System and method of traffic filtering upon detection of a DDoS attack
First Claim
1. A method for filtering network traffic to protect a computing device from a distributed denial-of-service (DDoS) attack, wherein the method comprises:
- responsive to detecting the computing device is subject to the DDoS attack, intercepting data from a network node to the computing device;
determining one or more data transmission parameters based on the intercepted data;
assigning an initial danger rating to the network node at least based on a network address of the network node comprising at least an IP address;
changing the danger rating of the network node based on an application of a filter and on the data transmission parameters;
responsive to determining that the danger rating of the network node exceeds a threshold value, limiting a transmittal of data from the network node to the computing device by limiting channel capacity between the network node and the computing device, wherein an amount by which the channel capacity is limited is determined based on a relationship between the changed danger rating and historical values of the danger rating; and
halting the application of the filter until the danger rating of the network node becomes less than the threshold value.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are a system, a method, and computer readable storage medium having instructions for filtering network traffic to protect a server from a distributed denial-of-service (DDoS) attack. The described technique includes intercepting data from a network node to the computing device responsive to detecting a computing device is subject to a DDoS attack. The technique further includes determining one or more data transmission parameters based on the intercepted data, assigning a danger rating to the network node, and changing the danger rating of the network node based on application of a filter and on the data transmission parameters. The described technique limits a transmittal of data from the network node to the computing device if the resultant danger rating of the network node exceeds a threshold value.
11 Citations
21 Claims
-
1. A method for filtering network traffic to protect a computing device from a distributed denial-of-service (DDoS) attack, wherein the method comprises:
-
responsive to detecting the computing device is subject to the DDoS attack, intercepting data from a network node to the computing device; determining one or more data transmission parameters based on the intercepted data; assigning an initial danger rating to the network node at least based on a network address of the network node comprising at least an IP address; changing the danger rating of the network node based on an application of a filter and on the data transmission parameters; responsive to determining that the danger rating of the network node exceeds a threshold value, limiting a transmittal of data from the network node to the computing device by limiting channel capacity between the network node and the computing device, wherein an amount by which the channel capacity is limited is determined based on a relationship between the changed danger rating and historical values of the danger rating; and halting the application of the filter until the danger rating of the network node becomes less than the threshold value. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for filtering network traffic to protect a computing device from a distributed denial-of-service (DDoS) attack, wherein the system comprises:
-
a memory device storing one or more filters; and a processor configured to; responsive to detecting the computing device is subject to the DDoS attack, intercept data from a network node to the computing device; determine one or more data transmission parameters based on the intercepted data; assign an initial danger rating to the network node at least based on a network address of the network node comprising at least an IP address; change the danger rating of the network node based on an application of a filter and on the data transmission parameters; responsive to determining that the danger rating of the network node exceeds a threshold value, limit a transmittal of data from the network node to the computing device by limiting channel capacity between the network node and the computing device, wherein an amount by which the channel capacity is limited is determined based on a relationship between the changed danger rating and historical values of the danger rating; and halt the application of the filter until the danger rating of the network node becomes less than the threshold value. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable medium comprising computer executable instructions for filtering network traffic to protect a computing device from a distributed denial-of-service (DDoS) attack, including instructions for:
-
responsive to detecting the computing device is subject to the DDoS attack, intercepting data from a network node to the computing device; determining one or more data transmission parameters based on the intercepted data; assigning an initial danger rating to the network node at least based on a network address of the network node comprising at least an IP address; changing the danger rating of the network node based on an application of a filter and on the data transmission parameters; responsive to determining that the danger rating of the network node exceeds a threshold value, limiting a transmittal of data from the network node to the computing device by limiting channel capacity between the network node and the computing device, wherein an amount by which the channel capacity is limited is determined based on a relationship between the changed danger rating and historical values of the danger rating; and halting the application of the filter until the danger rating of the network node becomes less than the threshold value. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification