Method of generating anomaly pattern for HTTP flood protection
US7624084B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Oct 9, 2007 |
| Grant date | Nov 24, 2009 |
| Priority date | — |
| Expiry date | Jan 15, 2028 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/168
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A system and method to detect and mitigate denial of service and distributed denial of service HTTP “page” flood attacks. Detection of attack/anomaly is made according to multiple traffic parameters including rate-based and rate-invariant parameters in both traffic directions. Prevention is done according to HTTP traffic parameters that are analyzed once a traffic anomaly is detected. This protection includes a differential adaptive mechanism that tunes the sensitivity of the anomaly detection engine. The decision engine is based on a combination between fuzzy logic inference systems and statistical thresholds. A “trap buffer” characterizes the attack to allow an accurate mitigation according to the source IP(s) and the HTTP request URL's that are used as part of the attack. Mitigation is controlled through a feedback mechanism that tunes the level of rate limit factors that are needed in order to mitigate the attack effectively while letting legitimate traffic to pass.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.