Avoidance of over-mitigation during automated DDOS filtering
US11330011B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Feb 25, 2020 |
| Grant date | May 10, 2022 |
| Priority date | — |
| Expiry date | Jul 28, 2040 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1425
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method of detecting patterns for automated filtering of data is provided. The method includes receiving network traffic including bad traffic and good traffic, wherein an attack is known to be applied to the bad traffic, and the good traffic is known to be free of an applied attack. Processing the good and bad traffic includes generating, for each unique packet, each potential unique combination of the packet's fields, storing each combination with associated bad match and good match counters, and incrementing a combination's respective good and bad match counters for each occurrence it matches one of the packets of the respective good and bad traffic. The combinations are sorted based on the good match counter associated with each combination, a number of fields in each combination, and the bad match counter associated with each combination. One or more combination is selected based on results of the sorting for provision to a network traffic filtering component.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.