Invention Grant
US08001601B2 Method and apparatus for large-scale automated distributed denial of service attack detection
有权
用于大规模自动分布式拒绝服务攻击检测的方法和装置
- Patent Title: Method and apparatus for large-scale automated distributed denial of service attack detection
- Patent Title (中): 用于大规模自动分布式拒绝服务攻击检测的方法和装置
-
Application No.: US11452623Application Date: 2006-06-14
-
Publication No.: US08001601B2Publication Date: 2011-08-16
- Inventor: Nicholas Duffield , Jacobus Van Der Merwe , Vyas Sekar , Oliver Spatscheck
- Applicant: Nicholas Duffield , Jacobus Van Der Merwe , Vyas Sekar , Oliver Spatscheck
- Applicant Address: US GA Atlanta
- Assignee: AT&T Intellectual Property II, L.P.
- Current Assignee: AT&T Intellectual Property II, L.P.
- Current Assignee Address: US GA Atlanta
- Main IPC: G06F11/00
- IPC: G06F11/00 ; G06F12/14 ; G06F12/16 ; G08B23/00
Abstract:
A multi-staged framework for detecting and diagnosing Denial of Service attacks is disclosed in which a low-cost anomaly detection mechanism is first used to collect coarse data, such as may be obtained from Simple Network Management Protocol (SNMP) data flows. Such data is analyzed to detect volume anomalies that could possibly be indicative of a DDoS attack. If such an anomaly is suspected, incident reports are then generated and used to trigger the collection and analysis of fine grained data, such as that available in Netflow data flows. Both types of collection and analysis are illustratively conducted at edge routers within the service provider network that interface customers and customer networks to the service provider. Once records of the more detailed information have been retrieved, they are examined to determine whether the anomaly represents a distributed denial of service attack, at which point an alarm is generated.
Public/Granted literature
- US20070283436A1 Method and apparatus for large-scale automated distributed denial of service attack detection Public/Granted day:2007-12-06
Information query
