TRAFFIC SEGMENTATION IN PREVENTION OF DDOS ATTACKS
First Claim
1. Computer storage media having computer-executable instructions embodied thereon, that when executed by one or more computing devices, cause the one or more computing devices to perform a method of utilizing internet protocol (IP) traffic segmentation to prevent distributed denial of service (DDoS) attacks, the method comprising:
- collecting data from one or more legitimate users on a network;
identifying legitimate properties associated with the data;
utilizing the legitimate properties to create a set of learned rules;
receiving one or more requests for a particular service;
identifying request properties associated with the one or more requests;
predicting whether the one or more requests are legitimate based on applying the set of learned rules to the request properties.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and computer storage media for traffic segmentation in prevention of DDoS attacks are provided. Data associated with one or more users of a particular service or network is collected. Legitimate properties associated with the data are identified. In embodiments, the legitimate properties are shared with one or more related services. One or more requests are received for the service or related services and request properties are identified. The legitimacy of the one or more requests is predicted based on a comparison of the legitimate and request properties.
-
Citations
20 Claims
-
1. Computer storage media having computer-executable instructions embodied thereon, that when executed by one or more computing devices, cause the one or more computing devices to perform a method of utilizing internet protocol (IP) traffic segmentation to prevent distributed denial of service (DDoS) attacks, the method comprising:
-
collecting data from one or more legitimate users on a network; identifying legitimate properties associated with the data; utilizing the legitimate properties to create a set of learned rules; receiving one or more requests for a particular service; identifying request properties associated with the one or more requests; predicting whether the one or more requests are legitimate based on applying the set of learned rules to the request properties. - View Dependent Claims (2, 3, 4)
-
-
5. Computer storage media having computer-executable instructions embodied thereon, that when executed by one or more computing devices, cause the one or more computing devices to perform a method of utilizing internet protocol (IP) traffic segmentation to prevent distributed denial of service (DDoS) attacks, the method comprising:
-
collecting data associated with one or more users of a particular service; identifying properties associated with the data; sharing the properties with one or more related services; receiving one or more requests for one of the one or more related services; and predicting whether the one or more requests are legitimate. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A computer system that facilitates utilizing internet protocol (IP) traffic segmentation to prevent distributed denial of service (DDoS) attacks, the computer system comprising a processor coupled to a computer storage medium, the computer storage medium having stored thereon a plurality of computer software components executable by the processor, the computer software components comprising:
-
a data component that collects data associated with one or more users; a property component that identifies properties associated with the data and utilizes the properties to create a set of learned rules; a request component that receives one or more requests; a prediction component that predicts whether the one or more requests are legitimate. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification