公开(公告)号：US11991205B2

公开(公告)日：2024-05-21

申请号：US17132677

申请日：2020-12-23

Applicant: RADWARE, LTD.

Inventor： Ehud Doron ,  Nir Ilani ,  David Aviv ,  Yotam Ben Ezra ,  Amit Bismut ,  Yuriy Arbitman

IPC: H04L29/06 ,  H04L9/40 ,  H04L67/02

CPC classification number: H04L63/1458 ,  H04L63/0209 ,  H04L63/101 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/20 ,  H04L67/02 ,  H04L2463/141

Abstract: A method and system for protecting cloud-hosted applications against application-layer slow DDoS attacks are provided. The system include a processing circuitry; and a memory connected to the processor, the memory contains instructions that when executed by the processing circuitry, configure the system to: collect telemetries from a plurality of sources deployed in a plurality of public cloud computing platforms, wherein each of the plurality of public cloud computing platforms hosts an instance of a protected cloud-hosted application; provide a set of rate-based and rate-invariant features based on the collected telemetries; evaluate each feature in the set of rate-based and rate-invariant features to determine whether a behavior of each feature and a behavior of the set of rate-based and rate-invariant features indicate a potential application-layer slow DDoS attack; and cause execution of a mitigation action, when an indication of a potential application-layer slow DDoS attack is determined.

公开(公告)号：US11606387B2

公开(公告)日：2023-03-14

申请号：US16227912

申请日：2018-12-20

Applicant: RADWARE, LTD.

Inventor： Ehud Doron ,  Yotam Ben Ezra ,  David Aviv

IPC: H04L9/40 ,  G06N20/00

Abstract: A system and method for reducing a time to mitigate distributed denial of service (DDoS) attacks are provided. The method includes receiving a plurality of attack feeds on at least one protected object in a secured environment; analyzing the plurality of attack feeds to determine characteristics of a DDoS attack against the secure environment; determining a set of optimal mitigation resources assigned to the secured environment; selecting, based on the set of optimal mitigation resources and the attack characteristics, at least one optimal workflow scheme; and initiating a proactive mitigation action by setting each mitigation resource in the set of optimal mitigation resources according to the selected optimal workflow scheme.

公开(公告)号：US11552989B1

公开(公告)日：2023-01-10

申请号：US17456329

申请日：2021-11-23

Applicant: RADWARE LTD.

Inventor： Ehud Doron ,  Koral Haham ,  David Aviv

IPC: H04L9/40

Abstract: A method and system for characterizing application layer flood denial-of-service (DDoS) attacks carried by advanced application layer flood attack tools. The method comprises receiving an indication on an on-going DDoS attack directed toward a protected entity; analyzing requests received during the on-going DDoS attack to determine a plurality of different attributes of the received requests; generating a dynamic applicative multi-paraphrase signature by clustering at least one value of the plurality of different attributes, wherein the multi-paraphrase signature characterizes requests with different attributes as generated by an advanced application layer flood attack tool executing the on-going DDoS attack; and characterizing each incoming request based on the multi-paraphrase signature, wherein the characterization provides an indication for each incoming request whether a request is generated by the attack tool.

公开(公告)号：US11363044B2

公开(公告)日：2022-06-14

申请号：US16453035

申请日：2019-06-26

Applicant: RADWARE, LTD.

Inventor： Ehud Doron ,  Lev Medvedovsky ,  David Aviv ,  Eyal Rundstein ,  Ronit Lubitch Greenberg ,  Avishay Balderman

IPC: H04L29/06 ,  H04L9/40

Abstract: A method for detecting hypertext transfer protocol secure (HTTPS) flood denial-of-service (DDoS) attacks. The method estimating traffic telemetries of at least ingress traffic directed to a protected entity; providing at least one rate-base feature and at least one rate-invariant feature based on the estimated traffic telemetries, wherein the rate-base feature and the rate-invariant feature demonstrate a normal behavior of HTTPS traffic directed to the protected entity; evaluating the at least one rate-base feature and the at least one rate-invariant feature with respect to at least one baseline to determine whether the behavior of the at least HTTPS traffic indicates a potential HTTPS flood DDoS attack; and causing execution of a mitigation action when an indication of a potential HTTPS flood DDoS attack is determined.

公开(公告)号：US10129297B2

公开(公告)日：2018-11-13

申请号：US15707292

申请日：2017-09-18

Applicant: RADWARE, LTD.

Inventor： Ehud Doron ,  David Aviv ,  Yotam Ben Ezra ,  Lev Medvedovsky

IPC: H04L29/06 ,  H04L12/911

Abstract: A method and system for controlling multi-tiered mitigation of cyber-attacks. The method comprises monitoring at least availability and load of each protection resource in a multi-tiered communication network, wherein each tier in the multi-tiered communication network includes a plurality of protection resources having capacity and security capabilities set according to the respective tier; for each protection resource, computing a current aggregated load metric (ALM); determining based on at least one of the computed ALM and security capabilities of a respective protection resource, if the respective protection resource assigned to a protected entity can efficiently handle a detected cyber-attack against the protected entity; and selecting at least one new protection resource to secure the protected entity, upon determining the protection resource cannot efficiently handle the detected cyber-attack, wherein the selection is based on at least one of the computed ALM and a security capabilities of the at least one protection resource.

公开(公告)号：US09647938B2

公开(公告)日：2017-05-09

申请号：US13913932

申请日：2013-06-10

Applicant: Radware, Ltd.

Inventor： Avi Chesla ,  Ehud Doron

IPC: H04L12/741 ,  H04L29/06 ,  H04L29/08 ,  H04L12/715 ,  H04L12/24 ,  H04L12/701

CPC classification number: H04L45/74 ,  H04L41/12 ,  H04L45/00 ,  H04L45/42 ,  H04L45/64 ,  H04L63/0892 ,  H04L63/1416 ,  H04L63/1458 ,  H04L67/327

Abstract: A method for providing value added services (VAS) in a software defined network (SDN). The method comprises determining which value added services and their order should be assigned to an incoming traffic; determining for each of the one or more value added services their respective servers providing the value added services and assigning a unique diversion value to each server; instructing at least one peer network element to set a diversion field in each packet in the incoming traffic with a diversion value corresponding to a server providing a first value added service of the one or more value added services; and instructing each edge network element to set the diversion field of each packet output by the server to designate a destination node for the packet, wherein the destination node is any one of the destination server and a server providing a subsequent value added service.

公开(公告)号：US11888893B2

公开(公告)日：2024-01-30

申请号：US18162276

申请日：2023-01-31

Applicant: Radware Ltd.

Inventor： Ehud Doron ,  Koral Haham ,  David Aviv

IPC: H04L9/40

CPC classification number: H04L63/1458 ,  H04L63/168

Abstract: A method and system for characterizing application layer denial-of-service (DDoS) attacks are provided. The method includes generating a dynamic applicative signature by analyzing requests received during an on-going DDoS attack, wherein the dynamic applicative signature characterizes based on frequent applicative attributes appeared from the received; characterizing each incoming request based on the generated dynamic applicative signature, wherein the characterization provides an indication for each incoming request whether an incoming request is generated by an attack tool executing the on-going DDoS attributes; and causing a mitigation action on the incoming request generated by the attack tool based on the generated dynamic applicative signature.

公开(公告)号：US11563772B2

公开(公告)日：2023-01-24

申请号：US16731441

申请日：2019-12-31

Applicant: RADWARE, LTD.

Inventor： Ehud Doron ,  David Aviv ,  Eyal Rundstein ,  Lev Medvedovsky

IPC: H04L9/40 ,  H04L43/062 ,  H04L43/067 ,  H04L43/0876 ,  H04L43/16

Abstract: A method and system for protecting against quick UDP Internet connection (QUIC) based denial-of-service (DDoS) attacks. The system comprises extracting traffic features from at least traffic directed to a protected entity, wherein the traffic features demonstrate behavior of QUIC user datagram protocol (UDP) traffic directed to the protected entity, wherein the extract traffic features include at least one rate-base feature and at least one rate-invariant feature, and wherein the at least traffic includes QUIC packets; computing at least one baseline for each of the at least one rate-base feature and the at least one rate-invariant feature; and analyzing real-time samples of traffic directed to the protected entity to detect a deviation from each of the at least one computed baseline, wherein the deviation is indicative of a detected QUIC DDoS attack; and causing execution of at least one mitigation action when an indication of the detected QUIC DDoS attack is determined.

公开(公告)号：US10951648B2

公开(公告)日：2021-03-16

申请号：US15940360

申请日：2018-03-29

Applicant: RADWARE, LTD.

Inventor： Ehud Doron ,  Nir Ilani ,  David Aviv ,  Yotam Ben Ezra ,  Amit Bismut

IPC: H04L29/06 ,  G06N5/04 ,  H04L12/803 ,  G06N20/00

Abstract: A method, system and a platform for protecting against excessive utilization of at least one cloud service for operation of a cloud-hosted application. The method comprising receiving, at a defense platform deployed out-of-path of traffic between a plurality of end user devices and the cloud-hosted application, telemetries from a plurality of sources, wherein each source is configured to collect telemetries related to at least one of the at least one cloud service; detecting, based on the collected telemetries and a learned normal utilization behavior for the cloud-hosted application, excessive utilization of at least one of the at least one cloud service by the cloud-hosted application; and causing mitigation, at the defense platform, of the excessive utilization of each cloud service upon detection of the excessive utilization of the at least one cloud service by the cloud-hosted application.

公开(公告)号：US09450981B2

公开(公告)日：2016-09-20

申请号：US13828043

申请日：2013-03-14

Applicant: Radware, Ltd.

Inventor： Ehud Doron ,  Avi Chesla

IPC: H04L29/06 ,  H04L12/24

CPC classification number: H04L63/1458 ,  H04L41/50 ,  H04L41/5003 ,  H04L41/5019

Abstract: A method for efficient mitigation of denial of service (DoS) attacks in a virtual network. The method maintains a security service level agreement (SLA) guaranteed to protected objects. The method includes ascertaining that a denial of service (DoS) attack is performed in the virtual network; checking if the DoS attack affects at least one physical machine hosting at least one protected object, wherein the protected object is provisioned with at least a guaranteed security service level agreement (SLA); determining, by a central controller of the virtual network, an optimal mitigation action to ensure the at least one security SLA guaranteed to the least one protected object; and executing the determined optimal mitigation action to mitigate the DoS attack, wherein the optimal mitigation action is facilitated by resources of the virtual network.

Abstract translation: 一种有效减轻虚拟网络中拒绝服务（DoS）攻击的方法。 该方法维护对受保护对象的安全服务级别协议（SLA）。 该方法包括确定在虚拟网络中执行拒绝服务（DoS）攻击; 检查DoS攻击是否影响至少一个托管至少一个受保护对象的物理机，其中所述受保护对象被提供至少具有保证的安全服务级别协议（SLA）; 由所述虚拟网络的中央控制器确定最佳缓解动作以确保所述至少一个安全SLA被保护到所述至少一个被保护对象; 以及执行所确定的最佳缓解动作以减轻所述DoS攻击，其中所述最佳缓解动作由所述虚拟网络的资源促进。