DETECTION AND MITIGATION SOLUTION USING HONEYPOTS
First Claim
1. A system for mitigating a distributed denial-of-service (DDoS) attack in a networked computing system, the system comprising:
- at least one DDoS honeypot in operative communication with a central controller in the networked computing system, wherein;
the at least one DDoS honeypot is configured to receive a data packet from a network, determine a source address of the data packet, and send the source address to the central controller; and
the central controller is configured to initiate a mitigation action based on the source address and one or more mitigation rules, wherein a determination of whether the received data packet is part of the DDoS attack is based on one or more detection rules.
5 Assignments
0 Petitions
Accused Products
Abstract
A system and method for mitigating a distributed denial-of-service (DDoS) attack in a networked computing system. At least one DDoS honeypot in operative communication with a central controller in the networked computing system is configured to receive a data packet from a network, determine a source address of the data packet, and send the source address to the central controller. The central controller is configured to initiate a mitigation action based on the source address and one or more mitigation rules, wherein a determination of whether the received data packet is part of the DDoS attack is based on one or more detection rules.
-
Citations
20 Claims
-
1. A system for mitigating a distributed denial-of-service (DDoS) attack in a networked computing system, the system comprising:
-
at least one DDoS honeypot in operative communication with a central controller in the networked computing system, wherein; the at least one DDoS honeypot is configured to receive a data packet from a network, determine a source address of the data packet, and send the source address to the central controller; and the central controller is configured to initiate a mitigation action based on the source address and one or more mitigation rules, wherein a determination of whether the received data packet is part of the DDoS attack is based on one or more detection rules. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method comprising:
-
receiving a data packet at a DDoS honeypot from a network; determining a source address of the data packet; and initiating a mitigation action based on the source address and one or more mitigation rules, wherein a determination of whether the received data packet is part of a DDoS attack is based on one or more detection rules. - View Dependent Claims (17, 18, 19)
-
-
20. A non-transitory computer readable medium comprising computer executable instructions which when executed by a processor cause the processor to perform a method of:
-
receiving a data packet at a DDoS honeypot from a network; determining a source address of the data packet; and initiating a mitigation action based on the source address and one or more mitigation rules, wherein a determination of whether the received data packet is part of a DDoS attack is based on one or more detection rules.
-
Specification