SYSTEMS AND METHODS TO DETECT AND DEFEND AGAINST DISTRIBUTED DENIAL OF SERVICE ATTACKS

US 20160099964A1
Filed: 10/01/2014
Published: 04/07/2016
Est. Priority Date: 10/01/2014
Status: Active Grant

First Claim

Patent Images

1. A method, operated by a Software Defined Networking (SDN) controller associated with an Autonomous System (AS) with one or more peering points, each peering point with an associated router communicatively coupled to the SDN controller, the method for detecting and defending against Distributed Denial of Service (DDoS) attacks, and the method comprising:

receiving data from the one or more peering points;

detecting malicious traffic at the one or more peering points;

determining a peer quality measurement for the one or more peering points; and

communicating the peer quality measurement and other data associated with the malicious traffic to one or more other SDN controllers, associated with Autonomous Systems connected through the one or more peering points, to facilitate convergence of the peer quality measurement back to a nominal level.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, operated by a Software Defined Networking (SDN) controller associated with an Autonomous System (AS) with one or more peering points, each peering point with an associated router communicatively coupled to the SDN controller, the method for detecting and defending against Distributed Denial of Service (DDoS) attacks, and the method includes receiving data from the one or more peering points; detecting malicious traffic at the one or more peering points; determining a peer quality measurement for the one or more peering points; and communicating the peer quality measurement and other data associated with the malicious traffic to one or more other SDN controllers, associated with Autonomous Systems connected through the one or more peering points, to facilitate convergence of the peer quality measurement back to a nominal level.

30 Citations

View as Search Results

20 Claims

1. A method, operated by a Software Defined Networking (SDN) controller associated with an Autonomous System (AS) with one or more peering points, each peering point with an associated router communicatively coupled to the SDN controller, the method for detecting and defending against Distributed Denial of Service (DDoS) attacks, and the method comprising:
- receiving data from the one or more peering points;
  
  detecting malicious traffic at the one or more peering points;
  
  determining a peer quality measurement for the one or more peering points; and
  
  communicating the peer quality measurement and other data associated with the malicious traffic to one or more other SDN controllers, associated with Autonomous Systems connected through the one or more peering points, to facilitate convergence of the peer quality measurement back to a nominal level.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the data from the one or more peering points is NetFlow, Internet Protocol Flow Information Export (IPFIX), sFlow, or OpenFlow data.
  - 3. The method of claim 1, wherein the peer quality measurement incorporates all types of Bandwidth Amplification Factor (BAF) information in the DDoS attacks.
  - 4. The method of claim 3, wherein the peer quality measurement incorporates all combinations to a victim or victims across Internet Protocol (IP) prefixes.
  - 5. The method of claim 1, wherein the other data associated with the malicious traffic includes source Internet Protocol (IP) addresses, destination IP addresses, protocol, and port number, allowing the one or more other SDN controllers to similarly track down problems with peering points associated with the Autonomous Systems and provide feedback via the peer quality measurement and data associated with the peering points associated with the Autonomous Systems.
  - 6. The method of claim 1, wherein the peer quality measurement is a feedback loop with negative and/or positive feedback between the Autonomous System and the Autonomous Systems connected through the one or more peering points.
  - 7. The method of claim 1, wherein the nominal level is based on historical monitoring through the SDN controller.

8. A Software Defined Networking (SDN) controller, associated with an Autonomous System with one or more peering points, each peering point with an associated router communicatively coupled to the SDN controller, the SDN controller configured to detect and defend against Distributed Denial of Service (DDoS) attacks, the SDN controller comprising:
- a network interface communicatively coupled to routers associated with the one or more peering points;
  
  a processor communicatively coupled to the network interface; and
  
  memory storing instructions that, when executed, cause the processor toreceive data from the routers associated with the one or more peering points,detect malicious traffic at the routers associated with the one or more peering points,determine a peer quality measurement for the routers associated with the one or more peering points, andcommunicate the peer quality measurement and other data associated with the malicious traffic to one or more other SDN controllers, associated with Autonomous Systems connected through the routers associated with the one or more peering points, to facilitate convergence of the peer quality measurement back to a nominal level.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The SDN controller of claim 8, wherein the data from the routers associated with the one or more peering points is NetFlow, Internet Protocol Flow Information Export (IPFIX), sFlow, or OpenFlow data.
  - 10. The SDN controller of claim 8, wherein the peer quality measurement incorporates all types of Bandwidth Amplification Factor (BAF) information in the DDoS attacks.
  - 11. The SDN controller of claim 10, wherein the peer quality measurement incorporates all combinations to a victim or victims across Internet Protocol (IP) prefixes.
  - 12. The SDN controller of claim 8, wherein the other data associated with the malicious traffic includes source Internet Protocol (IP) addresses, destination IP addresses, protocol, and port number, allowing the one or more other SDN controllers to similarly track down problems with peering points associated with the Autonomous Systems and provide feedback via the peer quality measurement and data associated with the peering points associated with the Autonomous Systems.
  - 13. The SDN controller of claim 8, wherein the peer quality measurement is a feedback loop with negative and/or positive feedback between the Autonomous System and the Autonomous Systems connected through the one or more peering points.
  - 14. The SDN controller of claim 8, wherein the nominal level is based on historical monitoring through the SDN controller.

15. An Autonomous System (AS) configured to detect and defend against Distributed Denial of Service (DDoS) attacks, the AS comprising:
- one or more routers each associated with one or more peering points with other Autonomous Systems; and
  
  a Software Defined Networking (SDN) controller communicatively coupled to the one or more routers, the SDN controller configured toreceive data from the one or more routers associated with the one or more peering points,detect malicious traffic at the one or more routers,determine a peer quality measurement for the one or more routers associated with the one or more peering point, andcommunicate the peer quality measurement and other data associated with the malicious traffic to one or more other SDN controllers, associated with the other Autonomous Systems connected through the one or more routers, to facilitate convergence of the peer quality measurement back to a nominal level.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The Autonomous System of claim 15, wherein the data from the one or more routers is NetFlow, Internet Protocol Flow Information Export (IPFIX), sFlow, or OpenFlow data.
  - 17. The Autonomous System of claim 15, wherein the peer quality measurement incorporates all types of Bandwidth Amplification Factor (BAF) information in the DDoS attacks.
  - 18. The Autonomous System of claim 17, wherein the peer quality measurement incorporates all combinations to a victim or victims across Internet Protocol (IP) prefixes in the Autonomous System.
  - 19. The Autonomous System of claim 15, wherein the other data associated with the malicious traffic includes source Internet Protocol (IP) addresses, destination IP addresses, protocol, and port number, allowing the one or more other SDN controllers to similarly track down problems with peering points associated with the other Autonomous Systems and provide feedback via the peer quality measurement and data associated with the peering points associated with the other Autonomous Systems.
  - 20. The Autonomous System of claim 15, wherein the peer quality measurement is a feedback loop with negative and/or positive feedback between the Autonomous System and the other Autonomous Systems connected through the one or more peering points.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ciena Corporation
Original Assignee
Ciena Corporation
Inventors
HTAY, Aung, ELBAZ, Roger Michael, SUBHEDAR, Sachin, BLYTH, Logan

Granted Patent

US 9,838,421 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 61/00   Network arrangements, proto...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1458   Denial of Service

SYSTEMS AND METHODS TO DETECT AND DEFEND AGAINST DISTRIBUTED DENIAL OF SERVICE ATTACKS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

30 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS TO DETECT AND DEFEND AGAINST DISTRIBUTED DENIAL OF SERVICE ATTACKS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links