System and method for detection of denial of service attacks
First Claim
1. A distributed denial of service (“
- DDOS”
) detection engine communicatively coupled to a plurality of web servers, the DDOS detection engine comprising;
a web server interface configured to;
receive a plurality of web log traces from a web server, the web server being one of the plurality of web servers;
communicate a first plurality of user classifications to the web server based at least on the plurality of web log traces; and
communicate a second plurality of user classifications to the web server based at least on the plurality of web log traces; and
a first DDOS analysis engine configured to;
extract a first feature vector from the plurality of web log traces, wherein the first feature vector is representative of network traffic on the plurality of web servers over a first period of time;
apply a first machine learning technique to the first feature vector; and
produce the first plurality of user classifications for communication to the web server in substantially real time; and
a second DDOS analysis engine configured to;
extract a second feature vector from the plurality of web log traces, wherein the second feature vector is representative of network traffic on the plurality of web servers over a second period of time, the second period of time greater than the first period of time;
apply a second machine learning technique to the second feature vector; and
produce the second plurality of user classification for communication to the web server.
10 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for detecting a denial of service attack are disclosed. These may include receiving a plurality of web log traces from one of a plurality of web servers; extracting a first set of features from the plurality of web log traces; applying a first machine learning technique to the first set of features; producing a first plurality of user classifications for communication to the web server; extracting a second set of features from the plurality of web log traces; applying a second machine learning technique to the second set of features; producing a second plurality of user classification for communication to the web server; communicating the first plurality of user classifications to the web server based at least on the plurality of web log traces; and communicating the second plurality of user classifications to the web server based at least on the plurality of web log traces.
30 Citations
40 Claims
-
1. A distributed denial of service (“
- DDOS”
) detection engine communicatively coupled to a plurality of web servers, the DDOS detection engine comprising;a web server interface configured to; receive a plurality of web log traces from a web server, the web server being one of the plurality of web servers; communicate a first plurality of user classifications to the web server based at least on the plurality of web log traces; and communicate a second plurality of user classifications to the web server based at least on the plurality of web log traces; and a first DDOS analysis engine configured to; extract a first feature vector from the plurality of web log traces, wherein the first feature vector is representative of network traffic on the plurality of web servers over a first period of time; apply a first machine learning technique to the first feature vector; and produce the first plurality of user classifications for communication to the web server in substantially real time; and a second DDOS analysis engine configured to; extract a second feature vector from the plurality of web log traces, wherein the second feature vector is representative of network traffic on the plurality of web servers over a second period of time, the second period of time greater than the first period of time; apply a second machine learning technique to the second feature vector; and produce the second plurality of user classification for communication to the web server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- DDOS”
-
21. A method for detecting a distributed denial of service (“
- DDOS”
) attack on a networked system comprising a plurality of web servers, the method comprising;receiving a plurality of web log traces from a web server, the web server being one of the plurality of web servers; extracting a first feature vector from the plurality of web log traces, wherein the first feature vector is representative of network traffic on the plurality of web servers over a first period of time; applying a first machine learning technique to the first feature vector; producing a first plurality of user classifications for communication to the web server in substantially real time; extracting a second feature vector from the plurality of web log traces, wherein the second feature vector res is representative of network traffic on the plurality of web servers over a second period of time, the second period of time greater than the first period of time; applying a second machine learning technique to the second feature vector; producing a second plurality of user classification for communication to the web server; communicating the first plurality of user classifications to the web server based at least on the plurality of web log traces; and communicating the second plurality of user classifications to the web server based at least on the plurality of web log traces. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- DDOS”
Specification