COMBINING INTERNET ROUTING INFORMATION WITH ACCESS LOGS TO ASSESS RISK OF USER EXPOSURE

摘要

The present disclosure is directed towards systems and methods for evaluating or mitigating a network attack. A device determines one or more client internet protocol addresses associated with the attack on the service. The device assigns a severity score to the attack based on a type of the attack. The device identifies a probability of a user account accessing the service during an attack window based on the type of attack. The device generates an impact score for the user account based on the severity score and the probability of the user account accessing the service during the attack window. The device selects a mitigation policy for the user account based on the impact score.

主权项

1. A method of mitigating an attack on a service, comprising:
determining, by a device intermediary to a plurality of client devices and one or more servers configured to provide the service, one or more client internet protocol (IP) addresses associated with the attack on the service; assigning, by the device, a severity score to the attack based on a type of the attack; identifying, by the device based on the type of attack and the one or more client IP addresses, a probability of a user account accessing the service during an attack window; generating, by the device, an impact score for the user account based on the severity score and the probability of the user account accessing the service during the attack window; and selecting, by the device, a mitigation policy for the user account based on the impact score.