Patent · US Active

Dynamic detection of HTTP-based DDoS attacks using estimated cardinality

US11451563B2 · kind B2 · utility

0Cited by

6References

11Claims

0Family size

Assignee

ARBOR NETWORKS, INC. · US

Inventors

Archana A. Rajaram · Ann Arbor, US
Andrew Mortensen · Ann Arbor, US

Key dates

Filing date	May 27, 2020
Grant date	Sep 20, 2022
Priority date	—
Expiry date	Jan 14, 2041

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1458
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A computer method and system for detecting a Denial of Service (DoS) attack by detecting changes in recent cardinality of a network traffic flow. Packet traffic flows are received from external device (networks), and a cardinality estimation is then performed on a received packet traffic flow. A series of cardinalities is maintained for prior packet traffic flows. Changes in cardinalities associated with prior packet traffic flows are detected when compared to cardinalities of a current packet traffic flow. An alert condition for the network traffic flow is generated regarding a suspected DoS attack based upon the detected changes in cardinalities regarding comparison of the cardinalities associated with prior packet traffic flows compared to cardinalities of a current packet traffic flow.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.