| 发明名称 | Systems and methods for detecting and preventing flooding attacks in a network environment | ||
| 摘要 | A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit. | ||
| 申请公布号 | US9130978(B2) | 申请公布日期 | 2015.09.08 |
| 申请号 | US201313795429 | 申请日期 | 2013.03.12 |
| 申请人 | Fortinet, Inc. | 发明人 | Wei Shaohong;Duan Gang;Chen Zhong Qiang;Xie Bing |
| 分类号 | G06F12/14;H04L29/06;H04L12/24;H04L1/18;H04L12/26 | 主分类号 | G06F12/14 |
| 代理机构 | Schwegman Lundberg & Woessner, P.A. | 代理人 | Schwegman Lundberg & Woessner, P.A. |
| 主权项 | 1. A method for processing network traffic data comprising: receiving a packet to initiate a new session associated with an Internet Protocol (IP) address; taking into account the received packet, determining a rate R at which a number of sessions initiation packets N associated with the IP address are received within a time period t, where R=N÷t; storing, on a data storage device, a representation of the rate R; comparing the rate R with a prescribed session rate threshold T; allowing the packet to pass when the session rate threshold R is less than the prescribed session rate threshold T (R<T); and classifying the packet as possibly associated with a flooding attack when the session rate threshold R is greater than or equal to the prescribed session rate threshold T (R≧T). | ||
| 地址 | Sunnyvale CA US | ||