Patent · US Expired

Method and apparatus for detecting a distributed denial of service attack

US7788718B1 · kind B1 · utility

58Cited by

23References

35Claims

0Family size

Assignee

McAfee, LLC · US

Inventors

Aiguo Fei · San Jose, US
Kai Sun · Shanxi, CN
Fengmin Gong · Livermore, US

Key dates

Filing date	Jun 13, 2002
Grant date	Aug 31, 2010
Priority date	—
Expiry date	Nov 23, 2025

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1458
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A method of identifying a distributed denial of service attack is described in which a rate profile is determined, where the rate profile corresponds to information transfer rates at which information is received from a network. A burst magnitude threshold based on this rate profile is then established. A burst duration profile characterizing periods of time during which the information transfer rate exceeds this burst magnitude threshold is also calculated, and a burst duration threshold is then defined based upon this burst duration profile. A distributed denial of service attack is identified when the information transfer rate exceeds the burst magnitude threshold for a period of time exceeding the burst duration threshold.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.