×

System and method for preventing DOS attacks utilizing invalid transaction statistics

  • US 9,282,116 B1
  • Filed: 09/18/2013
  • Issued: 03/08/2016
  • Est. Priority Date: 09/27/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method for protecting a network from network based attacks, the method comprising:

  • monitoring, by a network traffic management device, at least one of current transactions per second or current latency values for one or more established connections with one or more client devices and generating at least one of a current average transactions per second value or a current average latency value based on the monitoring;

    comparing, by the network traffic management device, at least one of the current average transactions per second value or the current average latency value to an average transactions per second value or an average latency value over at least one of a short set period of time or a long set period of time; and

    entering, by the network traffic management device, a prevention mode when at least one of the current average transactions per second value or the current average latency value exceeds the average transactions per second value or the average latency value for the short set period of time or the long set period of time;

    monitoring, by the network traffic management device, response codes in a number of server responses for at least one of the client devices or at least one resource requested by one or more of the client devices;

    comparing, by the network traffic management device, a ratio of invalid ones of the server responses to valid ones of the server responses for the client device or requested resource to a preestablished ratio threshold value, wherein the invalid ones of the server responses each comprise an invalid one of the response codes;

    marking, by the network traffic management device, the client device or requested resource as suspicious when the ratio exceeds the ratio threshold value and without restricting any network traffic when not in the prevention mode; and

    preventing, by the network traffic management device, the suspicious client device from transmitting at least one additional request to one or more of the servers, or the suspicious requested resource from being transmitted to one or more of the client devices, when in the prevention mode.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×