Denial-of-service attack defense system, denial-of-service attack defense method, and denial-of-service attack defense program

US 20070101428A1
Filed: 08/19/2005
Published: 05/03/2007
Est. Priority Date: 10/12/2004
Status: Active Grant

First Claim

Patent Images

1-14. -14. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A monitoring device is provided on a LAN to which a communication device that is a target of a denial-of-service attack is connected, and monitors a packet transmitted to the communication device via an ISP network. A restricting device is provided on the ISP network, and restricts a packet to the LAN. The monitoring device detects an attack by the packet on the communication device, and transmits protection request information indicating a request for protection against the attack to the restricting device. The restricting device restricts a packet transmitted to the communication device via the ISP network based on the protection request information.

19 Citations

View as Search Results

28 Claims

1-14. -14. (canceled)

15. A system for protecting a communication device against a denial-of-service attack, the system comprising:
- a monitoring device configured to be provided on a local area network to which the communication device that is a target of the denial-of-service attack is connected, the monitoring device monitoring a packet transmitted to the communication device via an internet-service-provider network; and
  
  a restricting device configured to be provided on the internet-service-provider network, the restricting device restricting a packet to the local area network, wherein the monitoring device includes an attack detecting unit that detects an attack by the packet on the communication device, and a protection-request-information transmitting unit that transmits protection request information indicating a request for protection against the attack to the restricting device; and
  
  the restricting device includes a packet restricting unit that restricts a packet transmitted to the communication device via the internet-service-provider network based on the protection request information.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system according to claim 15, wherein the monitoring device further includes a signature generating unit that generates a signature indicating a feature of a packet that attacks the communication device, the protection-request-information transmitting unit transmits the protection request information including the signature to the restricting device, and the packet restricting unit restricts a packet corresponding to the signature.
  - 17. The system according to claim 16, wherein the restricting device further includes a signature determining unit that determines whether the protection request information including the signature is appropriate, and the packet restricting unit restricts a packet corresponding to a signature that is determined to be appropriate, and does not restrict a packet corresponding to a signature that is determined to be inappropriate.
  - 18. The system according to claim 16, wherein the restricting device further includes a report generating unit that generates a report on a feature and an amount of a packet corresponding to the signature, and a report transmitting unit that transmits the report to the monitoring device;
    - the signature generating unit generates a new signature based on the report, the protection-request-information transmitting unit transmits the protection request information including the new signature to the restricting device, and the packet restricting unit restricts a packet corresponding to the new signature.
  - 19. The system according to claim 18, wherein the restricting device further includes a forwarding unit that forwards the protection request information to other restricting device provided on the internet-service-provider network, and the forwarding unit determines whether to forward the protection request information based on the report generated by the report generating unit, and forwards the protection request information to the other restricting device upon determining that it is necessary to forward the protection request information.
  - 20. The system according to claim 17, wherein the restricting device further includes a determination-result transmitting unit that transmits a result of determination of the signature determining unit to the monitoring device, and when the result of determination indicates that the signature is inappropriate, the signature generating unit generates, based on the result of determination, a new signature indicating the feature of the packet that attacks the communication device.

21. A method of protecting a communication device against a denial-of-service attack using a monitoring device and a restricting device, the monitoring device being configured to be provided on a local area network to which the communication device that is a target of the denial-of-service attack is connected and monitoring a packet transmitted to the communication device via an internet-service-provider network, the restricting device being configured to be provided on the internet-service-provider network and restricting a packet to the local area network, the method comprising:
- attack detecting including the monitoring device detecting an attack by the packet on the communication device;
  
  protection-request-information transmitting including the monitoring device transmitting protection request information indicating a request for protection against the attack to the restricting device; and
  
  packet restricting including the restricting device restricting a packet transmitted to the communication device via the internet-service-provider network based on the protection request information.
- View Dependent Claims (22, 23, 24)
- - 22. The method according to claim 21, further comprising:
    - signature generating including the monitoring device generating a signature indicating a feature of a packet that attacks the communication device, wherein the protection-request-information transmitting includes transmitting the protection request information including the signature to the restricting device, and the packet restricting includes restricting a packet corresponding to the signature.
  - 23. The method according to claim 22, further comprising:
    - signature determining including the restricting device determining whether the protection request information including the signature is appropriate, wherein the packet restricting includes restricting a packet corresponding to a signature that is determined to be appropriate; and
      
      not restricting a packet corresponding to a signature that is determined to be inappropriate.
  - 24. The method according to claim 22, further comprising:
    - report generating including the restricting device generating a report on a feature and an amount of a packet corresponding to the signature; and
      
      report transmitting including the restricting device transmitting the report to the monitoring device, wherein the signature generating includes generating a new signature based on the report, the protection-request-information transmitting includes transmitting the protection request information including the new signature to the restricting device, and the packet restricting includes restricting a packet corresponding to the new signature.

25. A computer-readable recording medium that stores a computer program for protecting a communication device against a denial-of-service attack using a monitoring device and a restricting device, the monitoring device being configured to be provided on a local area network to which the communication device that is a target of the denial-of-service attack is connected and monitoring a packet transmitted to the communication device via an internet-service-provider network, the restricting device being configured to be provided on the internet-service-provider network and restricting a packet to the local area network, wherein the computer program causes a computer to execute:
- attack detecting including the monitoring device detecting an attack by the packet on the communication device;
  
  protection-request-information transmitting including the monitoring device transmitting protection request information indicating a request for protection against the attack to the restricting device; and
  
  packet restricting including the restricting device restricting a packet transmitted to the communication device via the internet-service-provider network based on the protection request information.
- View Dependent Claims (26, 27, 28)
- - 26. The computer-readable recording medium according to claim 25, wherein the computer program further causes the computer to execute signature generating including the monitoring device generating a signature indicating a feature of a packet that attacks the communication device, the protection-request-information transmitting includes transmitting the protection request information including the signature to the restricting device, and the packet restricting includes restricting a packet corresponding to the signature.
  - 27. The computer-readable recording medium according to claim 26, wherein the computer program further causes the computer to execute a signature determining procedure of determining including the restricting device determining whether the protection request information including the signature is appropriate, the packet restricting includes restricting a packet corresponding to a signature that is determined to be appropriate by the signature determining unit, which is to be transmitted to the communication device;
    - and not restricting a packet corresponding to a signature that is determined to be inappropriate, which is to be transmitted to the communication device.
  - 28. The computer-readable recording medium according to claim 26, wherein the computer program further causes the computer to execute:
    - a report generating procedure of generating including the restricting device generating a report on a feature and an amount of a packet corresponding to the signature; and
      
      a report transmitting procedure of transmitting including the restricting device transmitting the report to the monitoring device, the signature generating procedure includes generating a new signature based on the report, the protection-request-information transmitting procedure includes transmitting the protection request information including the new signature to the restricting device, and the packet restricting procedure includes restricting a packet corresponding to the new signature, which is to be transmitted to the communication device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nippon Telegraph and Telephone Corporation
Original Assignee
Nippon Telegraph and Telephone Corporation
Inventors
Hamada, Masaki

Granted Patent

US 8,479,282 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

H04L 12/46 Interconnection of networks

H04L 63/1458 Denial of Service

Denial-of-service attack defense system, denial-of-service attack defense method, and denial-of-service attack defense program

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Denial-of-service attack defense system, denial-of-service attack defense method, and denial-of-service attack defense program

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links