主权项 |
1. A method comprising:
receiving from one or more routers within a protected network, by a distributed denial of service (DDoS) attack detection module coupled with a flow controller via a host interface, flow statistics packets; parsing, by the DDoS attack detection module, the flow statistics packets at layer 2 and validating Ethernet frames; parsing, by the DDoS attack detection module, the flow statistics packets at layer 3 and validating Internet Protocol (IP) version 4 (IPv4) and IP version 6 (IPv6) packets; parsing, by the DDoS attack detection module, the flow statistics packets at layer 4 and validating Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) packets; parsing, by the DDoS attack detection module, the flow statistics packets at layer 7 and validating protocol data units associated with one or more flow statistics protocols; deriving, by the DDoS attack detection module, relevant fields from layer 3, layer 4 and layer 7 and calculating based thereon layer 3 granular rates, layer 4 granular rates and layer 7 granular rates, respectively; determining, by the DDoS attack detection module, a DDoS attack status of at least one monitored destination coupled to or within the protected network based on observed rate anomalies by comparing the derived layer 3 granular rates, the derived layer 4 granular rates, the layer 7 granular rates with corresponding rate thresholds; responsive to determining the at least one monitored destination is under attack, interrupting the flow controller, by the DDoS attack detection module, via the host interface; and causing traffic destined for the at least one monitored destination to be diverted by a route reflector within the protected network to a DDoS attack mitigation appliance within the protected network by responsive to the interrupt, informing, by the flow controller, the route reflector regarding the determined DDoS attack status. |