×

System and method for denial of service attack mitigation using cloud services

  • US 9,432,385 B2
  • Filed: 12/16/2011
  • Issued: 08/30/2016
  • Est. Priority Date: 08/29/2011
  • Status: Active Grant
First Claim
Patent Images

1. A method for mitigating an attack on a network utilizing a subscriber monitoring device and a service provider mitigation system, the method comprising:

  • the subscriber monitoring device monitoring network traffic between a subscriber network and a service provider network;

    the subscriber monitoring device and service provider mitigation system sending and receiving asynchronous status messages to each other using a stateless protocol;

    the subscriber monitoring device determining if the subscriber network is under attack and determining a fingerprint for the attack, wherein the attack fingerprint comprises at least one of one or more source IP addresses of the packets that make up the attack, one or more destination IP addresses of the packets that make up the attack, characteristics of packet payloads related to the packets that make up the attack and port numbers that are under attack;

    the subscriber monitoring device requesting mitigation from the service provider mitigation system via a mitigation request when the subscriber network is under attack, wherein said mitigation request includes the attack fingerprint;

    the service provider mitigation system providing mitigation, the mitigation including dropping packets generated by attackers based on, at least in part, the attack fingerprint while the subscriber network is under attack, the mitigation being provided in response to the requested mitigation; and

    the subscriber monitoring device sending a request to terminate the mitigation in response to an amount of network traffic dropped by the service provider mitigation system as indicated by status messages from the service provider mitigation system and an amount of network traffic received from the service provider mitigation system following the mitigation, wherein the service provider mitigation system further comprises a plurality of sensors and communication devices providing data communication and transmission of packets across the service provider network, wherein each status message sent between the subscriber monitoring device and the service provider monitoring system includes an arrival time of a most recently received status message and a timestamp of when the respective status message was sent,wherein each status message sent between the subscriber monitoring device and the service provider monitoring system includes an arrival time of a most recently received status message and a timestamp of when the respective status message was sent.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×