公开(公告)号：EP2513790A1

公开(公告)日：2012-10-24

申请号：EP10838133.6

申请日：2010-12-08

申请人： VeriSign, Inc.

发明人： RODRIGUES, Roberto ,  BHOGAVILLI, Suresh

IPC分类号： G06F9/46

CPC分类号： G06F9/544 ,  G06F9/526

摘要： A method for passing data from a first processing thread to a second processing thread, wherein the first processing thread produces data to be processed by the second processing thread. The data from the first processing thread may be inserted into objects that in turn are inserted into a queue of objects to be processed by the second thread. The queue may be a circular array, wherein the array includes a pointer to a head and a pointer to a tail, wherein only the first processing thread modifies the tail pointer and only the second processing thread modifies the head pointer.

公开(公告)号：EP3110103A1

公开(公告)日：2016-12-28

申请号：EP16176256.2

申请日：2016-06-24

申请人： Verisign, Inc.

发明人： ZHAO, Yujie ,  BHOGAVILLI, Suresh ,  KULKARNI, Anupam ,  SUBRAMANIAN, Sivasankar

IPC分类号： H04L29/06

CPC分类号： H04L63/1416 ,  H04L63/101 ,  H04L63/1458 ,  H04L63/168 ,  H04L2463/141

摘要： A method for mitigating a denial of service attack includes determining, for a client (105), a number of requests (115) being transmitted to a server (110) and determining, for the client, that the number of requests for a time period is greater than a top talker threshold. The method includes classifying the client as a top talker based on the number of requests being greater than the top talker threshold and identifying, for the client, additional requests being transmitted to the server. The method also includes determining whether a number of the additional requests matches one or more attack patterns and preventing one or more of the additional requests from being transmitted to the server if the number of additional requests that matches one or more attack patterns is greater than a first threshold.

摘要翻译： 一种用于减轻拒绝服务攻击的方法包括为客户端（105）确定发送到服务器（110）的多个请求（115），并为客户端确定一段时间段的请求数 大于顶级讲话人门槛。 该方法包括基于大于顶部讲话者阈值的请求数量将客户端分类为顶级讲话者，并为客户端识别发送到服务器的附加请求。 该方法还包括：如果与一个或多个攻击模式匹配的附加请求的数量大于一个或多个攻击模式，则确定附加请求的数量是否匹配一个或多个攻击模式，并且防止一个或多个附加请求被发送到服务器 第一个门槛。

公开(公告)号：EP3026865A1

公开(公告)日：2016-06-01

申请号：EP15196435.0

申请日：2015-11-26

申请人： Verisign, Inc.

发明人： ZHANG, Han ,  TEODORO, Mark ,  LABROU, Yannis ,  BHOGAVILLI, Suresh

IPC分类号： H04L29/06 ,  H04L12/851

CPC分类号： H04L63/1458 ,  H04L47/2441 ,  H04L63/0236 ,  H04L63/1425 ,  H04L2463/141

摘要： Embodiments relate to systems, devices, and computing-implemented methods for providing DoS mitigation using a list of persistent clients generated using network flow data. Daily flow counts can be incremented once per date for unique flow combinations in the network flow data that are associated with at least one network interaction that occurred on that date. A candidate list of persistent clients can be created based on the daily flow counts, and the candidate list of persistent clients can be filtered and ranked, and the list of persistent clients can be selected based on the rankings.

摘要翻译： 实施例涉及使用使用网络流数据生成的持久性客户机的列表来提供DoS缓解的系统，设备和计算实现的方法。 日常流量计数可以每个日期增加一次，以便在与该日期发生的至少一次网络交互相关联的网络流数据中进行唯一的流量组合。 持久性客户端的候选列表可以根据日常流量计数创建，持久客户端的候选列表可以被过滤和排名，并且可以根据排名来选择持久客户端列表。

公开(公告)号：EP2659614A1

公开(公告)日：2013-11-06

申请号：EP11808991.1

申请日：2011-12-12

申请人： Verisign, Inc.

发明人： BHOGAVILLI, Suresh ,  GUIMARAES, Roberto ,  PANDRANGI, Ramakant ,  SCALZO, Frank

IPC分类号： H04L9/32 ,  H04L29/06

CPC分类号： H04L63/1416 ,  H04L9/0825 ,  H04L63/0428 ,  H04L63/1458 ,  H04L67/02 ,  H04L2463/141 ,  H04L2463/144

摘要： Methods and systems for detecting and responding to Denial of Service (“DoS”) attacks comprise: detecting a DoS attack or potential DoS attack against a first server system comprising one or more servers; receiving, at a second server system comprising one or more servers, network traffic directed to the first server system; subjecting requesting clients to one or more challenge mechanisms, the challenge mechanisms including one or more of challenging requesting clients to follow through HTTP redirect responses, challenging requesting clients to request Secure Sockets Layer (SSL) session resumption, or challenging requesting clients to store and transmit HTTP cookies; identifying one or more non-suspect clients, the one or more suspect clients corresponding to requesting clients that successfully complete the one or more challenge mechanisms; identifying one or more suspect clients, the one or more suspect clients corresponding to requesting clients that do not successfully complete the one or more challenge mechanisms; and forwarding, by the second server system, traffic corresponding to the one or more non-suspect clients to the first server system. Once a client has been validated, clients may communicate directly with application servers in a secure manner by transparently passing through one or more intermediary proxy servers.

公开(公告)号：EP3300332A1

公开(公告)日：2018-03-28

申请号：EP17192158.8

申请日：2017-09-20

申请人： Verisign, Inc.

发明人： DOUSTI, Ramin ,  SCALZO, Frank ,  BHOGAVILLI, Suresh

IPC分类号： H04L29/06

CPC分类号： H04L63/1458 ,  H04L45/04 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/168 ,  H04L63/20

摘要： Various embodiments of the invention disclosed herein provide techniques for mitigating a distributed denial of service (DDoS) attack on a targeted computer system. A border gateway protocol (BGP) controller receives, via a first router, a BGP message that includes an indicator indicating that a computer system associated with the first router is under a DDoS attack. In response to receiving the BGP message, the BGP controller, in performs one or more operations to mitigate the DDoS attack. As a result, the time between detection of a DDoS attack and mitigating the attack is reduced relative to prior approaches. After receiving the BGP message indicating a DDoS attack is in progress, the DDoS attack mitigation platform automatically takes steps to mitigate the DDoS attack without further manual intervention. Consequently, the targeted computer system recovers more quickly and begins to respond to legitimate network requests sooner relative to prior approaches.

摘要翻译： 本文公开的本发明的各种实施例提供用于减轻目标计算机系统上的分布式拒绝服务（DDoS）攻击的技术。 边界网关协议（BGP）控制器经由第一路由器接收包括指示与第一路由器相关联的计算机系统处于DDoS攻击下的指示符的BGP消息。 响应于接收到BGP消息，BGP控制器执行一个或多个操作以减轻DDoS攻击。 因此，与先前的方法相比，检测到DDoS攻击和减轻攻击之间的时间减少了。 DDoS攻击缓解平台收到指示DDoS攻击的BGP消息后，会自动采取措施缓解DDoS攻击，无需人工干预。 因此，目标计算机系统恢复得更快，并且相对于先前的方法开始更快地响应合法的网络请求。