Method and apparatus for large-scale automated distributed denial of service attack detection
Number of patents in Portfolio can not be more than 2000
United States of America Patent
Stats
-
Aug 16, 2011
Grant Date -
Dec 6, 2007
app pub date -
Jun 14, 2006
filing date -
Jun 2, 2006
priority date (Note) -
In Force
status (Latency Note)
Importance
Abstract
A multi-staged framework for detecting and diagnosing Denial of Service attacks is disclosed in which a low-cost anomaly detection mechanism is first used to collect coarse data, such as may be obtained from Simple Network Management Protocol (SNMP) data flows. Such data is analyzed to detect volume anomalies that could possibly be indicative of a DDoS attack. If such an anomaly is suspected, incident reports are then generated and used to trigger the collection and analysis of fine grained data, such as that available in Netflow data flows. Both types of collection and analysis are illustratively conducted at edge routers within the service provider network that interface customers and customer networks to the service provider. Once records of the more detailed information have been retrieved, they are examined to determine whether the anomaly represents a distributed denial of service attack, at which point an alarm is generated.
First Claim
Family
International Classification(s)
- [Classification Symbol]
- [Patents Count]
Cited Art Landscape
Patent Citation Ranking
Advertisement
Advertisement
Advertisement
Recipient Email Address
Recipient Email Address
Comment
Recipient Email Address
Add to Portfolio(s)
To add this patent to one, or more, of your portfolios, simply click the add button.
This Patent is in these Portfolios:
Add to additional portfolios:
Last Refreshed On:
Changes done successfully