SCALABLE DDoS PROTECTION OF SSL-ENCRYPTED SERVICES

US 20170070531A1
Filed: 09/04/2015
Published: 03/09/2017
Est. Priority Date: 09/04/2015
Status: Active Grant

First Claim

Patent Images

1. A system for mitigating network attacks within encrypted network traffic, the system comprising:

a protected network comprising a plurality of devices;

one or more attack mitigation devices communicatively coupled to the protected network and to a cloud platform, wherein the one or more attack mitigation devices are configured and operable to decrypt the encrypted network traffic received from the cloud platform and destined to the protected network to form a plurality of decrypted network packets, analyze the plurality of decrypted network packets to detect one or more attacks, generate, in response to detecting the one or more attacks, one or more attack signatures corresponding to the one or more detected attacks and send the generated one or more attack signatures to one or more attack mitigation services; and

the one or more attack mitigation services provided in the cloud platform, wherein the one or more attack mitigation services are configured and operable to block encrypted network traffic matching the one or more attack signatures from reaching the protected network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for mitigating network attacks within encrypted network traffic is provided. The system includes a protected network including a plurality of devices. The system further includes attack mitigation devices communicatively coupled to the protected network and to a cloud platform. The attack mitigation devices are configured and operable to decrypt the encrypted traffic received from the cloud platform and destined to the protected network to form a plurality of decrypted network packets and analyze the plurality of decrypted network to detect attacks. The attack mitigation devices are further configured to generate, in response to detecting the attacks, attack signatures corresponding to the detected attacks and configured to send the generated attack signatures to attack mitigation services provided in the cloud platform. The attack mitigation services are configured and operable to drop encrypted network traffic matching the attack signatures received from the attack mitigation devices.

Citations

20 Claims

1. A system for mitigating network attacks within encrypted network traffic, the system comprising:
- a protected network comprising a plurality of devices;
  
  one or more attack mitigation devices communicatively coupled to the protected network and to a cloud platform, wherein the one or more attack mitigation devices are configured and operable to decrypt the encrypted network traffic received from the cloud platform and destined to the protected network to form a plurality of decrypted network packets, analyze the plurality of decrypted network packets to detect one or more attacks, generate, in response to detecting the one or more attacks, one or more attack signatures corresponding to the one or more detected attacks and send the generated one or more attack signatures to one or more attack mitigation services; and
  
  the one or more attack mitigation services provided in the cloud platform, wherein the one or more attack mitigation services are configured and operable to block encrypted network traffic matching the one or more attack signatures from reaching the protected network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system as recited in claim 1, further comprising a Client Edge (CE) router device communicatively coupled to the one or more attack mitigation devices, the CE router device configured and operable to route the encrypted network traffic from the one or more attack mitigation devices to the protected network.
  - 3. The system as recited in claim 1, wherein the one or more attack signatures are sent from the one or more attack mitigation devices to the cloud platform using one or more cloud signaling messages.
  - 4. The system as recited in claim 1, wherein the encrypted network traffic comprises a Secure Socket Layer (SSL) traffic and wherein the one or more attack mitigation devices decrypt the SSL traffic using a private key and a certificate stored by the one or more attack mitigation devices.
  - 5. The system as recited in claim 1, wherein the one or more attack mitigation devices are further configured and operable to drop one or more decrypted network packets associated with the one or more detected network attacks.
  - 6. The system as recited in claim 1, wherein the generated one or more signatures comprise attributes that relate to at least one of a network layer and a transport layer.
  - 7. The system as recited in claim 1, wherein the one or more attacks comprise at least distributed denial of service attack.
  - 8. The system as recited in claim 5, wherein the one or more attack mitigation devices are further configured and operable to re-encrypt decrypted network packets not associated with the one or more detected network attacks and to send the re-encrypted packets to the protected network.
  - 9. The system as recited in claim 1, wherein the one or more attack mitigation devices reside within the cloud platform.
  - 10. The system as recited in claim 6, wherein the attributes comprise at least one of a source IP address, source port, destination port, protocol, Time To Live (TTL) value, and the like.

11. An attack mitigation device communicatively coupled to a protected network and to a cloud platform, the attack mitigation device comprising logic integrated with and/or executable by a processor, the logic being adapted to:
- decrypt encrypted network traffic received from the cloud platform and destined to the protected network to form a plurality of decrypted network packets;
  
  analyze the plurality of decrypted network packets to detect one or more attacks;
  
  generate, in response to detecting the one or more attacks, one or more attack signatures corresponding to the one or more detected attacks; and
  
  send the generated one or more attack signatures to one or more attack mitigation services in the cloud platform.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The attack mitigation device as recited in claim 11, wherein the attack mitigation device sends the generated one or more attack signatures to the cloud platform using one or more cloud signaling messages.
  - 13. The attack mitigation device as recited in claim 11, wherein the encrypted network traffic comprises a Secure Socket Layer (SSL) traffic and wherein the attack mitigation device decrypts the SSL traffic using a private key and a certificate stored by the attack mitigation device.
  - 14. The attack mitigation device as recited in claim 11, wherein the logic is further adopted to drop one or more decrypted network packets associated with the one or more detected network attacks.
  - 15. The attack mitigation device as recited in claim 11, wherein the generated one or more signatures comprise attributes that relate to at least one of a network layer and a transport layer.
  - 16. The attack mitigation device as recited in claim 11, wherein the one or more attacks comprise at least distributed denial of service attack.
  - 17. The attack mitigation device as recited in claim 14, wherein the logic is further adopted to re-encrypt decrypted network packets not associated with the one or more detected network attacks and to send the re-encrypted packets to the protected network.
  - 18. The attack mitigation device as recited in claim 11, wherein the attack mitigation device resides within the cloud platform.
  - 19. The attack mitigation device as recited in claim 11, wherein the attack mitigation device comprises a virtual device.
  - 20. The attack mitigation device as recited in claim 15, wherein the attributes comprise at least one of a source IP address, source port, destination port, protocol, Time To Live (TTL) value, and the like.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arbor Networks Incorporated (NetScout Systems Incorporated)
Original Assignee
Arbor Networks Incorporated (NetScout Systems Incorporated)
Inventors
Huston, Lawrence B. III, Iekel-Johnson, Scott

Granted Patent

US 10,116,692 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1458   Denial of Service

SCALABLE DDoS PROTECTION OF SSL-ENCRYPTED SERVICES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SCALABLE DDoS PROTECTION OF SSL-ENCRYPTED SERVICES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links