Automated selection of DDoS countermeasures using statistical analysis
US11770405B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 10, 2020 |
| Grant date | Sep 26, 2023 |
| Priority date | — |
| Expiry date | Jul 5, 2041 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1425
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method of automated filtering includes receiving a network traffic snapshot having packets with data stored in respective fields, generating a statistical data structure storing each potential unique combination of data stored in respective fields with an associated counter that is incremented for each occurrence that the combination matches one of the packets of the network traffic snapshot and one or more observation timestamps. Determining an observed vector from the statistical data structure, wherein the observed vector has associated attribute/value pairs and counters that satisfy a predetermined criterion. The observed vector's attribute/value pairs are compared to known attribute/value pairs associated with known DDoS attack vectors of an attack vector database. In response to finding a matching known attack vector as a result of the comparison, mitigation parameters associated with the known attack vector are selected and used for applying a countermeasure to the network traffic for mitigating an attack.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.