×

Systems and methods for detecting and preventing flooding attacks in a network environment

  • US 9,363,277 B2
  • Filed: 04/21/2015
  • Issued: 06/07/2016
  • Est. Priority Date: 07/06/2005
  • Status: Active Grant
First Claim
Patent Images

1. A method for processing network traffic data, comprising:

  • receiving a packet to initiate a new session associated with an Internet Protocol (IP) address;

    when the packet is not a previously dropped packet being retransmitted, dropping the packet;

    when the packet is a previously dropped packet being retransmitted and when a number N of concurrent sessions for active concurrent sessions associated with the IP address is less than a concurrent session threshold T1, passing the packet toward an intended recipient;

    when the packet is a previously dropped packet being retransmitted and when the number N of concurrent sessions for active concurrent sessions associated with the IP address is greater than a concurrent session threshold T1;

    determining a rate R at which the number of sessions N are received within a time period t including a session of the received packet, where R=N÷

    t;

    when the session rate threshold R is less than the prescribed session rate threshold T2 (R<

    T2), passing the packet toward the intended recipient; and

    classifying the packet as possibly associated with a flooding attack when the session rate threshold R is greater than or equal to the prescribed session rate threshold T2 (R>

    T2) and performing a preventative action with regard to the packet.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×