Detection and mitigation of slow application layer DDoS attacks

Assignee

• Radware Ltd. · IL

Inventors

• Ehud Doron · Lod, IL
• Nir Ilani · Rehovot, IL
• David Aviv · Hadera, IL
• Yotam Ben Ezra · Raanana, IL
• Amit Bismut · Kiryat Motzkin, IL
• Yuriy Arbitman · Raanana, IL

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2463/141
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method and system for protecting cloud-hosted applications against application-layer slow DDoS attacks are provided. The system include a processing circuitry; and a memory connected to the processor, the memory contains instructions that when executed by the processing circuitry, configure the system to: collect telemetries from a plurality of sources deployed in a plurality of public cloud computing platforms, wherein each of the plurality of public cloud computing platforms hosts an instance of a protected cloud-hosted application; provide a set of rate-based and rate-invariant features based on the collected telemetries; evaluate each feature in the set of rate-based and rate-invariant features to determine whether a behavior of each feature and a behavior of the set of rate-based and rate-invariant features indicate a potential application-layer slow DDoS attack; and cause execution of a mitigation action, when an indication of a potential application-layer slow DDoS attack is determined.