Distributed denial of service (DDoS) network-based detection
First Claim
Patent Images
1. A computer system having a processor and a memory, the computer system operable to execute a method for providing a scalable detection for a distributed denial of service (DDoS) attack, the method comprising:
- sampling a set of packets destined for one or more entities connected to a packet network wherein the sampled set of packets is delivered to one or more regional collectors;
filtering the sampled set of packets to identify one or more customers wherein the filtered sampled set of packets is associated with the one or more customers;
providing the filtered sampled set of packets from the one or more regional collectors to one or more analyzers;
determining at the one or more analyzers if one or more members of the filtered sampled set of packets are one or more DDoS packets; and
performing at least one of a notification or a mitigation if the one or more members of the filtered sampled set of packets are one or more DDoS packets.
1 Assignment
0 Petitions
Accused Products
Abstract
Distributed Denial of Service (DDOS) Network-Based Detection. The present invention implements a network-based DDoS detection service. Data is sampled from various customer networks and delivered to a collector. The collector filters the data for those customers that implement or subscribe to the detection service. The filtered data is delivered to an analyzer to determine if the filtered data contains DDoS packets.
-
Citations
17 Claims
-
1. A computer system having a processor and a memory, the computer system operable to execute a method for providing a scalable detection for a distributed denial of service (DDoS) attack, the method comprising:
-
sampling a set of packets destined for one or more entities connected to a packet network wherein the sampled set of packets is delivered to one or more regional collectors;
filtering the sampled set of packets to identify one or more customers wherein the filtered sampled set of packets is associated with the one or more customers;
providing the filtered sampled set of packets from the one or more regional collectors to one or more analyzers;
determining at the one or more analyzers if one or more members of the filtered sampled set of packets are one or more DDoS packets; and
performing at least one of a notification or a mitigation if the one or more members of the filtered sampled set of packets are one or more DDoS packets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer system having a processor and a memory, the computer system operable to execute a method for providing a scalable detection for a distributed denial of service (DDoS) attack, the method comprising:
-
sampling a set of packets destined for one or more customers wherein the sampled set of packets are provided to a collector;
analyzing the sampled set of packets based on a criteria to filter the one or more customers to provide a subset of the sampled set of packets associated with a subset of the one or more customers to an analyzer;
comparing the subset of the sampled set of packets to a profile in the analyzer to determine if one or more members of the subset of the sampled set of packets exceed a threshold; and
providing a notice to at least one of a user, a computing device, or another computer system when the threshold is exceeded. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. One or more computer-readable media having computer-readable instructions embodied thereon for causing a computing device to perform a method for providing a scalable detection for a distributed denial of service (DDOS) attack, the method comprising:
-
sampling a set of packets destined for one or more entities connected to a packet network wherein the sampled set of packets is delivered to one or more regional collectors;
filtering the sampled set of packets to identify one or more customers wherein the filtered sampled set of packets is associated with the one or more customers;
providing the filtered sampled set of packets from the one or more regional collectors to one or more analyzers;
determining at the one or more analyzers if one or more members of the filtered sampled set of packets are one or more DDoS packets; and
performing at least one of a notification or a mitigation if the one or more members of the filtered sampled set of packets are one or more DDoS packets.
-
-
17. One or more computer-readable media having computer-readable instructions embodied thereon for causing a computing device to perform a method for providing a scalable detection for a distributed denial of service (DDoS) attack, the method comprising:
-
sampling a set of packets destined for one or more customers wherein the sampled set of packets are provided to a collector;
analyzing the sampled set of packets based on a criteria for the one or more customers to provide a subset of the sampled set of packets associated with a subset of the one or more customers to an analyzer;
comparing the subset of the sampled set of packets to a profile in the analyzer to determine if one or more members of the subset of the sampled set of packets exceed a threshold; and
providing a notice to at least one of a user, a computing device, or another computer system when the threshold is exceeded.
-
Specification