Efficiently isolating malicious data requests

US 9,137,325 B2
Filed: 02/11/2011
Issued: 09/15/2015
Est. Priority Date: 02/11/2011
Status: Active Grant

First Claim

Patent Images

1. At a computer system including at least one processor and a memory, in a computer networking environment including a plurality of computing systems, a computer-implemented method for using smart routing to limit service denials, the method comprising:

tracking, at a tracking module of a gateway node, a tally corresponding to each of a plurality tenants, each tally tracking a level of suspicion of the corresponding tenant'"'"'s use a plurality of server nodes serviced by the gateway node, including;

each time that a server of the plurality of server nodes goes down, updating the corresponding tally for each tenant that was requesting data from said server node when said server node went down, including updating a particular tally for a particular tenant at least one time in connection with a server node going down; and

each time that a server of the plurality of server nodes is determined to be overloaded, updating the corresponding tally for each tenant that was requesting data from said server node when said server node was determined to be overloaded, including updating the particular tally for the particular tenant at least one time in connection with a server node being overloaded;

receiving, at a receiving module of the gateway node, one or more data requests from the particular tenant, the one or more data requests requesting data for an indicated service provided by the plurality of server nodes; and

determining, at a route determining module of the gateway node, how to process the received one or more data requests from the particular tenant, including;

based at least on the particular tally for the particular tenant being within a first range, determining that the particular tenant is on a malicious list, and blocking the one or more data requests;

based at least on the particular tally for the particular tenant being within a second range, determining that the particular tenant is on a suspect list, and metering the one or more data requests; and

based at least on the particular tally for the particular tenant being within a third range, determining that the particular tenant is on a good list, and permitting the one or more data requests with a lowest available level of restriction.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed to efficiently routing data requests from a plurality of tenants and to using smart routing to limit service denials. In an embodiment, a gateway node receives data requests from a tenant subscriber requesting data for an indicated service. The gateway node determines which server node the received data requests are to be routed to. The determination evaluates various criteria associated with the data request. The gateway node queries the determined server node to determine the health of the server nodes and receives a reply from the determined server node indicating the server node'"'"'s current operating status. The gateway node also, based on the determined server node'"'"'s reply, routes the received data requests to the determined server node, according to the evaluated criteria.

20 Citations

View as Search Results

20 Claims

1. At a computer system including at least one processor and a memory, in a computer networking environment including a plurality of computing systems, a computer-implemented method for using smart routing to limit service denials, the method comprising:
- tracking, at a tracking module of a gateway node, a tally corresponding to each of a plurality tenants, each tally tracking a level of suspicion of the corresponding tenant'"'"'s use a plurality of server nodes serviced by the gateway node, including;
  
  each time that a server of the plurality of server nodes goes down, updating the corresponding tally for each tenant that was requesting data from said server node when said server node went down, including updating a particular tally for a particular tenant at least one time in connection with a server node going down; and
  
  each time that a server of the plurality of server nodes is determined to be overloaded, updating the corresponding tally for each tenant that was requesting data from said server node when said server node was determined to be overloaded, including updating the particular tally for the particular tenant at least one time in connection with a server node being overloaded;
  
  receiving, at a receiving module of the gateway node, one or more data requests from the particular tenant, the one or more data requests requesting data for an indicated service provided by the plurality of server nodes; and
  
  determining, at a route determining module of the gateway node, how to process the received one or more data requests from the particular tenant, including;
  
  based at least on the particular tally for the particular tenant being within a first range, determining that the particular tenant is on a malicious list, and blocking the one or more data requests;
  
  based at least on the particular tally for the particular tenant being within a second range, determining that the particular tenant is on a suspect list, and metering the one or more data requests; and
  
  based at least on the particular tally for the particular tenant being within a third range, determining that the particular tenant is on a good list, and permitting the one or more data requests with a lowest available level of restriction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the gateway node tracks at least one of the following:
    - which tenants are sending data requests, what services the data requests are for, and which data requests have been sent in the past.
  - 3. The method of claim 1, wherein each tenant is provided an isolated workload associated with a percentage of the available server nodes, such that one tenant'"'"'s workload does not exceed another tenant'"'"'s workload boundaries.
  - 4. The method of claim 3, wherein each tenant'"'"'s workload is customizable and dynamically adjustable.
  - 5. The method of claim 1, wherein the data requests are received at the gateway node after having been load-balanced at a hardware-based load balancer.
  - 6. The method of claim 1, wherein the gateway node routes data requests for certain request types to server nodes that are designated to process those data request types.
  - 7. The method of claim 1, wherein the gateway node routes data requests received from the particular tenant to server nodes that are designated to process data requests from the particular tenant.
  - 8. The method of claim 1, wherein the gateway node routes subsequent data requests from the particular tenant to a particular server node that processed previous data requests from the particular tenant, and wherein the particular server node includes at least a portion of cached data used in processing the previous data requests.
  - 9. The method of claim 1, wherein the gateway node logs tenant subscribers that are linked to a malicious attack.
  - 10. The method of claim 1, further comprising adding one or more custom headers to the received data requests to send the data requests to a determined server node.
  - 11. The method of claim 1, further comprising the gateway node querying one or more server nodes to determine the health of the server nodes, wherein the health of the server nodes is based on the current processing status of the server nodes, the current processing status comprising available processor time, available memory and a processing queue.
  - 12. The method of claim 1, wherein each tenant subscriber is allotted an isolated workload associated with a certain number of server nodes for processing the tenant subscriber'"'"'s data requests.
  - 13. The method claim 1, wherein each tenant'"'"'s tally is weighted over a period of time.
  - 14. The method of claim 1, wherein the particular tally for the particular tenant is within the first range and the particular tenant is determined to be on the malicious list, and wherein the route determining module blocks the one or more data requests.
  - 15. The method of claim 1, wherein the particular tally for the particular tenant is within the second range and the particular tenant is determined to be on the suspect list, and wherein the route determining module meters the one or more data requests.
  - 16. The method of claim 1, wherein the particular tally for the particular tenant is within the third range and the particular tenant is determined to be on the good list, and wherein the route determining module permits the one or more data requests with the lowest available level of restriction.

17. A computer program product comprising one or more hardware storage device having stored thereon computer-executable instructions that, when executed by one or more processors of a computing system, cause the computing system to use smart routing to limit service denials, including at least the following:
- tracking, at a tracking module of a gateway node, a tally corresponding to each of a plurality tenants, each tally tracking a level of suspicion of the corresponding tenant'"'"'s use a plurality of server nodes serviced by the gateway node, including;
  
  each time that a server of the plurality of server nodes goes down, updating the corresponding tally for each tenant that was requesting data from said server node when said server node went down, including updating a particular tally for a particular tenant at least one time in connection with a server node going down; and
  
  each time that a server of the plurality of server nodes is determined to be overloaded, updating the corresponding tally for each tenant that was requesting data from said server node when said server node was determined to be overloaded, including updating the particular tally for the particular tenant at least one time in connection with a server node being overloaded;
  
  receiving, at a receiving module of the gateway node one or more data requests from the particular tenant, the one or more data requests requesting data for an indicated service provided by the plurality of server nodes; and
  
  determining, at a route determining module of the gateway node, how to process the received one or more data requests from the particular tenant, including;
  
  based at least on the particular tally for the particular tenant being within a first range, determining that the particular tenant is on a malicious list, and blocking the one or more data requests;
  
  based at least on the particular tally for the particular tenant being within a second range, determining that the particular tenant is on a suspect list, and metering the one or more data requests; and
  
  based at least on the particular tally for the particular tenant being within a third range, determining that the particular tenant is on a good list, and permitting the one or more data requests with a lowest available level of restriction.
- View Dependent Claims (18)
- - 18. The computer program product of claim 17, wherein each tenant'"'"'s tally is weighted over a period of time.

19. A computer system comprising the following:
- one or more processors;
  
  system memory;
  
  one or more computer-readable storage media having stored thereon computer-executable instructions that, when executed by the one or more processors, causes the computing system to use smart routing to limit service denials, including at least the following;
  
  tracking, at a tracking module of a gateway node, a tally corresponding to each of a plurality tenants, each tally tracking a level of suspicion of the corresponding tenant'"'"'s use a plurality of server nodes serviced by the gateway node, including;
  
  each time that a server of the plurality of server nodes goes down, updating the corresponding tally for each tenant that was requesting data from said server node when said server node went down, including updating a particular tally for a particular tenant at least one time in connection with a server node going down; and
  
  each time that a server of the plurality of server nodes is determined to be overloaded, updating the corresponding tally for each tenant that was requesting data from said server node when said server node was determined to be overloaded, including updating the particular tally for the particular tenant at least one time in connection with a server node being overloaded;
  
  receiving, at a receiving module of the gateway node, one or more data requests from the particular tenant, the one or more data requests requesting data for an indicated service provided by the plurality of server nodes; and
  
  determining, at a route determining module of the gateway node, how to process the received one or more data requests from the particular tenant, including;
  
  based at least on the particular tally for the particular tenant being within a first range, determining that the particular tenant is on a malicious list, and blocking the one or more data requests;
  
  based at least on the particular tally for the particular tenant being within a second range, determining that the particular tenant is on a suspect list, and metering the one or more data requests; and
  
  based at least on the particular tally for the particular tenant being within a third range, determining that the particular tenant is on a good list, and permitting the one or more data requests with a lowest available level of restriction.
- View Dependent Claims (20)
- - 20. The computer system of claim 19, wherein the gateway node tracks at least one of the following:
    - which tenants are sending data requests, what services the data requests are for, and which data requests have been sent in the past.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Muhunthan, Siva, Paraschiv, Vasile, Wu, Yunxin, Novik, Lev
Primary Examiner(s)
Bates, Kevin
Assistant Examiner(s)
Naoreen, Nazia

Application Number

US13/025,978
Publication Number

US 20120210017A1
Time in Patent Office

1,677 Days
Field of Search

709/238
US Class Current

1/1
CPC Class Codes

H04L 63/1458 Denial of Service

H04L 67/564 Enhancement of application ...

Efficiently isolating malicious data requests

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Efficiently isolating malicious data requests

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links