METHOD AND SYSTEM FOR DDOS TRAFFIC DETECTION AND TRAFFIC MITIGATION USING FLOW STATISTICS
First Claim
Patent Images
1. A method for distributed denial of service (DDoS) attack detection and traffic mitigation using flow statistics, the method comprising:
- collecting first statistics for each flow based on flow information generated by traffic flow of a network connection device;
grouping and classifying the first statistics for each flow on a per-flow basis and processing the same into second statistics containing at least one of a number of bytes, the number of packets, and the number of flows per unit time;
calculating the rate of change of the second statistics, and if the rate of change exceeds a preset threshold rate, determining that a distributed denial of service attack occurs; and
limiting the flow rate of the traffic based on a predefined policy by executing a rate-limit function according to a result of the determination.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are a method and system for distributed denial of service (DDoS) attack detection and traffic mitigation using flow statistics. The method for DDoS attack detection and traffic mitigation using flow statistics includes: collecting first statistics for each flow based on flow information generated by traffic flow of a network connection device; and grouping the first statistics for each flow on a per-flow basis and processing the same into second statistics containing at least one of the number of bytes, the number of packets, and the number of flows per unit time.
103 Citations
10 Claims
-
1. A method for distributed denial of service (DDoS) attack detection and traffic mitigation using flow statistics, the method comprising:
-
collecting first statistics for each flow based on flow information generated by traffic flow of a network connection device; grouping and classifying the first statistics for each flow on a per-flow basis and processing the same into second statistics containing at least one of a number of bytes, the number of packets, and the number of flows per unit time; calculating the rate of change of the second statistics, and if the rate of change exceeds a preset threshold rate, determining that a distributed denial of service attack occurs; and limiting the flow rate of the traffic based on a predefined policy by executing a rate-limit function according to a result of the determination. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for distributed denial of service (DDoS) attack detection and traffic mitigation using flow statistics, the system comprising:
-
a flow statistics collector that collects first statistics for each flow based on flow information generated by traffic flow of a network connection device; a statistics processor that groups and classifies the first statistics for each flow on a per-flow basis and processes the same into second statistics containing at least one of the number of bytes, the number of packets, and the number of flows per unit time; a determiner that calculates the rate of change of the second statistics, and if the rate of change exceeds a preset threshold rate, determines that a distributed denial of service attack is occurring; and a controller that limits the flow rate of the traffic based on a predefined policy by executing a rate-limit function according to a result of the determination. - View Dependent Claims (8, 9, 10)
-
Specification