Detection and mitigation of flood type DDoS attacks against cloud-hosted applications

Assignee

• Radware Ltd. · IL

Inventors

• Ehud Doron · Lod, IL
• Nir Ilani · Rehovot, IL
• David Aviv · Hadera, IL
• Yotam Ben Ezra · Raanana, IL
• Amit Bismut · Kiryat Motzkin, IL
• Yuriy Arbitman · Raanana, IL

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2463/141
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A system and method for protecting cloud-hosted applications against hypertext transfer protocol (HTTP) flood distributed denial-of-service (DDoS) attacks are provided. The method includes collecting telemetries from a plurality of sources deployed in at least one cloud computing platform hosting a protected cloud-hosted application; providing at least one rate-based feature and at least one rate-invariant feature based on the collected telemetries, wherein the rate-based feature and the rate-invariant feature demonstrate behavior of at least HTTP traffic directed to the protected cloud-hosted application; evaluating the at least one rate-based feature and the at least one rate-invariant feature to determine whether the behavior of the at least HTTP traffic indicates a potential HTTP flood DDoS attack; and causing execution of a mitigation action when an indication of a potential HTTP flood DDoS attack is determined.