发明名称 |
Systems and methods for detecting and preventing flooding attacks in a network environment |
摘要 |
A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit. |
申请公布号 |
US9130978(B2) |
申请公布日期 |
2015.09.08 |
申请号 |
US201313795429 |
申请日期 |
2013.03.12 |
申请人 |
Fortinet, Inc. |
发明人 |
Wei Shaohong;Duan Gang;Chen Zhong Qiang;Xie Bing |
分类号 |
G06F12/14;H04L29/06;H04L12/24;H04L1/18;H04L12/26 |
主分类号 |
G06F12/14 |
代理机构 |
Schwegman Lundberg & Woessner, P.A. |
代理人 |
Schwegman Lundberg & Woessner, P.A. |
主权项 |
1. A method for processing network traffic data comprising:
receiving a packet to initiate a new session associated with an Internet Protocol (IP) address; taking into account the received packet, determining a rate R at which a number of sessions initiation packets N associated with the IP address are received within a time period t, where R=N÷t; storing, on a data storage device, a representation of the rate R; comparing the rate R with a prescribed session rate threshold T; allowing the packet to pass when the session rate threshold R is less than the prescribed session rate threshold T (R<T); and classifying the packet as possibly associated with a flooding attack when the session rate threshold R is greater than or equal to the prescribed session rate threshold T (R≧T). |
地址 |
Sunnyvale CA US |