Method and Apparatus for Excessive Access Rate Detection
First Claim
1. A method for securing a web server, the method comprising:
- receiving a request to access content on a web server at an application security system;
identifying a source of the request using the application security system;
incrementing a request total associated with the source representing a number of requests received from the source during a predetermined time interval;
determining whether the request total exceeds an access threshold associated with the content; and
performing a responsive action if the request total exceeds the access threshold.
10 Assignments
0 Petitions
Accused Products
Abstract
A system and method for protection of Web based applications are described. Anomalous traffic can be identified by comparing the traffic to a profile of acceptable user traffic when interacting with the application. Excessive access rates are one type of anomalous traffic that is detected by monitoring a source and determining whether the number of requests that the source generates within a specific time frame is above a threshold. The anomalous traffic, or security events, identified at the individual computer networks are communicated to a central security manager. The central security manager correlates the security events at the individual computer networks to determine if there is an enterprise wide security threat. The central security manager can then communicate instructions to the individual computer networks so as to provide an enterprise wide solution to the threat. Various responsive actions may be taken in response to detection of an excessive access rate.
-
Citations
21 Claims
-
1. A method for securing a web server, the method comprising:
-
receiving a request to access content on a web server at an application security system; identifying a source of the request using the application security system; incrementing a request total associated with the source representing a number of requests received from the source during a predetermined time interval; determining whether the request total exceeds an access threshold associated with the content; and performing a responsive action if the request total exceeds the access threshold. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An application security system comprising:
-
a processor; a computer-readable storage medium communicatively coupled with the processor and storing computer-executable instructions comprising an application protection module configured to perform the following steps receiving a request to access content on a web server; identifying a source of the request; incrementing a request total associated with the source representing a number of requests received from the source during a predetermined time interval; determining whether the request total exceeds an access threshold associated with the content; and performing a responsive action if the request total exceeds the access threshold. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer-readable medium comprising processor-executable instructions that, when executed, direct a computer system to perform actions comprising:
-
receiving a request to access content on a web server; identifying a source of the request; incrementing a request total associated with the source representing a number of requests received from the source during a predetermined time interval; determining whether the request total exceeds an access threshold associated with the content; and performing a responsive action if the request total exceeds the access threshold. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification