System and process for managing network traffic
First Claim
1. A process for managing traffic in a communications network, including:
- determining the source address of a received network packet; and
comparing said source address with stored source address data for network packets received in a previous time period.
1 Assignment
0 Petitions
Accused Products
Abstract
A traffic management system for use in a communications network, including a detection module for determining the source addresses of received network packets, and for comparing the source addresses with stored source address data for network packets received in a previous time period. The system monitors increases in the number of new source IP addresses of received packets to detect a network traffic anomaly such as a distributed denial of service (DDoS) attack or a flash crowd. If a traffic anomaly is detected, a filtering module performs history-based filtering to block a received packet unless one or more legitimate packets with the same source address have been previously received in a predetermined time period.
-
Citations
28 Claims
-
1. A process for managing traffic in a communications network, including:
-
determining the source address of a received network packet; and
comparing said source address with stored source address data for network packets received in a previous time period. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 23, 24)
-
-
19. A process for managing traffic in a communications network, including:
-
determining the source addresses of received network packets;
comparing said source address with stored source address data for network packets received in a previous time period to determine a number of new source addresses; and
detecting a surge in network traffic on the basis of the number of new source addresses. - View Dependent Claims (20)
-
-
21. A process for detecting anomalous traffic in a communications network, including:
-
determining source addresses of received network packets;
comparing said source addresses with stored source address data for network packets received in a previous time period to determine the number of new source addresses for which data is not included in said stored source address data; and
detecting at least one of a distributed denial of service attack and a flash crowd event on the basis of the number of new source addresses.
-
-
22. A filtering process, including:
-
determining the source address of a received network packet;
determining at least one of the number of packets with said source address received in a previous time period and a fraction of said previous time period in which packets with said source address were received; and
determining whether to block said received network packet on the basis of at least one of said number and said fraction.
-
-
25. A traffic management system for use in a communications network, including:
-
a source address detection module for determining the source addresses of received network packets; and
a decision module for detecting a surge in network traffic on the basis of a comparison of said source addresses with stored source address data for network packets received in a previous time period. - View Dependent Claims (26, 27, 28)
-
Specification