×

Detection of Distributed Denial of Service Attacks in Autonomous System Domains

  • US 20080028467A1
  • Filed: 01/17/2007
  • Published: 01/31/2008
  • Est. Priority Date: 01/17/2006
  • Status: Active Grant
First Claim
Patent Images

1. A method for detecting malicious communication traffic at an autonomous system domain comprising:

  • aggregating a plurality of flows traversing at least one routing node in the autonomous system domain into a plurality of flow aggregates, each of said flows including incoming packets having a common source address and outgoing packets having a common destination address, each of said flow aggregates having mapped thereto a set of said flows;

    sampling packets of each of said flow aggregates during a predetermined time interval;

    storing at least a flow identifier of suspect flows in each of said flow aggregates, said suspect flows corresponding to a flow aggregate having a number of said outgoing packets sampled therefrom exceeding by a predetermined value a number of said incoming packets sampled therefrom; and

    determining from said suspicious flows a flow identifier of an attack flow.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×