PROACTIVE NETWORK ATTACK DEMAND MANAGEMENT
First Claim
1. A method comprising:
- receiving a request over a network for a network resource;
applying one or more attack detection rules to the received request;
ignoring the request if the request is part of a detected attack;
segregating the request to a virtual local area network if the request is suspected to be part of an attack; and
servicing the request from the virtual local area network utilizing resources segregated to the virtual local area network.
1 Assignment
0 Petitions
Accused Products
Abstract
Various embodiments described and illustrated herein provide one or more of systems, methods, software, and firmware to handle attack generated demand proactively using distributed virtualization. One goal of some such embodiments is to provide a time window of stable operational response within which an intrusion detection system may detect an attack and/or cause a countermeasure against the attacks to be activated. Demand excursions which are not caused by an attack are supported during the variability of demand providing transparent response to legitimate users of the system. These embodiments, and others, are described in greater detail below.
36 Citations
15 Claims
-
1. A method comprising:
-
receiving a request over a network for a network resource; applying one or more attack detection rules to the received request; ignoring the request if the request is part of a detected attack; segregating the request to a virtual local area network if the request is suspected to be part of an attack; and servicing the request from the virtual local area network utilizing resources segregated to the virtual local area network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
partitionable processor resources; a first network interface couplable to a first network; a second network interface couplable to a second network; a classification engine operable on one or more of the partitionable processor resources to; receive network resource requests over the first network interface for resources accessible via the second network interface; apply one or more attack detection rules to each received resource request to classify each resource request as an attack request, a suspected attack request, or a normal request; upon first detection of a suspected attack resource request, instantiate a virtual network over the second network interface, the virtual network including one or more virtual machines instantiated on the second network, the virtual machines including processes operative to service the suspect attack resource request; and sequester the suspect attack resource request and subsequently identified suspect attack resource requests to the virtual network. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
Specification