDoS event by the one or more DDoS mitigation services.

192 Citations

20 Claims

1. A system for mitigating a DDoS event, the system comprising:
- an application delivery controller comprising;
  
  a hardware processor; and
  
  a memory coupled to the hardware processor, the memory storing instructions executable by the hardware processor, the hardware processor of the application delivery controller being configured to;
  
  send a request to a health monitor concerning a state of a network, the health monitor determining a presence of a network data traffic in a collapsible virtual data circuit that normally conveys the network data traffic and collapses in response to the DDoS event associated with the network by stopping a flow of the network data traffic;
  
  determine that the health monitor has failed, the failure being evidenced by a lack of a response to the request from the health monitor to the application delivery controller, the lack of the response to the request being an indication of a collapse of the collapsible virtual data circuit; and
  
  based on the indication of the collapse of the collapsible virtual data circuit, redirect network data traffic associated with the collapsible virtual data circuit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the hardware processor is further configured to mitigate, via one or more DDoS mitigation services, the DDoS event.
  - 3. The system of claim 1, wherein the indication of the collapse of the collapsible virtual data circuit includes a lack of communications with the collapsible virtual data circuit for a predetermined period of time.
  - 4. The system of claim 1, wherein the hardware processor is further configured to:
    - receive an indication of reestablishment of the network traffic through the collapsible virtual data circuit; and
      
      in response to the indication, direct the network data traffic to the collapsible virtual data circuit.
  - 5. The system of claim 4, wherein the indication of reestablishment of the network traffic through the collapsible virtual data circuit includes receiving communications from the collapsible virtual data circuit.
  - 6. The system of claim 5, wherein the redirecting network data traffic associated with the collapsible virtual data circuit includes:
    - redirecting the network data traffic to one or more DDoS mitigation services;
      
      analyzing the network data traffic by the one or more DDoS mitigation services to detect DDoS data packages; and
      
      filtering the DDoS data packages by the one or more DDoS mitigation services to provide filtered network data traffic.
  - 7. The system of claim 6, wherein the reestablished network data traffic includes the filtered network data traffic.
  - 8. The system of claim 4, wherein the receiving of the indication of reestablishment includes:
    - in response to the request regarding the state of the network data traffic flow, receiving a notification from the health monitor, wherein the notification includes an indication of the presence of the network data traffic in the collapsible virtual data circuit.
  - 9. The system of claim 1, wherein the indication of the collapse of the collapsible virtual data circuit is received in response to the request.

10. A method for mitigating a DDoS event, the method comprising:
- sending, by an application delivery controller, a request to a health monitor concerning a state of a network, the health monitor determining a presence of a network data traffic in a collapsible virtual data circuit that normally conveys the network data traffic and collapses in response to the DDoS event associated with the network by stopping a flow of the network data traffic;
  
  determining, by the application delivery controller, that the health monitor has failed, the failure being evidenced by a lack of a response to the request from the health monitor to the application delivery controller, the lack of the response to the request being an indication of a collapse of the collapsible virtual data circuit; and
  
  based on the indication of the collapse of a collapsible virtual data circuit, redirecting network data traffic associated with the collapsible virtual data circuit.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The method of claim 10, further comprising mitigating, by one or more DDoS mitigation services, the DDoS event.
  - 12. The method of claim 10, wherein the indication of the collapse of the collapsible virtual data circuit includes a lack of communications with the collapsible virtual data circuit for a predetermined period of time.
  - 13. The method of claim 10, further comprising:
    - receiving an indication of reestablishment of the network traffic through the collapsible virtual data circuit; and
      
      in response to the indication, directing the network data traffic to the collapsible virtual data circuit.
  - 14. The method of claim 13, wherein the indication of reestablishment of the network traffic through the collapsible virtual data circuit includes receiving communications from the collapsible virtual data circuit.
  - 15. The method of claim 14, wherein the redirecting the network data traffic associated with the collapsible virtual data circuit includes:
    - redirecting the network data traffic to one or more DDoS mitigation services;
      
      analyzing the network data traffic by the one or more DDoS mitigation services to detect DDoS data packages; and
      
      filtering the DDoS data packages by the one or more DDoS mitigation services to provide filtered network data traffic.
  - 16. The method of claim 15, wherein the reestablished network data traffic includes the filtered network data traffic.
  - 17. The method of claim 13, wherein the receiving of the indication of reestablishment includes:
    - sending a request to the health monitor associated with the collapsible virtual data circuit regarding a status of the network data traffic flow; and
      
      in response to the request regarding the status of the network data traffic flow, receiving a notification from the health monitor, wherein the notification includes an indication of the presence of the network data traffic in the collapsible virtual data circuit.
  - 18. The method of claim 17, wherein the indication of the presence of the network data traffic in the collapsible virtual data circuit is attributed to a successful mitigation of the DDOS event.
  - 19. The method of claim 10, wherein the indication of the collapse of the collapsible virtual data circuit is received in response to the request.

20. A system for mitigating a DDoS event, the system comprising:
- an application delivery controller comprising;
  
  a hardware processor; and
  
  a memory coupled to the hardware processor, the memory storing instructions executable by the hardware processor, the hardware processor of the application delivery controller being configured to;
  
  send a request to a health monitor regarding a state of a network resource, the health monitor determining a presence of a network data traffic in a collapsible virtual data circuit that normally conveys the network data traffic and collapses in response to the DDoS event associated with the network resource by stopping flow of the network data traffic;
  
  determine that the health monitor has failed, the failure being evidenced by a lack of a response to the request from the health monitor to the application delivery controller, the lack of the response to the request being an indication of a collapse of the collapsible virtual data circuit; and
  
  based on the indication of the collapse of the collapsible virtual data circuit, redirect network data traffic associated with the collapsible virtual data circuit, wherein the redirecting the network data traffic associated with the collapsible virtual data circuit includes;
  
  redirecting the network data traffic to one or more DDoS mitigation services;
  
  analyzing the network data traffic by the one or more DDoS mitigation services to detect DDoS data packages; and
  
  filtering the DDoS data packages by the one or more DDoS mitigation services to provide filtered network data traffic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
A10 Networks Incorporated
Original Assignee
A10 Networks Incorporated
Inventors
Thompson, Micheal, Groves, Vernon Richard
Primary Examiner(s)
Lemma, Samson B

Application Number

US15/851,582
Publication Number

US 20180124104A1
Time in Patent Office

397 Days
Field of Search

726 22- 25, 726 13, 709235
US Class Current
CPC Class Codes

H04L 63/1416 Event detection, e.g. attac...

H04L 63/1458 Denial of Service

Health monitor based distributed denial of service attack mitigation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

192 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Health monitor based distributed denial of service attack mitigation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

192 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links