Health monitor based distributed denial of service attack mitigation

US 9,860,271 B2
Filed: 12/28/2015
Issued: 01/02/2018
Est. Priority Date: 08/26/2013
Status: Active Grant

First Claim

Patent Images

1. A method implemented by at least one hardware processor for mitigating a distributed denial of service (DDoS) event comprising:

sending a request to a health monitor regarding a state of a first computing system, the health monitor comprising a second computing system, the health monitor determining presence of network data traffic through a collapsible virtual data circuit that normally conveys the network data traffic and collapses in response to a DDoS event by stopping flow of the network data traffic;

ascertaining the health monitor has failed, the failure being evidenced by the lack of a response to the request;

determining there is an interruption of the network data traffic due to a collapse of the collapsible virtual data circuit using the ascertained failure;

attributing the interruption of the network data traffic due to the collapse of the collapsible virtual data circuit to a DDoS event;

triggering redirection of the network data traffic to a DDoS mitigation service, the DDoS mitigation service comprising a third computing system;

sending a further request to the health monitor regarding the presence of the network data traffic in the collapsible virtual data circuit;

in response to the further request sent to the health monitor, receiving an indication from the health monitor of the presence of the network data traffic in the collapsible virtual data circuit, the presence of the network data traffic in the collapsible virtual data circuit being attributed to a successful mitigation of the DDoS event; and

triggering direction of the network data traffic back to the collapsible virtual data circuit.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are methods and systems for mitigating a DDoS event. The method may comprise receiving an indication of a collapse of a collapsible virtual data circuit associated with network data traffic. In response to the received indication of the collapse, the collapse may be attributed to the DDoS event. Furthermore, the method may comprise redirecting the network data traffic to one or more DDoS mitigation services. The method may further comprise mitigating the DDoS event by the one or more DDoS mitigation services.

195 Citations

16 Claims

1. A method implemented by at least one hardware processor for mitigating a distributed denial of service (DDoS) event comprising:
- sending a request to a health monitor regarding a state of a first computing system, the health monitor comprising a second computing system, the health monitor determining presence of network data traffic through a collapsible virtual data circuit that normally conveys the network data traffic and collapses in response to a DDoS event by stopping flow of the network data traffic;
  
  ascertaining the health monitor has failed, the failure being evidenced by the lack of a response to the request;
  
  determining there is an interruption of the network data traffic due to a collapse of the collapsible virtual data circuit using the ascertained failure;
  
  attributing the interruption of the network data traffic due to the collapse of the collapsible virtual data circuit to a DDoS event;
  
  triggering redirection of the network data traffic to a DDoS mitigation service, the DDoS mitigation service comprising a third computing system;
  
  sending a further request to the health monitor regarding the presence of the network data traffic in the collapsible virtual data circuit;
  
  in response to the further request sent to the health monitor, receiving an indication from the health monitor of the presence of the network data traffic in the collapsible virtual data circuit, the presence of the network data traffic in the collapsible virtual data circuit being attributed to a successful mitigation of the DDoS event; and
  
  triggering direction of the network data traffic back to the collapsible virtual data circuit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the health monitor includes at least one of:
    - software, signaling, and database query.
  - 3. The method of claim 1, wherein the DDoS mitigation service:
    - analyzes the network data traffic to detect DDoS data packages, and filters the DDoS data packages to provide filtered network data traffic.
  - 4. The method of claim 3, wherein the network data traffic present in the collapsible virtual data circuit includes the filtered network data traffic.
  - 5. The method of claim 1, wherein the receiving of the indication from the health monitor is performed via at least one of the following:
    - Ethernet, Internet Protocol (IP), and software defined network (SDN).
  - 6. The method of claim 1, further comprising:
    - updating a Domain Name System (DNS) name in response to the determining there is the interruption of the network data traffic due to the collapse of the collapsible virtual data circuit.
  - 7. The method of claim 1, wherein an additional circuit is activated and the network data traffic is routed through the additional circuit due to the collapse of the collapsible virtual data circuit.
  - 8. The method of claim 1, wherein the health monitor is configured to be connected to an application delivery controller (ADC) or an external DDoS service.

9. A system for mitigating a DDoS event comprising:
- a hardware processor; and
  
  a memory coupled to the hardware processor, the memory storing instructions executable by the hardware processor to perform a method comprising;
  
  sending a request to a health monitor regarding a state of a first computing system, the health monitor comprising a second computing system, the health monitor determining presence of network data traffic through a collapsible virtual data circuit that normally conveys the network data traffic and collapses in response to a DDoS event by stopping flow of the network data traffic;
  
  ascertaining the health monitor has failed, the failure being evidenced by the lack of a response to the request;
  
  determining there is an interruption of the network data traffic due to a collapse of the collapsible virtual data circuit using the ascertained failure;
  
  redirects the network data traffic to one or more DDoS mitigation services;
  
  attributing the interruption of the network data traffic due to the collapse of the collapsible virtual data circuit to a DDoS event;
  
  triggering redirection of the network data traffic to a DDoS mitigation service, the DDoS mitigation service comprising a third computing system;
  
  sending a further request to the health monitor regarding the presence of the network data traffic in the collapsible virtual data circuit;
  
  in response to the further request sent to the health monitor, receiving an indication form the health monitor of the presence of the network data traffic in the collapsible virtual data circuit, the presence of the network data traffic in the collapsible virtual data circuit being attributed to a successful mitigation of the DDoS event; and
  
  triggering direction of the network data traffic back to the collapsible virtual data circuit.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the health monitor includes at least one of:
    - software, signaling, and database query.
  - 11. The system of claim 9, wherein the DDoS mitigation service:
    - analyzes the network data traffic to detect DDoS data packages; and
      
      filters the DDoS data packages to provide filtered network data traffic.
  - 12. The system of claim 11, wherein the network data traffic present in the collapsible virtual data circuit includes the filtered network data traffic.
  - 13. The system of claim 9, wherein the receiving of the indication from the health monitor is performed via at least one of Ethernet, Internet Protocol (IP), and software defined network (SDN).
  - 14. The system of claim 9, wherein the method further comprises:
    - updating a Domain Name System (DNS) name in response to the determining there is the interruption of the network data traffic due to the collapse of the collapsible virtual data circuit.
  - 15. The system of claim 9, wherein an additional circuit is activated and the network data traffic is routed through the additional circuit due to the collapse of the collapsible virtual data circuit.

16. A non-transitory computer-readable storage medium having embodied thereon a program, the program being executable by at least one processor to perform a method comprising:
- sending a request to a health monitor regarding a state of a first computing system, the health monitor comprising a second computing system, the health monitor determining presence of network data traffic through a collapsible virtual data circuit that normally conveys the network data traffic and collapses in response to a DDoS event by stopping flow of the network data traffic;
  
  ascertaining the health monitor has failed using, the failure being evidenced by the lack of a response to the request;
  
  determining there is an interruption of the network data traffic due to a collapse of the collapsible virtual data circuit using the ascertained failure;
  
  attributing the interruption of the network data traffic due to the collapse of the collapsible virtual data circuit to a DDoS event;
  
  triggering redirection of the network data traffic to a DDoS mitigation service, the DDoS mitigation service comprising a third computing system;
  
  sending a further request to the health monitor regarding the presence of the network data traffic in the collapsible virtual data circuit;
  
  in response to the further request sent to the health monitor, receiving an indication from the health monitor of the presence of the network data traffic in the collapsible virtual data circuit, the presence of the network data traffic in the collapsible virtual data circuit being attributed to a successful mitigation of the DDoS event; and
  
  triggering direction of the network data traffic back to the collapsible virtual data circuit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
A10 Networks Incorporated
Original Assignee
A10 Networks Incorporated
Inventors
Thompson, Micheal, Groves, Vernon Richard
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US14/979,937
Publication Number

US 20160134655A1
Time in Patent Office

736 Days
Field of Search

726 22- 25, 726 13, 709235
US Class Current
CPC Class Codes

H04L 63/1416 Event detection, e.g. attac...

H04L 63/1458 Denial of Service

Health monitor based distributed denial of service attack mitigation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

195 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Health monitor based distributed denial of service attack mitigation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

195 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links