Methods, media and systems for responding to a denial of service attack

US 8,549,646 B2
Filed: 10/20/2006
Issued: 10/01/2013
Est. Priority Date: 10/20/2005
Status: Active Grant

First Claim

Patent Images

1. A method for responding to a Denial of Service (DoS) attack, comprising:

detecting the denial of service attack;

migrating one or more processes, that provide a service to a client, and that are running on a target server, from the target server to a migration server in response to the detecting of the denial of service attack by;

saving information regarding the one or more processes at the target server;

transferring the saved information to the migration server from the target server using an unpublicized link; and

restarting the one or more processes on the migration server using the saved information;

identifying users as not being sources of the denial of service attack by authenticating users that are authorized to use the service;

routing traffic generated by users identified as not being sources of the denial of service attack to the migration server; and

periodically changing an IP address associated with the unpublicized link.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, media and systems for responding to a Denial of Service (DoS) attack are provided. In some embodiments, a method includes detecting a DoS attack, migrating one or more processes that provide a service to an unaffected system; authenticating users that are authorized to use the service; and routing traffic generated by authenticated users to the unaffected system.

182 Citations

13 Claims

1. A method for responding to a Denial of Service (DoS) attack, comprising:
- detecting the denial of service attack;
  
  migrating one or more processes, that provide a service to a client, and that are running on a target server, from the target server to a migration server in response to the detecting of the denial of service attack by;
  
  saving information regarding the one or more processes at the target server;
  
  transferring the saved information to the migration server from the target server using an unpublicized link; and
  
  restarting the one or more processes on the migration server using the saved information;
  
  identifying users as not being sources of the denial of service attack by authenticating users that are authorized to use the service;
  
  routing traffic generated by users identified as not being sources of the denial of service attack to the migration server; and
  
  periodically changing an IP address associated with the unpublicized link.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the migrating comprises migrating the one or more processes from a first virtualized operating system environment to a second virtualized operating system environment.
  - 3. The method of claim 1, wherein the authenticating comprises authenticating by digital certificates.
  - 4. The method of claim 1, wherein the authenticating comprises authenticating human users by Graphical Turing Tests.
  - 5. The method of claim 1, wherein the service is a web server.

6. A non-transitory computer-readable medium containing computer-executable instructions that, when executed by a processor, cause the processor to perform a method for responding to a DoS attack, comprising:
- detecting the denial of service attack;
  
  migrating one or more processes, that provide a service to a client, and that are running on a target server, from the target server to a migration server in response to the detecting of the denial of service attack by;
  
  saving information regarding the one or more processes at the target server;
  
  transferring the saved information to the migration server from the target server using an unpublicized link; and
  
  restarting the one or more processes on the migration server using the saved information;
  
  identifying users as not being sources of the denial of service attack by authenticating users that are authorized to use the service;
  
  routing traffic generated by users identified as not being sources of the denial of service attack to the migration server; and
  
  periodically changing an IP address associated with the unpublicized link.
- View Dependent Claims (7, 8, 9)
- - 7. The computer-readable medium of claim 6, wherein the one or more processes are migrated from a first virtualized operating system environment to a second virtualized operating system environment.
  - 8. The computer-readable medium of claim 6, wherein the authenticating comprises authenticating by digital certificates.
  - 9. The computer-readable medium of claim 6, wherein the authenticating comprises authenticating human users by Graphical Turing Tests.

10. A system for responding to a DoS attack, comprising:
- a migration system configured to migrate one or more processes, that provide a service to a client, and that are running on a target server from the target server to a migration server when the target server is affected by the denial of service attack, in response to the detecting of the denial of service attack by;
  
  saving information regarding the one or more processes at the target server;
  
  transferring the saved information to the migration server from the target server using an unpublicized link, wherein an IP address associated with the unpublicized link is periodically changed; and
  
  restarting the one or more processes on the migration server using the saved information; and
  
  an overlay network configured to identify users as not being sources of the denial of service attack by authenticating authorized users and route traffic from the users identified as not being sources of the denial of service attack to the migration server.
- View Dependent Claims (11, 12, 13)
- - 11. The system of claim 10, wherein the service is a web server.
  - 12. The system of claim 10, wherein, after the one or more processes is migrated, the migration server is configured to access a storage unit using the unpublicized link, and wherein the storage unit is used by the one or more processes before migration.
  - 13. The system of claim 10, wherein the target server and the migration server are located in two different networks provided by different Internet Service Providers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trustees Of Columbia University In The City Of New York (Columbia University)
Original Assignee
Trustees Of Columbia University In The City Of New York (Columbia University)
Inventors
Stavrou, Angelos, Keromytis, Angelos D., Nieh, Jason, Misra, Vishal, Rubenstein, Daniel
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
Ambaye, Samuel

Application Number

US11/584,312
Publication Number

US 20070214505A1
Time in Patent Office

2,538 Days
Field of Search

726/24, 726/23, 726/22, 709/201, 709/202, 709/203
US Class Current

726/24
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 2463/141   Denial of service attacks a...

H04L 63/1458   Denial of Service

Methods, media and systems for responding to a denial of service attack

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

182 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, media and systems for responding to a denial of service attack

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

182 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links