Distributed denial of service (DDoS) defense techniques for applications hosted in cloud computing platforms

Assignee

• Radware Ltd. · IL

Inventors

• Ehud Doron · Lod, IL
• Nir Ilani · Rehovot, IL
• David Aviv · Hadera, IL
• Yotam Ben Ezra · Raanana, IL
• Amit Bismut · Kiryat Motzkin, IL

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2463/141
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A defense platform for protecting a cloud-hosted application against distributed denial-of-services (DDoS) attacks, wherein the defense platform is deployed out-of-path of incoming traffic of the cloud-hosted application hosted in a plurality of cloud computing platforms, comprising: a detector; a mitigator; and a controller communicatively connected to the detector and the mitigator; wherein the detector is configured to: receive telemetries related to behavior of the cloud-hosted application from sources deployed in the plurality of cloud computing platforms; and detect, based on the telemetries, a potential DDoS attack; wherein, the controller, upon detection of a potential DDoS attack, is configured to: divert traffic directed to the cloud-hosted application to the mitigator; cause the mitigator to perform at least one mitigation action to remove malicious traffic from the diverted traffic; and cause injection of clean traffic to at least one of the plurality of cloud computing platforms hosting the cloud-hosted application.