×

Scalable inline behavioral DDOS attack mitigation

  • US 9,172,721 B2
  • Filed: 07/16/2013
  • Issued: 10/27/2015
  • Est. Priority Date: 07/16/2013
  • Status: Active Grant
First Claim
Patent Images

1. An apparatus capable of enforcing behavioral policies and preventing Distributed Denial of Service (DDoS) attacks, the apparatus comprising:

  • a plurality of data interfaces configured to receive and forward or drop inbound/outbound packets;

    a plurality of DDoS attack mitigation components configured to (i) continuously learn granular rates at a plurality of Open System Interconnection (OSI) model network layers, wherein the granular rates represent observed rates of parameters for one or more of OSI model layer 2, layer 3, layer 4 or layer 7 within the inbound/outbound packets during a period of time;

    (ii) send information regarding the granular rates back to a controlling host;

    (iii) receive granular rate thresholds from the controlling host, and (iv) perform adaptive DDoS attack mitigation based on the granular rate thresholds;

    a switch, coupled to the plurality of DDoS attack mitigation components, configured to forward the inbound/outbound packets to the plurality of DDoS attack mitigation components and remember a port on which the inbound/outbound packets were received to facilitate forwarding of packets processed by the plurality of DDoS attack mitigation components over a corresponding pair port;

    a controlling host configured to (i) receive granular rate data relating to the learned granular rates from the plurality of DDoS attack mitigation components, (ii) aggregate the received granular rate data in accordance with a scaling treatment scheme to generate the granular rate thresholds and (iii) send the granular rate thresholds to the plurality of DDoS attack mitigation components; and

    a host interface connecting the plurality of DDoS attack mitigation components to the controlling host.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×