摘要 |
<p>A system architecture for thwarting denial of service attacks on a victim (12) data center (20a-20c) is described. The system includes a first plurality of monitors that monitor network traffic flow through the network. The first plurality of monitors is disposed at a second plurality of points in the network. The system includes a central controller that receives data from the plurality of monitors, over a hardened, redundant network (30). The central controller analyzes network traffic statistics to identify malicious network traffic. In some embodiments of the system, a gateway (26) device is disposed of pass network packets between the network and the victim site. The gateway (26) is disposed to protect the victim site, and is coupled to the control center (24) by the redundant hardened networkm (30).</p> |