Identifying a distributed denial of service (DDOS) attack within a network and defending against such an attack

Assignee

• International Business Machines Corporation · US

Inventors

• John G. Rooney · Zürich, CH
• Christopher J. Giblin · Zürich, CH
• Marcel Waldvogel · Stein am Rhein, CH
• Paul T. Hurley · Oberrieden, CH

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2463/141
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

The invention provides methods, apparatus and systems for detecting distributed denial of service (DDoS) attacks within the Internet by sampling packets at a point or points in Internet backbone connections to determine a packet metric parameter. The packet metric parameter which might comprise the volume of packets received is analyzed over selected time intervals with respect to specified geographical locations in which the hosts transmitting the packets are located. The expected behavior can be employed to identify traffic distortions revealing a DDoS attack. In a complementary aspect, the invention provides a method of authenticating packets at routers in order to elevate the QoS of authenticated packets. This method can be used to block or filter packets and can be used in conjunction with the DDoS attack detection system to defend against DDoS attacks within the Internet in a distributed manner.