Method and apparatus for denial of service attack preemption
First Claim
Patent Images
1. A method comprising:
- determining with a system'"'"'s operating system if a set of one or more protocol data units (PDUS) satisfy a set of one or more network security alert criteria, wherein the set of network security alert criteria define characteristics of PDUs typical for PDUs used for initiating or conducting a denial of service attack; and
adjusting the system'"'"'s transmission capability and transmitting an alert to a monitor if one or more of the set of network security alert criteria are satisfied.
1 Assignment
0 Petitions
Accused Products
Abstract
Denial of service attack preemption determines with a system'"'"'s operating system if a set of one or more protocol data units (PDUs) satisfy a set of one or more network security alert criteria. The set of network security alert criteria define characteristics of PDUs typical for PDUs used for initiating or conducting a denial of service attack. If one or more of the set of network security alert criteria are satisfied, then the system'"'"'s transmission capability is adjusted and an alert is transmitted to a monitor.
82 Citations
30 Claims
-
1. A method comprising:
-
determining with a system'"'"'s operating system if a set of one or more protocol data units (PDUS) satisfy a set of one or more network security alert criteria, wherein the set of network security alert criteria define characteristics of PDUs typical for PDUs used for initiating or conducting a denial of service attack; and
adjusting the system'"'"'s transmission capability and transmitting an alert to a monitor if one or more of the set of network security alert criteria are satisfied. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
determining, with a denial of service attack preemption module included within a systems'"'"' system software, if a protocol data unit (PDU) generated by communication software is possibly being used to initiate or orchestrate a denial of service attack and if a transmit rate of the system is greater than a predetermined threshold transmit rate; and
transmitting an alert to a monitor and throttling the transmit rate if the PDU is suspicious and the transmit rate is greater than the predetermined threshold transmit rate. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method comprising:
-
at the kernel level of an operating system, analyzing a protocol data unit (PDU) generated by communication software to be transmitted via a network interface, reducing the transmit rate of the network interface if the analyzed PDU is determined to be suspicious for denial of service attacks and the transmit rate of the network interface exceeds a predetermined transmit rate threshold; and
transmitting the PDU via the network interface if the PDU is not suspicious. - View Dependent Claims (15, 16, 17)
-
-
18. An apparatus comprising:
-
a bus;
a set of one or more processors coupled with the bus;
an Ethernet network interface card coupled with the bus; and
a machine-readable medium coupled with the bus, the machine-readable medium having stored therein a set of instructions to cause the set of processors to, determine if a protocol data unit satisfies a set of one or more network security alert criteria as a suspicious protocol data unit and if rate of transmission of a network interface to be used to transmit the suspicious protocol data unit exceeds a predetermined threshold, wherein the set of network security alert criteria define characteristics of protocol data units typical for protocol data units used for initiating or orchestrating denial of service attacks, adjust the rate of transmission of the network interface if the protocol data unit is a suspicious protocol data unit and if the transmission rate exceeds the predetermined threshold. - View Dependent Claims (19)
-
- 20. The apparatus of claim 18 wherein the set of instructions stored on the machine-readable medium further cause the set of processors to shut down the interface if the protocol data unit is determined to be forbidden in accordance with the set of network security alert criteria.
-
20-1. A machine-readable medium that provides instructions, which when executed by a set of one or more processors, cause said set of processors to perform operations comprising:
-
determining with a system'"'"'s operating system if a set of one or more protocol data units (PDUs) satisfy a set of one or more network security alert criteria, wherein the set of network security alert criteria define characteristics of PDUs typical for PDUs used for initiating or conducting a denial of service attack; and
adjusting the system'"'"'s transmission capability and transmitting an alert to a monitor if one or more of the set of network security alert criteria are satisfied.
-
-
27. A machine-readable medium that provides instructions, which when executed by a set of one or more processors, cause said set of processors to perform operations comprising:
-
at the kernel level of an operating system, analyzing a protocol data unit (PDU) generated by communication software to be transmitted via a network interface, reducing the transmit rate of the network interface if the analyzed PDU is determined to be suspicious for denial of service attacks and the transmit rate of the network interface exceeds a predetermined transmit rate threshold; and
transmitting the PDU via the network interface if the PDU is not suspicious. - View Dependent Claims (28, 29, 30)
-
Specification