Hardware-logic based flow collector for distributed denial of service (DDOS) attack mitigation

a flow collector and hardware logic technology, applied in the field of intrusion prevention, can solve the problems of slowing down, slowing down, and slowing down the network infrastructure of the internet service provider (isp) to bear the brunt of such attacks, and achieve the effect of slowing down the service provided by the isp and slowing down

Active Publication Date: 2016-03-17
FORTINET
View PDF3 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

As more such attacks are launched, the Internet Service Provider (ISP) network infrastructure bears the brunt of such attacks.
A surge in these packets overloads ISP equipment and causes them to slow down, which in turn slows down the service provided by the ISP.
As one skilled in the art knows, software appliances have performance limits.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Hardware-logic based flow collector for distributed denial of service (DDOS) attack mitigation
  • Hardware-logic based flow collector for distributed denial of service (DDOS) attack mitigation
  • Hardware-logic based flow collector for distributed denial of service (DDOS) attack mitigation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0014]Methods and systems are described for an integrated solution to rate-based DoS attacks targeting service provider networks. According to one embodiment, a flow collector is capable of receiving a variety of flow statistics in industry standards from routers and switches. These flow statistics may be in the form of packets in protocols, including, but not limited to, NetFlow, JFlow, SFlow, CFlow and the like. The hardware-based apparatus collects this data and converts them to granular rate statistics in a round robin database for varying periods such as past hour, past day, past week, past month, past year etc. Based on the past granular traffic statistics, the apparatus can determine corresponding rate-thresholds through continuous and adaptive learning. Once these granular rate thresholds are breached for any traffic parameter, the apparatus can determine the networks being attacked or protocols or transmission control protocol (TCP) or user diagram protocol (UDP) ports unde...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Methods and systems for an integrated solution to flow collection for determination of rate-based DoS attacks targeting ISP infrastructure are provided. According to one embodiment, a method of mitigating DDoS attacks is provided. Information regarding at least one destination within a network for which a distributed denial of service (DDoS) attack status is to be monitored is received by a DDoS attack detection module coupled with a flow controller via a bus. The DDoS attack status is determined for the at least one destination based on the information regarding the at least one destination. When a DDoS attack is detected the flow controller is notified of the DDoS attack status for the at least one destination by the DDoS attack detection module. Responsive thereto, the flow controller directs a route reflector to divert traffic destined for the at least one destination to a DDoS attack mitigation appliance within the network.

Description

CROSS-REFERENCE TO RELATED PATENTS[0001]This application is a continuation of U.S. patent application Ser. No. 14 / 488,697, filed on Sep. 17, 2014, which is hereby incorporated by reference in its entirety for all purposes.[0002]This application may relate to the subject matter of U.S. Pat. No. 7,426,634 entitled, “Method and apparatus for rate based denial of service attack detection and prevention”, U.S. Pat. No. 7,602,731 entitled “System and method for integrated header, state, rate and content anomaly prevention with policy enforcement”, and U.S. Pat. No. 7,626,940 entitled “System and method for integrated header, state, rate and content anomaly prevention for domain name service” all of which are hereby incorporated by reference in their entirety for all purposes.COPYRIGHT NOTICE[0003]Contained herein is material that is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction of the patent disclosure by any person as it appears in th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(United States)
IPC IPC(8): H04L29/06
CPCH04L63/1458H04L63/1416H04L63/1425H04L63/164H04L2463/141
Inventor JAIN, HEMANT, KUMAR
Owner FORTINET
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products