DETECTING SUSPICIOUS SOURCES, E.G. FOR CONFIGURING A DISTRIBUTED DENIAL OF SERVICE MITIGATION DEVICE

An apparatus (20) may access (25) a plurality of traffic logs (16) recorded at one or more network elements during a plurality of distributed denial of service (DDoS) attacks. A traffic log (16) comprises source information relating to transaction sources from which transactions received by a said n...

Full description

Saved in:
Bibliographic Details
Main Authors WAISBARD, Erez, EINZIGER, Gil
Format Patent
LanguageEnglish
French
German
Published 30.12.2020
Subjects
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online AccessGet full text

Cover

More Information
Summary:An apparatus (20) may access (25) a plurality of traffic logs (16) recorded at one or more network elements during a plurality of distributed denial of service (DDoS) attacks. A traffic log (16) comprises source information relating to transaction sources from which transactions received by a said network element during a said DDoS attack originate. The apparatus (20) may correlating the traffic logs (16) to determine transaction sources of that appear in a number of traffic logs higher than a defined threshold. The apparatus (20) may configure (27) a DDoS mitigation device (29) as a function of the determined transaction sources such as e.g. a firewall, a router or other appliances having a traffic filtering function.
Bibliography:Application Number: EP20180305923