Protecting against distributed network flood attacks
US8789173B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Oct 28, 2009 |
| Grant date | Jul 22, 2014 |
| Priority date | — |
| Expiry date | Feb 23, 2033 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1416
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A network security device performs a three-stage analysis of traffic to identify malicious clients. In one example, a device includes an attack detection module to, during a first stage, monitor network connections to a protected network device, during a second stage, to monitor a plurality of types of transactions for the plurality of network sessions when a parameter for the connections exceeds a connection threshold, and during a third stage, to monitor communications associated with network addresses from which transactions of the at least one of type of transactions originate when a parameter associated with the at least one type of transactions exceeds a transaction-type threshold. The device executes a programmed action with respect to at least one of the network addresses when the transactions of the at least one of the plurality of types of transactions originating from the at least one network address exceeds a client-transaction threshold.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.