Denial-of-service (DoS) mitigation approach based on connection characteristics
US10075468B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 24, 2016 |
| Grant date | Sep 11, 2018 |
| Priority date | — |
| Expiry date | Dec 10, 2036 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/142
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Systems and methods for an improved DDoS mitigation approach are provided. According to one embodiment, a current threshold for a network connection characteristic is established within a Denial-of-Service (DoS) mitigation device logically interposed between a protected resource of a private network and multiple client devices residing external to the private network. A number of connections between the client devices and the protected network resource are tracked. During a period of time in which the number of connections exceeds a connection count threshold: (i) for each of the connections, a measured value for the network connection characteristic is compared to the current threshold; (ii) responsive to a determination that the measured value exceeds the current threshold, the connection is dropped; and (iii) the current threshold is periodically reduced, such that only those connections complying with the current threshold are maintained.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.