×

Identifying a denial-of-service attack in a cloud-based proxy service

  • US 10,574,690 B2
  • Filed: 04/17/2017
  • Issued: 02/25/2020
  • Est. Priority Date: 08/07/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method in a cloud-based proxy service for identifying a denial-of-service (DoS) attack, the method comprising:

  • determining that there is a potential DoS attack being directed to a first IP address of the cloud-based proxy service;

    responsive to determining that there are a plurality of domains that resolve to that IP address, identifying the one of the plurality of domains that is a target of the potential DoS attack, wherein the step of identifying includes performing the following;

    scattering the plurality of domains to resolve to different IP addresses of the cloud-based proxy service, wherein the scattering is performed iteratively, wherein in an initial iteration, at least two of the plurality of domains resolve to a same IP address of the cloud-based proxy service and one of the plurality of domains resolves to a different IP address of the cloud-based proxy service, and wherein in a final iteration, each of the plurality of domains resolves to a different IP address of the cloud-based proxy service, andidentifying one of those plurality of domains as the target of the potential DoS attack by determining that there is an abnormally high amount of traffic being directed to the IP address of the cloud-based proxy service in which that domain resolves; and

    responsive to identifying the one of the plurality of domains that is the target of the potential DoS attack, performing one or more mitigation actions for the targeted domain.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×