Scalable inline behavioral DDoS attack mitigation
First Claim
Patent Images
1. A method comprising:
- receiving, by a switch, inbound/outbound packets;
remembering, by the switch, ports on which the inbound/outbound packets were received to facilitate forwarding of the inbound/outbound packets on corresponding pair ports after the inbound/outbound packets are processed by a plurality of Distributed Denial of Service (DDoS) attack mitigation components;
distributing, by the switch, the inbound/outbound packets among the plurality of DDoS attack mitigation components;
calculating, by each of the plurality of DDoS attack mitigation components, a plurality of granular rates for each of a plurality of Open System Interconnection (OSI) model network layers, including a plurality of layer 2, layer 3, layer 4 and layer 7 parameters, based on individual protocols, individual parameters or commands of the individual protocols of the inbound/outbound packets;
sending, by each of the plurality of DDoS attack mitigation components, the plurality of granular rates to a controlling host;
generating, by the controlling host, a plurality of granular rate thresholds for each of the plurality of layer 2, layer 3, layer 4 and layer 7 parameters by aggregating corresponding granular rates of the plurality of granular rates;
sending, by the controlling host, the plurality of granular rate thresholds to the plurality of DDoS attack mitigation components;
responsive to receipt of the plurality of granular rate thresholds, performing, by the plurality of DDoS attack mitigation components, DDoS attack mitigation by enforcing the plurality of granular rate thresholds; and
forwarding or dropping, by the plurality of DDoS attack mitigation components, the inbound/outbound packets based on results of the DDoS attack mitigation, whereby the inbound/outbound packets are rate limited granularly to the plurality of granular rate thresholds for each of the plurality of layer 2, layer 3, layer 4 and layer 7 parameters.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for a scalable solution to behavioral Distributed Denial of Service (DDoS) attacks targeting a network are provided. According to one embodiment, a method to determine the scaling treatment is provided for various granular layer parameters of the Open System Interconnection (OSI) model for communication systems. A hardware-based apparatus helps identify packet rates and determine packet rate thresholds through continuous and adaptive learning with multiple DDoS attack mitigation components. The system can be scaled up by stacking multiple DDoS attack mitigation components to provide protection against large scale DDoS attacks by distributing load across these stacked components.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving, by a switch, inbound/outbound packets; remembering, by the switch, ports on which the inbound/outbound packets were received to facilitate forwarding of the inbound/outbound packets on corresponding pair ports after the inbound/outbound packets are processed by a plurality of Distributed Denial of Service (DDoS) attack mitigation components; distributing, by the switch, the inbound/outbound packets among the plurality of DDoS attack mitigation components; calculating, by each of the plurality of DDoS attack mitigation components, a plurality of granular rates for each of a plurality of Open System Interconnection (OSI) model network layers, including a plurality of layer 2, layer 3, layer 4 and layer 7 parameters, based on individual protocols, individual parameters or commands of the individual protocols of the inbound/outbound packets; sending, by each of the plurality of DDoS attack mitigation components, the plurality of granular rates to a controlling host; generating, by the controlling host, a plurality of granular rate thresholds for each of the plurality of layer 2, layer 3, layer 4 and layer 7 parameters by aggregating corresponding granular rates of the plurality of granular rates; sending, by the controlling host, the plurality of granular rate thresholds to the plurality of DDoS attack mitigation components; responsive to receipt of the plurality of granular rate thresholds, performing, by the plurality of DDoS attack mitigation components, DDoS attack mitigation by enforcing the plurality of granular rate thresholds; and forwarding or dropping, by the plurality of DDoS attack mitigation components, the inbound/outbound packets based on results of the DDoS attack mitigation, whereby the inbound/outbound packets are rate limited granularly to the plurality of granular rate thresholds for each of the plurality of layer 2, layer 3, layer 4 and layer 7 parameters. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification