Methods, media and systems for responding to a denial of service attack

US 20070214505A1
Filed: 10/20/2006
Published: 09/13/2007
Est. Priority Date: 10/20/2005
Status: Active Grant

First Claim

Patent Images

1. A method for responding to a Denial of Service (DoS) attack, comprising:

detecting the denial of service attack;

migrating one or more processes that provide a service to an unaffected system;

authenticating users that are authorized to use the service; and

routing traffic generated by authenticated users to the unaffected system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, media and systems for responding to a Denial of Service (DoS) attack are provided. In some embodiments, a method includes detecting a DoS attack, migrating one or more processes that provide a service to an unaffected system; authenticating users that are authorized to use the service; and routing traffic generated by authenticated users to the unaffected system.

Citations

20 Claims

1. A method for responding to a Denial of Service (DoS) attack, comprising:
- detecting the denial of service attack;
  
  migrating one or more processes that provide a service to an unaffected system;
  
  authenticating users that are authorized to use the service; and
  
  routing traffic generated by authenticated users to the unaffected system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the migrating comprises migrating the one or more processes from a first virtualized operating system environment to a second virtualized operating system environment.
  - 3. The method of claim 1, wherein the authenticating comprises authenticating by digital certificates.
  - 4. The method of claim 1, wherein the authenticating comprises authenticating human users by Graphical Turing Tests.
  - 5. The method of claim 1, wherein the service is a web server.
  - 6. The method of claim 1, wherein the migrating further comprises:
    - saving information regarding the one or more processes;
      
      transferring the saved information to the unaffected system; and
      
      restarting the one or more processes using the saved information.
  - 7. The method of claim 6, wherein transferring the saved information comprises transferring the saved informating in an unpublicized link.
  - 8. The method of claim 7, further comprising periodically changing an IP address associated with the unpublicized link.

9. A computer-readable medium containing computer-executable instructions that, when executed by a processor, cause the processor to perform a method for responding to a DoS attack, comprising:
- detecting the denial of service attack;
  
  migrating one or more processes that provide a service to an unaffected system;
  
  authenticating users that are authorized to use the service; and
  
  routing traffic generated by authenticated users to the unaffected system.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The computer-readable medium of claim 9, wherein the one or more processes are migrated from a first virtualized operating system environment to a second virtualized operating system environment.
  - 11. The computer-readable medium of claim 9, wherein the authenticating comprises authenticating by digital certificates.
  - 12. The computer-readable medium of claim 9, wherein the authenticating comprises authenticating human users by Graphical Turing Tests.
  - 13. The computer-readable medium of claim 9, wherein the migrating further comprises:
    - saving information regarding the one or more processes;
      
      transferring the saved information to the unaffected system; and
      
      restarting the one or more processes using the saved information.
  - 14. The computer-readable medium of claim 13, wherein transferring the saved information comprises transferring the saved informating in an unpublicized link.
  - 15. The computer-readable medium of claim 14, further comprising periodically changing an IP address associated with the unpublicized link.

16. A system for responding to a DoS attack, comprising:
- a migration system configured to migrate one or more processes that provide a service from a first digital processing device to a second digital processing device when the first digital processing device is affected by the denial of service attack; and
  
  an overlay network configured to authenticate authorized users and route traffic from the authorized users to the second digital processing device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, further comprising:
    - an unpublicized link between the first digital processing device and the second digital processing device, wherein the migration system is configured to migrate the one or more processes using the unpublicized link.
  - 18. The system of claim 16, wherein the service is a web server.
  - 19. The system of claim 16, wherein, after the one or more processes is migrated, the second digital processing device is configured to access a storage unit using an unpublicized link, the storage unit used by the one or more processes before migration.
  - 20. The system of claim 16, wherein the first digital processing device and the second digital processing device are located in two different networks provided by different Internet Service Providers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trustees Of Columbia University In The City Of New York (Columbia University)
Original Assignee
Trustees Of Columbia University In The City Of New York (Columbia University)
Inventors
Stavrou, Angelos, Nieh, Jason, Misra, Vishal, Rubenstein, Daniel, Keromytis, Angelos

Granted Patent

US 8,549,646 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 2463/141   Denial of service attacks a...

H04L 63/1458   Denial of Service

Methods, media and systems for responding to a denial of service attack

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, media and systems for responding to a denial of service attack

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links