Method and system for protecting publicly accessible network computer services from undesirable network traffic in real-time

US 20020035698A1
Filed: 05/15/2001
Published: 03/21/2002
Est. Priority Date: 09/08/2000
Status: Abandoned Application

First Claim

Patent Images

1. A method for protecting publicly accessible network computer services from undesirable network traffic in real-time, the method comprising:

receiving network traffic destined for the services;

analyzing the network traffic to identify an undesirable user of the services; and

limiting access of the undesirable user to the services to protect the services.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system are provided for protecting publicly accessible network computer services from undesirable network traffic in real-time. The method includes receiving network traffic destined for the services and analyzing the network traffic to identify an undesirable user of the services. Access of the undesirable user to the services is limited to protect the services. The method and system identify and remove a new level of security threat that is not addressable by current techniques. Specifically, the method and system identify topologically anomalous application-level patterns of traffic and remove these data flows in real-time from the network.

189 Citations

16 Claims

1. A method for protecting publicly accessible network computer services from undesirable network traffic in real-time, the method comprising:
- receiving network traffic destined for the services;
  
  analyzing the network traffic to identify an undesirable user of the services; and
  
  limiting access of the undesirable user to the services to protect the services.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as claimed in claim 1 wherein the undesirable network traffic includes denial of service attacks.
  - 3. The method as claimed in claim 1 wherein the network is the Internet.
  - 4. The method as claimed in claim 1 further comprising generating one or more user profiles from the network traffic wherein the step of analyzing includes the step of comparing the one or more user profiles with a predetermined profile to determine the undesirable user.
  - 5. The method as claimed in claim 4 wherein the step of generating the one or more user profiles includes the step of generating request statistics for the user from the network traffic.
  - 6. The method as claimed in claim 5 wherein the request statistics include connection statistics and service request distributions.
  - 7. The method as claimed in claim 6 wherein the network is the Internet and wherein the step of generating request statistics includes the steps of collecting and correlating Border Gateway Protocol (BGP) data from the Internet to obtain the service request distributions.
  - 8. The method as claimed in claim 7 wherein the step of correlating includes the step of identifying a topologically clustered set of machines in the Internet based on the data and wherein the service request distributions are generated from the set of machines.

9. A system for protecting publicly accessible network computer services from undesirable network traffic in real-time, the system comprising:
- an interface for receiving network traffic destined for the services;
  
  a analysis engine for analyzing the network traffic to identify an undesirable user of the services; and
  
  a forwarding engine in communication with the analysis engine for limiting access of the undesirable user to the services to protect the services.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system as claimed in claim 9 wherein the undesirable network traffic includes denial of service attacks.
  - 11. The system as claimed in claim 9 wherein the network is the Internet.
  - 12. The system as claimed in claim 9 wherein the forwarding engine generates one or more user profiles from the network traffic and wherein the analysis engine compares the one or more user profiles with a predetermined profile to determine the undesirable user.
  - 13. The system as claimed in claim 12 wherein the forwarding engine generates the user profile by generating request statistics for the user from the network traffic.
  - 14. The system as claimed in claim 13 wherein the request statistics include connection statistics and service request distributions.
  - 15. The system as claimed in claim 14 wherein the network is the Internet and wherein the forwarding engine collects and correlates Border Gateway Protocol (BGP) data from the Internet to obtain the service request distributions.
  - 16. The system as claimed in claim 15 wherein the forwarding engine identifies a topologically clustered set of machines in the Internet based on the data and wherein the service request distributions are generated from the set of machines.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Board of Regents of the University of Michigan (University of Michigan)
Original Assignee
Board of Regents of the University of Michigan (University of Michigan)
Inventors
Malan, Gerald R., Jahanian, Farnam

Application Number

US09/855,818
Publication Number

US 20020035698A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 2463/141   Denial of service attacks a...

H04L 2463/146   Tracing the source of attacks

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 41/28   Restricting access to netwo...

H04L 43/00   Arrangements for monitoring...

H04L 43/022   by sampling

H04L 43/026   using flow identification

H04L 43/062   related to network traffic

H04L 43/16   Threshold monitoring

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1458   Denial of Service

H04L 67/30   Profiles

H04L 69/329   in the application layer [O...

Method and system for protecting publicly accessible network computer services from undesirable network traffic in real-time

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

189 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for protecting publicly accessible network computer services from undesirable network traffic in real-time

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

189 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links