METHOD AND SYSTEM FOR PROTECTION AGAINST DISTRIBUTED DENIAL OF SERVICE ATTACKS
1 Assignment
0 Petitions
Accused Products
Abstract
A denial-of-service protection system may include a memory operable to store a behavior model and a processor communicatively coupled to the memory. The processor is capable of detecting a potential attack on the system, and receiving a first request from an endpoint. In response to receiving the first request from the endpoint, the processor may communicate an error to the endpoint. The processor may also receive a second request, from the endpoint and determine whether the second request from the endpoint deviates from the behavior model. If the second request from the endpoint deviates from the behavior model, the processor may deny traffic from the endpoint. If the second request from the endpoint does not deviate from the behavior model, then the processor may allow traffic from the endpoint.
15 Citations
29 Claims
-
1-9. -9. (canceled)
-
10. A method for protecting a system from a denial-of-service attack comprising:
-
storing a behavior model; detecting a potential attack on the system; receiving a first request from an endpoint; in response to receiving the first request from the endpoint, communicating an error to the endpoint; receiving a second request from the endpoint; determining whether the second request from the endpoint deviates from the behavior model; if the second request from the endpoint deviates from the behavior model, denying traffic from the endpoint; and if the second request from the endpoint does not deviate from the behavior model, allowing traffic from the endpoint. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 28)
-
-
19. A server comprising:
-
a memory; and a processor communicatively coupled to the memory, the processor operable to; detect a potential attack on the system; receive a first request from an endpoint; in response to receiving the first request from the endpoint, communicate an error to the endpoint; receive a second request from the endpoint; determine whether the second request from the endpoint deviates from a behavior model; if the second request from the endpoint deviates from the behavior model, deny traffic from the endpoint; and if the second request from the endpoint does not deviate from the behavior model, allow traffic from the endpoint. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 29)
-
Specification