Traffic segmentation in prevention of DDoS attacks

US 8,959,631 B2
Filed: 12/19/2012
Issued: 02/17/2015
Est. Priority Date: 12/19/2012
Status: Active Grant

First Claim

Patent Images

1. Computer storage media having computer-executable instructions embodied thereon, that when executed by one or more computing devices, cause the one or more computing devices to perform a method of utilizing internet protocol (IP) traffic segmentation to prevent distributed denial of service (DDoS) attacks, the method comprising:

collecting data from one or more legitimate users on a network;

identifying legitimate properties associated with the data, the legitimate properties including IP address, successful sign-on attempts, verified user status, or non-malicious use of a service;

utilizing the legitimate properties to create a set of learned rules;

receiving one or more requests for a particular service;

identifying request properties associated with the one or more requests;

predicting whether the one or more requests are legitimate based on applying the set of learned rules to the request properties.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and computer storage media for traffic segmentation in prevention of DDoS attacks are provided. Data associated with one or more users of a particular service or network is collected. Legitimate properties associated with the data are identified. In embodiments, the legitimate properties are shared with one or more related services. One or more requests are received for the service or related services and request properties are identified. The legitimacy of the one or more requests is predicted based on a comparison of the legitimate and request properties.

Citations

20 Claims

1. Computer storage media having computer-executable instructions embodied thereon, that when executed by one or more computing devices, cause the one or more computing devices to perform a method of utilizing internet protocol (IP) traffic segmentation to prevent distributed denial of service (DDoS) attacks, the method comprising:
- collecting data from one or more legitimate users on a network;
  
  identifying legitimate properties associated with the data, the legitimate properties including IP address, successful sign-on attempts, verified user status, or non-malicious use of a service;
  
  utilizing the legitimate properties to create a set of learned rules;
  
  receiving one or more requests for a particular service;
  
  identifying request properties associated with the one or more requests;
  
  predicting whether the one or more requests are legitimate based on applying the set of learned rules to the request properties.
- View Dependent Claims (2, 3, 4)
- - 2. The media of claim 1, further comprising prioritizing traffic for the network based on the prediction of the one or more requests.
  - 3. The media of claim 1, further comprising alerting the particular service if a DDoS attack is suspected.
  - 4. The media of claim 3, further comprising alerting similar services of the suspected DDoS attack.

5. Computer storage media having computer-executable instructions embodied thereon, that when executed by one or more computing devices, cause the one or more computing devices to perform a method of utilizing internet protocol (IP) traffic segmentation to prevent distributed denial of service (DDoS) attacks, the method comprising:
- collecting data associated with one or more users of a particular service;
  
  identifying properties associated with the data, the properties including IP address, successful sign-on attempts, verified user status, or non-malicious use of a service;
  
  sharing the properties with one or more related services;
  
  receiving one or more requests for one of the one or more related services; and
  
  predicting whether the one or more requests are legitimate.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The media of claim 5, further comprising prioritizing traffic for the one of the one or more related services based on the prediction.
  - 7. The media of claim 5, further comprising alerting the one or more related services if a DDoS attack is suspected.
  - 8. The media of claim 5, further comprising optimizing the properties for the one or more related services.
  - 9. The media of claim 8, wherein optimizing the properties comprises only sharing properties optimized to protecting assets of each of the one or more related services.

10. A computer system that facilitates utilizing internet protocol (IP) traffic segmentation to prevent distributed denial of service (DDoS) attacks, the computer system comprising a processor coupled to a computer storage medium, the computer storage medium having stored thereon a plurality of computer software components executable by the processor, the computer software components comprising:
- a data component that collects data associated with one or more users;
  
  a property component that identifies properties associated with the data and utilizes the properties to create a set of learned rules, the properties including IP address, successful sign-on attempts, verified user status, or non-malicious use of a service;
  
  a request component that receives one or more requests;
  
  a prediction component that predicts whether the one or more requests are legitimate.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The system of claim 10, wherein the data component includes a network data component that collects the data from one or more legitimate users on a network.
  - 12. The system of claim 11, wherein the property component includes a legitimate property component that identifies legitimate properties associated with the data.
  - 13. The system of claim 12, wherein the property component further includes a request property component for identifying request properties associated with the one or more requests.
  - 14. The system of claim 13, wherein the prediction component predicts whether the one or more requests are legitimate based on applying the set of learned rules to the request properties.
  - 15. The system of claim 14, further comprising a priority component that priorities traffic for the network based on the prediction of the one or more requests.
  - 16. The system of claim 15, further comprising an alert component for alerting a particular service and similar services if a DDoS attack is suspected.
  - 17. The system of claim 10, wherein the data component includes a service data component that collects the data associated with one or more users of a particular service.
  - 18. The system of claim 17, further comprising a share component for sharing the properties with one or more related services.
  - 19. The system of claim 18, wherein the request component further receives requests for the one or more related services.
  - 20. The system of claim 19, further comprising an optimization component that optimizes the properties for the one or more related services by only sharing properties optimized to protecting assets of each of the one or more related services.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Beryozkin, Genady
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
KAPLAN, BENJAMIN A

Application Number

US13/720,110
Publication Number

US 20140173725A1
Time in Patent Office

790 Days
Field of Search

726/22
US Class Current

726/22
CPC Class Codes

H04L 63/1425 Traffic logging, e.g. anoma...

H04L 63/1458 Denial of Service

Traffic segmentation in prevention of DDoS attacks

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Traffic segmentation in prevention of DDoS attacks

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links