Traffic segregation in DDoS attack architecture
First Claim
1. A method, comprising:
- determining, by a particular node in a network, information relating to network attack detection and mitigation from a local machine learning attack detection and mitigation system;
sending, from the particular node, a message to an address in the network indicating capabilities of the local machine learning attack detection and mitigation system based on the information;
in response to the sent message, receiving, at the particular node, an indication that the node is a member of a collaborative group of nodes along with one or more other nodes in the network based on the capabilities of the local machine learning attack detection and mitigation system being complementary to capabilities of one or more other machine learning attack detection and mitigation systems local to the one or more other nodes; and
in response to an attack being detected by the local machine learning attack detection and mitigation system, providing, by the particular node to the collaborative group of nodes, an indication of attack data flows identified as corresponding to the attack, thereby enabling the one or more other machine learning attack detection and mitigation systems local to the one or more other nodes to assist the particular node in mitigating the attack.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a particular node in a network determines information relating to network attack detection and mitigation from a local machine learning attack detection and mitigation system. The particular node sends a message to an address in the network indicating capabilities of the local machine learning attack detection and mitigation system based on the information. In response to the sent message, the particular node receives an indication that it is a member of a collaborative group of nodes based on the capabilities of the local machine learning attack detection and mitigation system being complementary to capabilities of other machine learning attack detection and mitigation systems. Then, in response to an attack being detected by the local machine learning attack detection and mitigation system, the particular node provides to the collaborative group of nodes an indication of attack data flows identified as corresponding to the attack.
-
Citations
24 Claims
-
1. A method, comprising:
-
determining, by a particular node in a network, information relating to network attack detection and mitigation from a local machine learning attack detection and mitigation system; sending, from the particular node, a message to an address in the network indicating capabilities of the local machine learning attack detection and mitigation system based on the information; in response to the sent message, receiving, at the particular node, an indication that the node is a member of a collaborative group of nodes along with one or more other nodes in the network based on the capabilities of the local machine learning attack detection and mitigation system being complementary to capabilities of one or more other machine learning attack detection and mitigation systems local to the one or more other nodes; and in response to an attack being detected by the local machine learning attack detection and mitigation system, providing, by the particular node to the collaborative group of nodes, an indication of attack data flows identified as corresponding to the attack, thereby enabling the one or more other machine learning attack detection and mitigation systems local to the one or more other nodes to assist the particular node in mitigating the attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method, comprising:
-
receiving, at a centralized entity node in a network, messages from a plurality of nodes in the network indicating capabilities of a machine learning attack detection and mitigation system local to each respective node; in response to the received messages, computing, by the centralized entity node, a collaborative group of nodes based on a determination that the capabilities of the machine learning attack detection and mitigation systems local to the collaborative group of nodes are complementary to one another, wherein the machine learning attack detection and mitigation systems local to the collaborative group of nodes are enabled to assist one another in mitigating attacks in the network; and sending, from the centralized entity node, a message to the collaborative group of nodes identifying each node that is a member within the collaborative group of nodes. - View Dependent Claims (10, 11, 12)
-
-
13. An apparatus, comprising:
-
one or more network interfaces to communicate with a network; a processor coupled to the one or more network interfaces and configured to execute a process; and a memory configured to store program instructions which include the process executable by the processor, the process comprising; determining, as a particular node in the network, information relating to network attack detection and mitigation from a local machine learning attack detection and mitigation system; sending, from the particular node, a message to an address in the network indicating capabilities of the local machine learning attack detection and mitigation system based on the information; in response to the sent message, receiving, at the particular node, an indication that the node is a member of a collaborative group of nodes along with one or more other nodes in the network based on the capabilities of the local machine learning attack detection and mitigation system being complementary to capabilities of one or more other machine learning attack detection and mitigation systems local to the one or more other nodes; and in response to an attack being detected by the local machine learning attack detection and mitigation system, providing, by the particular node to the collaborative group of nodes, an indication of attack data flows identified as corresponding to the attack, thereby enabling the one or more other machine learning attack detection and mitigation systems local to the one or more other nodes to assist the particular node in mitigating the attack. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. An apparatus, comprising:
-
one or more network interfaces to communicate with a network; a processor coupled to the one or more network interfaces and configured to execute a process; and a memory configured to store program instructions which include the process executable by the processor, the process comprising; receiving, as a centralized entity node in the network, messages from a plurality of nodes in the network indicating capabilities of a machine learning attack detection and mitigation system local to each respective node; in response to the received messages, computing, by the centralized entity node, a collaborative group of nodes based on a determination that the capabilities of the machine learning attack detection and mitigation systems local to the collaborative group of nodes are complementary to one another, wherein the machine learning attack detection and mitigation systems local to the collaborative group of nodes are enabled to assist one another in mitigating attacks in the network; and sending, from the centralized entity node, a message to the collaborative group of nodes identifying each node that is a member within the collaborative group of nodes. - View Dependent Claims (22, 23, 24)
-
Specification