Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Active validation for ddos and ssl ddos attacks

a technology of active validation and ddos, applied in the direction of unauthorized memory use protection, instruments, digital transmission, etc., can solve the problems of malicious clients, slow or inability to respond to other attacks, and vulnerable servers to cyber attacks, so as to improve the detection accuracy and detection accuracy of legitimate requests

Inactive Publication Date: 2012-07-05
VERISIGN
View PDF14 Cites 381 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although this characteristic of many communications protocols provides many benefits in terms of readily available network services, it may also leave servers vulnerable to cyber attacks.
Because web servers are configured by default to accept requests from all clients, and because the HTTP protocol provides little information about the requesting client that would enable the server to determine the nature of the client's intentions in making the request, the attacked web server may be slow or unable to respond to other, legitimate requests due to the burdens imposed on the server when servicing the flood of requests from the single malicious client.
In a DDoS attack, because the flood of requests may be spread over a large number of disparate clients, each with a different IP address, it may be difficult to detect which requests originate from legitimate clients and which requests originate from malicious clients, such as compromised “zombie” machines in a botnet.
Thus, a server may not be able to determine which requests it should ignore and which requests it should service, because all requests may appear substantially identical over the larger pool of IP addresses.
Conventional client challenge mechanisms, however, suffer from a number of drawbacks.
This drawback may be fatal for mitigating against another variation on the DDoS attack known as an SSL DDoS attack.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Active validation for ddos and ssl ddos attacks
  • Active validation for ddos and ssl ddos attacks
  • Active validation for ddos and ssl ddos attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021]The following detailed description refers to the accompanying drawings. Wherever possible, the same reference numbers are used in the drawings and the following description to refer to the same or similar parts. While several exemplary embodiments and features of the invention are described herein, modifications, adaptations, and other implementations are possible, without departing from the spirit and scope of the invention. Accordingly, the following detailed description does not limit the invention. Instead, the proper scope of the invention is defined by the appended claims.

[0022]FIG. 1 is a diagram illustrating communications between one or more exemplary application servers and one or more clients consistent with certain disclosed embodiments. As shown in FIG. 1, one or more application servers 135 provide services to one or more clients or end users 110. Application servers 135 may comprise commercial web servers that service HTTP requests from clients 110 for web pages...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Methods and systems for detecting and responding to Denial of Service (“DoS”) attacks comprise: detecting a DoS attack or potential DoS attack against a first server system comprising one or more servers; receiving, at a second server system comprising one or more servers, network traffic directed to the first server system; subjecting requesting clients to one or more challenge mechanisms, the challenge mechanisms including one or more of challenging requesting clients to follow through HTTP redirect responses, challenging requesting clients to request Secure Sockets Layer (SSL) session resumption, or challenging requesting clients to store and transmit HTTP cookies; identifying one or more non-suspect clients, the one or more suspect clients corresponding to requesting clients that successfully complete the one or more challenge mechanisms; identifying one or more suspect clients, the one or more suspect clients corresponding to requesting clients that do not successfully complete the one or more challenge mechanisms; and forwarding, by the second server system, traffic corresponding to the one or more non-suspect clients to the first server system. Once a client has been validated, clients may communicate directly with application servers in a secure manner by transparently passing through one or more intermediary proxy servers.

Description

TECHNICAL FIELD[0001]The present disclosure relates generally to methods and systems for detecting and responding to Denial of Service and other cyber attacks against servers and web servers.BACKGROUND[0002]A server is a computer or other electronic device that is configured to provide services or resources to other requesting devices. The server typically provides one or more communication links for receiving communications from other networked devices, known as “clients,” and executes one or more processes whose function it is to continually monitor those communication links for incoming messages from clients. In order to service a client request, the server typically must expend system resources, such as memory, processor cycles, or bandwidth. Although the server may elect not to service some clients or client requests, the server must nonetheless devote at least some system resources to receive a client communication and determine whether or not to service it.[0003]In some commu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(United States)
IPC IPC(8): H04L9/32G06F21/00
CPCH04L63/1458H04L2463/144H04L2463/141H04L9/0825H04L63/0428H04L63/1416H04L67/02
Inventor BHOGAVILLI, SURESHGUIMARAES, ROBERTOPANDRANGI, RAMAKANTSCALZO, FRANK
Owner VERISIGN
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com