Method and apparatus for detecting denial of service attacks
First Claim
Patent Images
1. A method for providing network security, the method comprising the steps of:
- receiving a dataflow destined for an end user network;
sampling the dataflow according to a predetermined sampling rate;
generating flow information from the sampled dataflow; and
forwarding the flow information for remote behavioral analysis to determine a behavioral profile indicative of a denial of service attack of the end user network.
5 Assignments
0 Petitions
Accused Products
Abstract
An approach is provided for supporting network security. A dataflow destined for an end user network is received. The dataflow is sampled according to a predetermined sampling rate. Flow information is generated from the sampled dataflow. The flow information is forwarded to a collector device for remote behavioral analysis to determine a behavioral profile indicative of a Denial of Service (DoS) attack (e.g., distributed Denial of Service (DDOS) attack) of the end user network.
-
Citations
23 Claims
-
1. A method for providing network security, the method comprising the steps of:
-
receiving a dataflow destined for an end user network;
sampling the dataflow according to a predetermined sampling rate;
generating flow information from the sampled dataflow; and
forwarding the flow information for remote behavioral analysis to determine a behavioral profile indicative of a denial of service attack of the end user network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A communication system for providing network security, comprising:
-
a router configured to sample a dataflow destined for an end user network according to a predetermined sampling rate and to generate a flow record from the samples; and
a collector device configured to receive the flow information from the router and to determine a behavioral profile indicative of a denial of service attack of the end user network. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A networking apparatus for routing dataflows in a transport network, the apparatus comprising:
-
a flow filter and selection logic configured to sample a dataflow destined for an end user host or network according to a predetermined sampling rate;
a routing engine configured to route the dataflow over the transport network; and
a flow record generator configured to generate flow information from the sampled dataflow for behavioral analysis to detect a denial of service attack of the end user host or network. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
Specification