IP PRIORITIZATION AND SCORING SYSTEM FOR DDOS DETECTION AND MITIGATION
First Claim
1. A method for controlling network traffic, comprising:
- receiving, at a network server, client machine data for a plurality of client machines, the data relating to a confidence score for each of the plurality of client machines;
determining a plurality of threshold values;
relating one or more of the threshold values to one or more actions to be taken for request network traffic;
receiving a request associated with a client machine, wherein the association is determined using identification data found in the request;
determining a confidence score associated with the client machine; and
acting on the request based on the confidence score in relation to the threshold values and related actions to be taken.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system to mitigate an attack over the Internet includes collecting information related to a plurality of client IP addresses from a plurality of sources and analyzing the collected information to determine confidence scores for the plurality of client IP addresses. The method and system also include receiving network traffic from the Internet and limiting network traffic from a first subset of the plurality of client IP addresses characterized by a confidence score less than a first threshold. The method, and system further include determining a level of the network traffic and limiting network traffic from a second subset of the plurality of client IP addresses characterized by a confidence score less than a second threshold greater than the first threshold.
243 Citations
26 Claims
-
1. A method for controlling network traffic, comprising:
-
receiving, at a network server, client machine data for a plurality of client machines, the data relating to a confidence score for each of the plurality of client machines; determining a plurality of threshold values; relating one or more of the threshold values to one or more actions to be taken for request network traffic; receiving a request associated with a client machine, wherein the association is determined using identification data found in the request; determining a confidence score associated with the client machine; and acting on the request based on the confidence score in relation to the threshold values and related actions to be taken. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for computing a confidence score for an IP address, the method comprising:
-
storing information about a plurality of client IP addresses; analyzing the stored information about the client IP addresses, computing a confidence score for each of the plurality of client IP addresses based on the analysis of the stored information, wherein the confidence score is granular. - View Dependent Claims (9)
-
-
10. A method of mitigating an attack over the Internet, the method comprising:
-
collecting information related to a plurality of client IP addresses from a plurality of sources; analyzing the collected information to determine confidence scores for the plurality of client IP addresses; receiving network traffic from the Internet; limiting network traffic from a first subset of the plurality of client IP addresses characterized by a confidence score less than a first threshold; determining a level of the network traffic; and in response to determining the level of network traffic, limiting network traffic from a second subset of the plurality of client IP addresses characterized by a confidence score less than a second threshold greater than the first threshold. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A system for controlling network traffic, comprising:
-
a central server containing data for a plurality of client machines, the data relating to a confidence score of each of the plurality of client machine; a network server including a processor and computer-readable memory containing instructions which, when executed on the processor, perform a method comprising; receiving, at the network server, client machine data for a plurality of client machines; determining a plurality of threshold values; relating one or more of the threshold values to one or more actions to be taken for request network traffic; receiving a request associated with a client machine, wherein the association is determined using identification data found in the request; determining a confidence score associated with the client machine; and acting on the request based on the confidence score in relation to the threshold values and related actions to be taken. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A system of mitigating an attack over the Internet, comprising:
-
a processor; and memory storing instructions, which when executed on a processor, perform a method comprising; collecting information related to a plurality of client IP addresses from a plurality of sources; analyzing the collected information to determine confidence scores for the plurality of client IP addresses; receiving network traffic from the Internet; limiting network traffic from a first subset of the plurality of client IP addresses characterized by a confidence score less than a first threshold; determining a level of the network traffic; and in response to determining the level of network traffic, limiting network traffic from a second subset of the plurality of client IP addresses characterized by a confidence score less than a second threshold greater than the first threshold. - View Dependent Claims (23, 24, 25, 26)
-
Specification