公开(公告)号：US11522874B2

公开(公告)日：2022-12-06

申请号：US16428782

申请日：2019-05-31

Applicant: Charter Communications Operating, LLC

Inventor： Richard A. Compton

IPC: H04L9/40 ,  H04L45/00 ,  H04L43/028 ,  H04L61/4511

Abstract: Methods, systems, and apparatus for detecting and mitigating anomalous network traffic. With at least one processor in a network, information regarding network traffic flows is obtained and a classification model is generated based on the obtained information, the classification model comprising one or more classification rules for classifying network traffic as normal or anomalous. With the at least one processor in the network, the network traffic is classified as anomalous or normal based on the generated classification model and at least one mitigation action is initiated based on the network traffic being classified as anomalous.

公开(公告)号：US11005865B2

公开(公告)日：2021-05-11

申请号：US15692854

申请日：2017-08-31

Applicant: Charter Communications Operating, LLC

Inventor： Richard A. Compton

IPC: H04L29/06 ,  G06F17/18

Abstract: An exemplary apparatus for mitigating a distributed denial-of-service (DDoS) attack includes a controller configured: to receive an output signal from a detector in a networked computing system, the output signal indicating a probability of a DDoS attack based at least in part on a threat level corresponding to an Autonomous System Number (ASN) associated with a source Internet Protocol address of received data packets when a volume of the received data packets exceeds a prescribed threshold value; to obtain action information correlating a specific ASN to at least one corresponding action for mitigating a DDoS attack; and to generate at least one control signal for initiating at least one action for mitigating the DDoS attack as a function of the obtained action information. The apparatus further includes at least one mitigation device for performing at least one action for mitigating the DDoS attack in response to the control signal.

公开(公告)号：US10911473B2

公开(公告)日：2021-02-02

申请号：US15692762

申请日：2017-08-31

Applicant: Charter Communications Operating, LLC

Inventor： Richard A. Compton

IPC: H04L29/06

Abstract: An apparatus for detecting a distributed denial-of-service (DDoS) attack in a networked computing system includes at least one detector in operative communication with a corresponding router in the networked computing system. The detector is configured: to receive data packets from the router; to compare a volume of the data packets received by the detector with a threshold value; to obtain an Autonomous System Number (ASN) associated with a source Internet Protocol (IP) address of the received data packets when the volume of the data packets exceeds the threshold value; and to generate an output signal indicative of a probability of a presence of a DDoS attack based at least in part on threat information corresponding to the ASN associated with the source IP address of the received data packets.

公开(公告)号：US11930037B2

公开(公告)日：2024-03-12

申请号：US17066065

申请日：2020-10-08

Applicant: Charter Communications Operating, LLC

Inventor： Richard A. Compton

IPC: H04L9/40

CPC classification number: H04L63/1458 ,  H04L63/1416

Abstract: A valid route origin authorization (ROA) for a specified IP address is published and a distributed denial-of-service (DDoS) attack to a given IP address is detected. A flowspec rule is advertised from a given autonomous system network to one or more neighboring autonomous system networks in response to the detection of the distributed denial-of-service (DDoS) attack. A modified Resource Public Key Infrastructure (RPKI) validation is performed using the published valid route origin authorization (ROA) in response to the advertisement of the flowspec rule. The flowspec rule is implemented to mitigate the distributed denial-of-service (DDoS) attack in response to the validation of the flowspec rule.

公开(公告)号：US11729209B2

公开(公告)日：2023-08-15

申请号：US17334881

申请日：2021-05-31

Applicant: Charter Communications Operating, LLC

Inventor： Richard A. Compton

IPC: H04L29/06 ,  H04L9/40 ,  G06N20/00

CPC classification number: H04L63/1458 ,  G06N20/00 ,  H04L63/1408 ,  H04L63/20 ,  H04L2463/141

Abstract: An apparatus for mitigating a DDoS attack in a networked computing system includes at least one detector coupled with a corresponding router in the networked computing system. The detector is configured: to obtain network flow information from the router regarding current data traffic to at least one host; to compare the current data traffic to the host with stored traffic patterns associated with at least one prior DDoS attack; and to generate an output indicative of a match between the current data traffic and at least one of the stored traffic patterns. The apparatus further includes at least one mitigation unit coupled with the at least one detector. The mitigation unit is configured: to receive the output indicative of the match between the current data traffic and at least one of the stored traffic patterns; and to initiate a DDoS attack mitigation action in response to the received output.

公开(公告)号：US11032315B2

公开(公告)日：2021-06-08

申请号：US15880522

申请日：2018-01-25

Applicant: Charter Communications Operating, LLC

Inventor： Richard A. Compton

IPC: H04L29/06 ,  G06N20/00

Abstract: An apparatus for mitigating a DDoS attack in a networked computing system includes at least one detector coupled with a corresponding router in the networked computing system. The detector is configured: to obtain network flow information from the router regarding current data traffic to at least one host; to compare the current data traffic to the host with stored traffic patterns associated with at least one prior DDoS attack; and to generate an output indicative of a match between the current data traffic and at least one of the stored traffic patterns. The apparatus further includes at least one mitigation unit coupled with the at least one detector. The mitigation unit is configured: to receive the output indicative of the match between the current data traffic and at least one of the stored traffic patterns; and to initiate a DDoS attack mitigation action in response to the received output.

公开(公告)号：US20180352294A1

公开(公告)日：2018-12-06

申请号：US15610234

申请日：2017-05-31

Applicant: Charter Communications Operating, LLC

Inventor： Richard A. Compton

IPC: H04N21/442 ,  H04N21/472 ,  H04N21/414

Abstract: According to one configuration, a wireless station monitors for presence of wireless communications transmitted in a subscriber domain (monitored region) to identify which of one or more communication devices assigned to the subscriber domain are present in the monitored region. In response to detecting presence of a particular communication device, a mapping resource maps an identity of the communication device and/or corresponding user of communication device to configuration settings (such as a personalized content guide) assigned to the corresponding user of the communication device. The playback device displays the personalized content guide and corresponding control options on a display screen of the playback device to the user. The user then operates a remote control device (which is separate from the communication device) to control selection of options in the displayed personalized content guide of the user.

公开(公告)号：US11588842B2

公开(公告)日：2023-02-21

申请号：US17035656

申请日：2020-09-28

Applicant: Charter Communications Operating, LLC

Inventor： Richard A. Compton ,  Pratik Lotia ,  Kevin Brady

IPC: H04L29/06 ,  H04L12/24 ,  H04L9/40 ,  H04L41/0631 ,  H04L41/0816 ,  H04L41/08 ,  H04L41/0869

Abstract: One or more network tests for a network are selected, wherein the selected one or more network tests simulate an attempt to establish an anomalous network configuration. A network configuration update is generated based on the selected one or more network tests and the network configuration update is issued to a network-based device. A performance of the network is monitored for establishment of the anomalous network configuration in response to the network configuration update and a configuration of the network is revised based on the monitored performance of the network, to mitigate the establishment of the anomalous network configuration.

公开(公告)号：US20220116417A1

公开(公告)日：2022-04-14

申请号：US17066065

申请日：2020-10-08

Applicant: Charter Communications Operating, LLC

Inventor： Richard A. Compton

IPC: H04L29/06

Abstract: A valid route origin authorization (ROA) for a specified IP address is published and a distributed denial-of-service (DDoS) attack to a given IP address is detected. A flowspec rule is advertised from a given autonomous system network to one or more neighboring autonomous system networks in response to the detection of the distributed denial-of-service (DDoS) attack. A modified Resource Public Key Infrastructure (RPKI) validation is performed using the published valid route origin authorization (ROA) in response to the advertisement of the flowspec rule. The flowspec rule is implemented to mitigate the distributed denial-of-service (DDoS) attack in response to the validation of the flowspec rule.

公开(公告)号：US20210297446A1

公开(公告)日：2021-09-23

申请号：US17334881

申请日：2021-05-31

Applicant: Charter Communications Operating, LLC

Inventor： Richard A. Compton

IPC: H04L29/06 ,  G06N20/00 ,  G06N5/04

Abstract: An apparatus for mitigating a DDoS attack in a networked computing system includes at least one detector coupled with a corresponding router in the networked computing system. The detector is configured: to obtain network flow information from the router regarding current data traffic to at least one host; to compare the current data traffic to the host with stored traffic patterns associated with at least one prior DDoS attack; and to generate an output indicative of a match between the current data traffic and at least one of the stored traffic patterns. The apparatus further includes at least one mitigation unit coupled with the at least one detector. The mitigation unit is configured: to receive the output indicative of the match between the current data traffic and at least one of the stored traffic patterns; and to initiate a DDoS attack mitigation action in response to the received output.