System and method for protecting computer device against overload via network attack
First Claim
1. A method for use with a stateful packet processing device of a computer network for mitigating effects of a network overload against said device, said method operable to free memory used to store information about communications sessions managed by said device, said method comprising the steps of:
- classifying session cache entries made in memory into different cache classes, according to one or more characteristics of those entries;
determining when said device is under network overload;
selecting session cache entries for deletion and deleting them thereby freeing associated memory when said device is under network overload;
determining when sufficient memory has been freed, such that said cache entries are no longer deleted.
8 Assignments
0 Petitions
Accused Products
Abstract
The present invention protects network devices from overload and from network packet flood attacks (such as Denial of Service and Distributed Denial of Service attacks) that would otherwise consume available resources, and possibly cause system failure or compromise the system by allowing intrusion. The invention, termed an intelligent cache management system is used to free allocated resources (memory, in particular) for reuse, when under sustained attack. One exemplary embodiment of a cache management system of the present invention is used in connection with session-type packet processing devices of a computer network. The system comprises a memory management database for storing communication traffic classification and memory threshold values, and a memory monitor for tracking overall memory usage and determining when the memory threshold values stored in the memory management database are reached. A cache classifier is used to determine a class into which a given session of communications traffic falls. When the memory threshold value is reached, a pruning mechanism selects and prunes entries representing sessions on the packet processing device in accordance with the communication traffic classification and memory thresholds programmed in the memory management database.
-
Citations
30 Claims
-
1. A method for use with a stateful packet processing device of a computer network for mitigating effects of a network overload against said device, said method operable to free memory used to store information about communications sessions managed by said device, said method comprising the steps of:
-
classifying session cache entries made in memory into different cache classes, according to one or more characteristics of those entries; determining when said device is under network overload; selecting session cache entries for deletion and deleting them thereby freeing associated memory when said device is under network overload; determining when sufficient memory has been freed, such that said cache entries are no longer deleted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus for use with a stateful packet processing device of a computer network for mitigating effects of a network overload against said device, said apparatus operable to free memory used to store information about communications sessions managed by said device, said system comprising:
-
a classification component operable to determine, for each session cache entry, the cache class to which that entry belongs according to one or more characteristics of the entry; a memory management database for tracking the amounts of memory used for each category of entry, as well as for tracking the total amount of memory used for all entries; a pruning component that is used to select and delete entries; and a processor for determining when said device is experiencing network overload and selecting specific cache session entries for deletion until sufficient memory has been freed. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A cache management system used in connection with session-type packet processing devices of a computer network, said system comprising:
-
a memory management database for storing communication traffic classification and memory threshold values; a memory monitor for tracking overall memory usage and determining when said memory threshold values stored in said memory management database are reached; a cache classifier used to determine a class into which a given session of communications traffic falls; and a pruner mechanism for selecting and pruning selected sessions of said packet processing device in accordance with said communication traffic classification and memory thresholds programmed in said memory management database when said memory threshold value is reached. - View Dependent Claims (26, 27, 28, 29, 30)
-
Specification