METHOD AND SYSTEM FOR DETECTING AND MITIGATING ATTACKS PERFORMED USING CRYPTOGRAPHIC PROTOCOLS
First Claim
1. A security system for detecting and mitigating encrypted denial-of-service (DoS) attacks, comprising:
- a DoS defense (DoSD) module configured to detect an encrypted DoS attack in an inbound traffic by analyzing attributes only in the inbound traffic that relate to at least one of a network layer and an application layer, wherein the DoSD module is further configured to mitigate a detected encrypted attack, the inbound traffic originates at a client and is addressed to a protected server; and
a cryptographic protocol engine (CPE) configured to establish a new encrypted session between the client and the security system, decrypt requests included in the inbound traffic, and send encrypted responses to the client over the new encrypted session between the client and the security system.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and security system for detecting and mitigating encrypted denial-of-service (DoS) attacks. The system includes a DoS defense (DoSD) module configured to detect an encrypted DoS attack in an inbound traffic by analyzing attributes only in the inbound traffic that relate to at least one of a network layer and an application layer, wherein the DoSD module is further configured to mitigate a detected encrypted attack, the inbound traffic originates at a client and is addressed to a protected server; and a cryptographic protocol engine (CPE) configured to establish a new encrypted session between the client and the security system, decrypt requests included in the inbound traffic, and send encrypted responses to the client over the new encrypted session between the client and the security system.
-
Citations
24 Claims
-
1. A security system for detecting and mitigating encrypted denial-of-service (DoS) attacks, comprising:
-
a DoS defense (DoSD) module configured to detect an encrypted DoS attack in an inbound traffic by analyzing attributes only in the inbound traffic that relate to at least one of a network layer and an application layer, wherein the DoSD module is further configured to mitigate a detected encrypted attack, the inbound traffic originates at a client and is addressed to a protected server; and a cryptographic protocol engine (CPE) configured to establish a new encrypted session between the client and the security system, decrypt requests included in the inbound traffic, and send encrypted responses to the client over the new encrypted session between the client and the security system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for detecting and mitigating encrypted denial-of-service (DoS) attacks, comprising:
-
detecting an encrypted DoS attack in an inbound traffic by analyzing network layer attributes of only the inbound traffic, the inbound traffic originates at a client and is addressed to a protected server and the network layer attributes are not encrypted; dropping a connection between the client and the protected server if an encrypted DoS attack at the network layer has been detected; terminating an encrypted connection with the client if an encrypted DoS attack at the network layer has not been detected; detecting an encrypted DoS attack in the inbound traffic by analyzing application layer attributes of only the inbound traffic, wherein the network layer attributes are encrypted; and causing to establish a new encrypted connection between the client and the protected server, if an encrypted DoS attack at the application layer has not been detected. - View Dependent Claims (14, 15, 16, 17, 18, 19, 21, 22, 23)
-
-
20. A method for detecting and mitigating encrypted denial-of-service (DoS) attacks, comprising:
-
terminating an encrypted connection between the client and a protected server, upon reception of only an inbound traffic diverted from a client, wherein the inbound traffic is suspected to include malicious threats; establishing a new encrypted session with the client; responding to a client'"'"'s request received over the new encrypted session with an encrypted client web challenge; determining if the client correctly responds to the encrypted client web challenge; dropping the new encrypted session with the client, if the client does not correctly respond to the encrypted client web challenge; and causing the client to establish a new encrypted session with the protected server, if the client does correctly respond to the encrypted client web challenge. - View Dependent Claims (24)
-
Specification