公开(公告)号：US11316889B2

公开(公告)日：2022-04-26

申请号：US15974019

申请日：2018-05-08

Applicant: Fortinet, Inc.

Inventor： Hemant Kumar Jain

IPC: H04L29/06

Abstract: Methods and systems for a two-stage attribution of application layer DDoS attack are provided. In a first table just a hash index is maintained whereas the second stage table keeps the string parameter corresponding to the application layer attribute under attack. A linked list maintains a plurality of rows if there is hash collision in the first table. The second table is aged out and reported periodically with details of large strings.

公开(公告)号：US10419490B2

公开(公告)日：2019-09-17

申请号：US15640233

申请日：2017-06-30

Applicant: Fortinet, Inc.

Inventor： Hemant Kumar Jain

IPC: H04L29/06

Abstract: Methods and systems for a scalable solution to behavioral Distributed Denial of Service (DDoS) attacks targeting a network are provided. According to one embodiment, a method to determine the scaling treatment is provided for various granular layer parameters of the Open System Interconnection (OSI) model for communication systems. A hardware-based apparatus helps identify packet rates and determine packet rate thresholds through continuous and adaptive learning with multiple DDoS attack mitigation components. The system can be scaled up by stacking multiple DDoS attack mitigation components to provide protection against large scale DDoS attacks by distributing load across these stacked components.

公开(公告)号：US10009373B2

公开(公告)日：2018-06-26

申请号：US15817192

申请日：2017-11-18

Applicant: Fortinet, Inc.

Inventor： Hemant Kumar Jain

IPC: G06F17/00 ,  H04L29/06

CPC classification number: H04L63/20 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1458

Abstract: Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for mitigating DDoS attacks. A DDoS attack mitigation appliance of multiple mitigation appliances controlled by a DDoS attack mitigation central controller receives DDoS attack mitigation policies through a network connecting the controller and the mitigation appliance. A DDoS attack is mitigated by the mitigation appliance based on the received mitigation policies. The mitigation policies are generated by the controller based on granular behavioral packet rate thresholds estimated based on granular traffic rate information collected from one or more of the multiple mitigation appliances controlled by the controller.

公开(公告)号：US09973528B2

公开(公告)日：2018-05-15

申请号：US14976938

申请日：2015-12-21

Applicant: Fortinet, Inc.

Inventor： Hemant Kumar Jain

IPC: H04L29/06

CPC classification number: H04L63/1458 ,  H04L63/1425

Abstract: Methods and systems for a two-stage attribution of application layer DDoS attack are provided. In a first table just a hash index is maintained whereas the second stage table keeps the string parameter corresponding to the application layer attribute under attack. A linked list maintains a plurality of rows if there is hash collision in the first table. The second table is aged out and reported periodically with details of large strings.

公开(公告)号：US09935974B2

公开(公告)日：2018-04-03

申请号：US15055619

申请日：2016-02-28

Applicant: Fortinet, Inc.

Inventor： Hemant Kumar Jain

IPC: H04L29/06

CPC classification number: H04L63/1458 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/164 ,  H04L2463/141

Abstract: Methods and systems for an integrated solution to flow collection for determination of rate-based DoS attacks targeting ISP infrastructure are provided. According to one embodiment, a method of mitigating DDoS attacks is provided. Information regarding at least one destination within a network for which a distributed denial of service (DDoS) attack status is to be monitored is received by a DDoS attack detection module coupled with a flow controller via a bus. The DDoS attack status is determined for the at least one destination based on the information regarding the at least one destination. When a DDoS attack is detected the flow controller is notified of the DDoS attack status for the at least one destination by the DDoS attack detection module. Responsive thereto, the flow controller directs a route reflector to divert traffic destined for the at least one destination to a DDoS attack mitigation appliance within the network.

公开(公告)号：US11503471B2

公开(公告)日：2022-11-15

申请号：US16363994

申请日：2019-03-25

Applicant: Fortinet, Inc.

Inventor： Hemant Kumar Jain

IPC: H04L9/40 ,  H04L29/06 ,  H04W12/122 ,  H04L45/7453 ,  H04W12/67 ,  H04W12/088 ,  H04W12/108

Abstract: Systems and methods for inspection of traffic between UE and the core network to mitigate DDoS attacks on mobile networks are provided. According to one embodiment, the method involves parsing SCTP packets and monitoring header anomalies to block anomalous packet floods. According to another embodiment, a memory table maintains requesting S1AP-IDs which have sent certain monitored commands and then blocking those which are sending these messages at abnormally high rates. According to yet another embodiment, a packet classifier parses the GTP-U protocol, unwraps the encapsulated IP packet and then monitors layer 3, 4 and 7 rate-based attacks such as UDP, ICMP, SYN, HTTP GET floods and drops them to protect the targeted Internet server as well as mobile infrastructure (e.g., the MME, the SGW, the PGW, and the PDN) downstream from the DDoS mitigation system.

公开(公告)号：US10116703B2

公开(公告)日：2018-10-30

申请号：US15609244

申请日：2017-05-31

Applicant: Fortinet, Inc.

Inventor： Hemant Kumar Jain

IPC: G06F17/00 ,  H04L29/06

Abstract: Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for controlling multiple distributed denial of service (DDoS) mitigation appliances. A DDoS attack mitigation central controller configures attack mitigation policies for the DDoS attack mitigation appliances. The DDoS attack mitigation policies are sent to the DDoS attack mitigation appliances through a network connecting the DDoS attack mitigation central controller and the DDoS attack mitigation appliances.

公开(公告)号：US09825990B2

公开(公告)日：2017-11-21

申请号：US15609388

申请日：2017-05-31

Applicant: Fortinet, Inc.

Inventor： Hemant Kumar Jain

IPC: G06F17/00 ,  H04L29/06

CPC classification number: H04L63/1458 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/20

Abstract: Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for mitigating DDoS attacks. A DDoS attack mitigation appliance of multiple mitigation appliances controlled by a DDoS attack mitigation central controller receives DDoS attack mitigation policies through a network connecting the controller and the mitigation appliance. A DDoS attack is mitigated by the mitigation appliance based on the received mitigation policies. The mitigation policies are generated by the controller based on granular behavioral packet rate thresholds estimated based on granular traffic rate information collected from one or more of the multiple mitigation appliances controlled by the controller.

公开(公告)号：US20170302698A1

公开(公告)日：2017-10-19

申请号：US15640233

申请日：2017-06-30

Applicant: Fortinet, Inc.

Inventor： Hemant Kumar Jain

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1458

Abstract: Methods and systems for a scalable solution to behavioral Distributed Denial of Service (DDoS) attacks targeting a network are provided. According to one embodiment, a method to determine the scaling treatment is provided for various granular layer parameters of the Open System Interconnection (OSI) model for communication systems. A hardware-based apparatus helps identify packet rates and determine packet rate thresholds through continuous and adaptive learning with multiple DDoS attack mitigation components. The system can be scaled up by stacking multiple DDoS attack mitigation components to provide protection against large scale DDoS attacks by distributing load across these stacked components.

公开(公告)号：US20170264646A1

公开(公告)日：2017-09-14

申请号：US15609244

申请日：2017-05-31

Applicant: Fortinet, Inc.

Inventor： Hemant Kumar Jain

IPC: H04L29/06

CPC classification number: H04L63/1458 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/20

Abstract: Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for controlling multiple distributed denial of service (DDoS) mitigation appliances. A DDoS attack mitigation central controller configures attack mitigation policies for the DDoS attack mitigation appliances. The DDoS attack mitigation policies are sent to the DDoS attack mitigation appliances through a network connecting the DDoS attack mitigation central controller and the DDoS attack mitigation appliances.