公开(公告)号：US12170688B1

公开(公告)日：2024-12-17

申请号：US17491387

申请日：2021-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Adriana-Maria Horelu ,  Jeffrey Allen Lyon ,  Robert Benjamin Lang ,  Saket Tomer ,  Krzysztof Jan Pado ,  John Shields ,  Ben Sangho Jae ,  Matthew Hyun Seok Lee

IPC: H04L9/40

Abstract: A distributed denial of service attack is detected. In response to detection of the attack, application layer properties of network traffic associated with a web application under attack are analyzed. Changes to distributions of the application layer properties are identified. A signature is generated based, at least in part, on identifying a combination of application layer properties whose distributions have changed, and which identifies traffic increased since onset of the attack. A mitigation rule is generated based, at least in part, on the signature.

公开(公告)号：US12155690B1

公开(公告)日：2024-11-26

申请号：US17643762

申请日：2021-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Kelly Anne Rooker ,  Thomas Bradley Scholl ,  Kushal Mall ,  Darshan Narayana Reddy ,  Lewis Iain McLean ,  Andrew Robert Hassall ,  Grace Marie Hatamyar ,  Bradford Sachin Chatterjee ,  Sidath Manawadu ,  Bobby Brown ,  John Shields ,  Karthik Chandrashekar

IPC: H04L29/06 ,  H04L9/40 ,  H04L41/0816 ,  H04L41/28

Abstract: The present disclosure generally relates to systems and methods for utilization of network mitigation techniques in the form of null address routing to mitigate coordinated DDOS attacks. A monitoring and mitigation service can characterize a command and control node as compromised or otherwise manipulated for purposes of generating distributed attacks. The monitoring and mitigation service can then identify network mitigation information in the form of null routing addresses that will cause network communications associated with the identified command and control node to be terminated or otherwise not delivered to the intended network-based resources. The monitoring and mitigation service can propagate the null routing address to routing components. The network mitigation information can be associated with expiration criteria for the routing components that receive and implement the network mitigation technique.