首页>
外国专利>
Methods and devices for providing distributed, adaptive IP filtering against distributed denial of service attacks
Methods and devices for providing distributed, adaptive IP filtering against distributed denial of service attacks
展开▼
机译:提供针对分布式拒绝服务攻击的分布式自适应IP过滤的方法和设备
展开▼
页面导航
摘要
著录项
相似文献
摘要
The present invention provides systems and methods for providing distributed, adaptive IP filtering techniques used in detecting and blocking IP packets involved in DDOS attacks through the use of Bloom Filters and leaky-bucket concepts to identify “attack” flows. In an exemplary embodiment of the present invention, a device tracks certain criteria of all IP packets traveling from IP sources outside a security perimeter to network devices within the security perimeter. The present invention examines the criteria and places them in different classifications in a uniformly random manner, estimates the amount of criteria normally received and then determines when a group of stored classifications is too excessive to be considered normal for a given period of time. After the device determines the criteria that excessive IP packets have in common, the device then determines rules to identify the packets that meet such criteria and filters or blocks so identified packets.
展开▼