Mitigating network attacks
First Claim
1. A computer-implemented method comprising:
- detecting a network attack on one or more computing devices of a content delivery system, wherein the network attack is directed to a combination of addressing information sets including at least two different addressing information sets, each addressing information set, of the at least two addressing information sets, used by the one or more computing devices to provide access to multiple different sets of content from a plurality of sets of content made available on the content delivery system;
identifying a first set of content, from the plurality of sets of contents, as a target of the network attack based at least partly on the combination of addressing information sets to which the attack is directed; and
mitigating the network attack based at least in part on redirecting requests to access the first set of content to one or more alternative computing devices on the content delivery system.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described that enable the mitigation of network attacks directed to specific sets of content on a content delivery system. A set of content targeted in the attack may be identified based at least in part on a combination of network addresses to which attacked-related packets are transmitted. Thereafter, the content delivery system may mitigate the attack based on the identified target. For example, where both targeted and non-targeted sets of content are associated with the attacked network addresses, traffic directed to these sets of content may be separated, e.g., in order to reduce the impact of the attack on the non-targeted sets of content or increase the computing resources available to the targeted content. Redirection of traffic may occur using either or both of resolution-based redirection or routing-based redirection.
1385 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
detecting a network attack on one or more computing devices of a content delivery system, wherein the network attack is directed to a combination of addressing information sets including at least two different addressing information sets, each addressing information set, of the at least two addressing information sets, used by the one or more computing devices to provide access to multiple different sets of content from a plurality of sets of content made available on the content delivery system; identifying a first set of content, from the plurality of sets of contents, as a target of the network attack based at least partly on the combination of addressing information sets to which the attack is directed; and mitigating the network attack based at least in part on redirecting requests to access the first set of content to one or more alternative computing devices on the content delivery system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a memory comprising computer-executable instructions; and one or more computing devices configured to execute the computer-executable instructions to; detect a network attack on one or more computing devices of a content delivery system, wherein the network attack is directed to a combination of addressing information sets including at least two different addressing information sets, each addressing information set, of the at least two addressing information sets, used by the one or more computing devices to provide access to multiple different sets of content from a plurality of sets of content made available on the content delivery system; identify a first set of content, from the plurality of sets of contents, as a target of the network attack based at least partly on the combination of addressing information sets to which the attack is directed; and mitigate the network attack based at least in part on redirecting requests to access the first set of content to an alternative location on the content delivery system. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. Non-transitory computer-readable media comprising instructions that, when executed by a computing system, cause the computing system to:
-
detect a network attack on one or more computing devices of a content delivery system, wherein the network attack is directed to a combination of addressing information sets including at least two different addressing information sets, each addressing information set, of the at least two addressing information sets, used by the one or more computing devices to provide access to multiple different sets of content from a plurality of sets of content made available on the content delivery system; identify a first set of content, from the plurality of sets of contents, as a target of the network attack based at least partly on the combination of addressing information sets to which the attack is directed; and mitigate the network attack based at least in part on redirecting requests to access the first set of content to an alternative location on the content delivery system. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification