公开(公告)号：US11888893B2

公开(公告)日：2024-01-30

申请号：US18162276

申请日：2023-01-31

Applicant: Radware Ltd.

Inventor： Ehud Doron ,  Koral Haham ,  David Aviv

IPC: H04L9/40

CPC classification number: H04L63/1458 ,  H04L63/168

Abstract: A method and system for characterizing application layer denial-of-service (DDoS) attacks are provided. The method includes generating a dynamic applicative signature by analyzing requests received during an on-going DDoS attack, wherein the dynamic applicative signature characterizes based on frequent applicative attributes appeared from the received; characterizing each incoming request based on the generated dynamic applicative signature, wherein the characterization provides an indication for each incoming request whether an incoming request is generated by an attack tool executing the on-going DDoS attributes; and causing a mitigation action on the incoming request generated by the attack tool based on the generated dynamic applicative signature.

公开(公告)号：US11563772B2

公开(公告)日：2023-01-24

申请号：US16731441

申请日：2019-12-31

Applicant: RADWARE, LTD.

Inventor： Ehud Doron ,  David Aviv ,  Eyal Rundstein ,  Lev Medvedovsky

IPC: H04L9/40 ,  H04L43/062 ,  H04L43/067 ,  H04L43/0876 ,  H04L43/16

Abstract: A method and system for protecting against quick UDP Internet connection (QUIC) based denial-of-service (DDoS) attacks. The system comprises extracting traffic features from at least traffic directed to a protected entity, wherein the traffic features demonstrate behavior of QUIC user datagram protocol (UDP) traffic directed to the protected entity, wherein the extract traffic features include at least one rate-base feature and at least one rate-invariant feature, and wherein the at least traffic includes QUIC packets; computing at least one baseline for each of the at least one rate-base feature and the at least one rate-invariant feature; and analyzing real-time samples of traffic directed to the protected entity to detect a deviation from each of the at least one computed baseline, wherein the deviation is indicative of a detected QUIC DDoS attack; and causing execution of at least one mitigation action when an indication of the detected QUIC DDoS attack is determined.

公开(公告)号：US11290374B2

公开(公告)日：2022-03-29

申请号：US14743229

申请日：2015-06-18

Applicant: RADWARE, LTD.

Inventor： Benny Rochwerger ,  David Aviv

IPC: G06F15/16 ,  H04L45/00 ,  H04L47/24 ,  H04L45/30 ,  H04L47/2475 ,  H04L47/2425

Abstract: A method and system for multi-layer traffic steering for enabling service chaining over a software defined network (SDN) are provided. The method is performed by a central controller of the SDN and includes receiving at least one service chaining rule defining at least one value-added service (VAS) to assign to an incoming traffic flow addressed to a destination server; analyzing each of the at least one received service chaining rule to determine if an application-layer steering is required; generating at least one application-layer steering rule, upon determining that an application-layer steering is required; generating at least one network-layer steering rule, upon determining that an application-layer steering is not required; and programming a multi-layer steering fabric with the generated at least one of network-layer steering rule and application-layer steering rule.

公开(公告)号：US10951648B2

公开(公告)日：2021-03-16

申请号：US15940360

申请日：2018-03-29

Applicant: RADWARE, LTD.

Inventor： Ehud Doron ,  Nir Ilani ,  David Aviv ,  Yotam Ben Ezra ,  Amit Bismut

IPC: H04L29/06 ,  G06N5/04 ,  H04L12/803 ,  G06N20/00

Abstract: A method, system and a platform for protecting against excessive utilization of at least one cloud service for operation of a cloud-hosted application. The method comprising receiving, at a defense platform deployed out-of-path of traffic between a plurality of end user devices and the cloud-hosted application, telemetries from a plurality of sources, wherein each source is configured to collect telemetries related to at least one of the at least one cloud service; detecting, based on the collected telemetries and a learned normal utilization behavior for the cloud-hosted application, excessive utilization of at least one of the at least one cloud service by the cloud-hosted application; and causing mitigation, at the defense platform, of the excessive utilization of each cloud service upon detection of the excessive utilization of the at least one cloud service by the cloud-hosted application.

公开(公告)号：US11991205B2

公开(公告)日：2024-05-21

申请号：US17132677

申请日：2020-12-23

Applicant: RADWARE, LTD.

Inventor： Ehud Doron ,  Nir Ilani ,  David Aviv ,  Yotam Ben Ezra ,  Amit Bismut ,  Yuriy Arbitman

IPC: H04L29/06 ,  H04L9/40 ,  H04L67/02

CPC classification number: H04L63/1458 ,  H04L63/0209 ,  H04L63/101 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/20 ,  H04L67/02 ,  H04L2463/141

Abstract: A method and system for protecting cloud-hosted applications against application-layer slow DDoS attacks are provided. The system include a processing circuitry; and a memory connected to the processor, the memory contains instructions that when executed by the processing circuitry, configure the system to: collect telemetries from a plurality of sources deployed in a plurality of public cloud computing platforms, wherein each of the plurality of public cloud computing platforms hosts an instance of a protected cloud-hosted application; provide a set of rate-based and rate-invariant features based on the collected telemetries; evaluate each feature in the set of rate-based and rate-invariant features to determine whether a behavior of each feature and a behavior of the set of rate-based and rate-invariant features indicate a potential application-layer slow DDoS attack; and cause execution of a mitigation action, when an indication of a potential application-layer slow DDoS attack is determined.

公开(公告)号：US11606387B2

公开(公告)日：2023-03-14

申请号：US16227912

申请日：2018-12-20

Applicant: RADWARE, LTD.

Inventor： Ehud Doron ,  Yotam Ben Ezra ,  David Aviv

IPC: H04L9/40 ,  G06N20/00

Abstract: A system and method for reducing a time to mitigate distributed denial of service (DDoS) attacks are provided. The method includes receiving a plurality of attack feeds on at least one protected object in a secured environment; analyzing the plurality of attack feeds to determine characteristics of a DDoS attack against the secure environment; determining a set of optimal mitigation resources assigned to the secured environment; selecting, based on the set of optimal mitigation resources and the attack characteristics, at least one optimal workflow scheme; and initiating a proactive mitigation action by setting each mitigation resource in the set of optimal mitigation resources according to the selected optimal workflow scheme.

公开(公告)号：US11552989B1

公开(公告)日：2023-01-10

申请号：US17456329

申请日：2021-11-23

Applicant: RADWARE LTD.

Inventor： Ehud Doron ,  Koral Haham ,  David Aviv

IPC: H04L9/40

Abstract: A method and system for characterizing application layer flood denial-of-service (DDoS) attacks carried by advanced application layer flood attack tools. The method comprises receiving an indication on an on-going DDoS attack directed toward a protected entity; analyzing requests received during the on-going DDoS attack to determine a plurality of different attributes of the received requests; generating a dynamic applicative multi-paraphrase signature by clustering at least one value of the plurality of different attributes, wherein the multi-paraphrase signature characterizes requests with different attributes as generated by an advanced application layer flood attack tool executing the on-going DDoS attack; and characterizing each incoming request based on the multi-paraphrase signature, wherein the characterization provides an indication for each incoming request whether a request is generated by the attack tool.

公开(公告)号：US11363044B2

公开(公告)日：2022-06-14

申请号：US16453035

申请日：2019-06-26

Applicant: RADWARE, LTD.

Inventor： Ehud Doron ,  Lev Medvedovsky ,  David Aviv ,  Eyal Rundstein ,  Ronit Lubitch Greenberg ,  Avishay Balderman

IPC: H04L29/06 ,  H04L9/40

Abstract: A method for detecting hypertext transfer protocol secure (HTTPS) flood denial-of-service (DDoS) attacks. The method estimating traffic telemetries of at least ingress traffic directed to a protected entity; providing at least one rate-base feature and at least one rate-invariant feature based on the estimated traffic telemetries, wherein the rate-base feature and the rate-invariant feature demonstrate a normal behavior of HTTPS traffic directed to the protected entity; evaluating the at least one rate-base feature and the at least one rate-invariant feature with respect to at least one baseline to determine whether the behavior of the at least HTTPS traffic indicates a potential HTTPS flood DDoS attack; and causing execution of a mitigation action when an indication of a potential HTTPS flood DDoS attack is determined.

公开(公告)号：US10924484B2

公开(公告)日：2021-02-16

申请号：US15994434

申请日：2018-05-31

Applicant: RADWARE, LTD.

Inventor： Alon Lelcuk ,  David Aviv

IPC: H04L29/06 ,  G06Q20/38 ,  H04L9/06 ,  H04L9/32

Abstract: A method and system for determining a cost to allow a blockchain-based admission to a protected entity. The method includes identifying, in a blockchain network, a conversion transaction identifying a conversion of a first-type of access tokens with access tokens of a second-type, wherein the transaction designates at least the protected entity; determining a conversion value for converting the first-type of access tokens into the second-type access tokens, wherein the conversion value is determined based on at least one access parameter; and converting, based on the determined conversion value, a first sum of the first-type access tokens into a second sum of the second-type access-tokens, wherein a client spends the second sum of the second-type access tokens to access the protected entity, the determined conversion value is the access cost to the protected entity.

公开(公告)号：US10200382B2

公开(公告)日：2019-02-05

申请号：US14933353

申请日：2015-11-05

Applicant: RADWARE, LTD.

Inventor： Lev Medvedovsky ,  David Aviv

IPC: H04L29/06

Abstract: A system and method for detecting abnormal traffic behavior. The method comprises: applying a task to an input data set to create an un-normalized cluster of traffic features, wherein the task defines a plurality of traffic features; computing a center point of the cluster of traffic features; computing a distance between the computed center point and a new sample, wherein the new sample includes traffic features defined in the task; and determining, based on the computed distance, whether the received new sample demonstrates abnormal behavior.