Sean Rooney, Christopher J. Giblin, Marcel Waldvogel, Paul T. Hurley: Identifying a Distributed Denial of Service (DDoS) Attack within a Network and Defending Against such an Attack. International Patent TWI332159, 2004.

Abstract

The invention provides methods, apparatus and systems for detecting distributed denial of service (DDoS) attacks within the Internet by sampling packets at a point or points in Internet backbone connections to determine a packet metric parameter. The packet metric parameter which might comprise the volume of packets received is analysed over selected time intervals with respect to specified geographical locations in which the hosts transmitting the packets are located. The expected behaviour can be employed to identify traffic distortions revealing a DDoS attack. In a complementary aspect, the invention provides a method of authenticating packets at routers in order to elevate the QoS of authenticated packets. This method can be used to block or filter packets and can be used in conjunction with the DDoS attack detection system to defend against DDoS attacks within the Internet in a distributed manner.

BibTeX (Download)

@misc{Rooney2004Identifying,
title = {Identifying a Distributed Denial of Service (DDoS) Attack within a Network and Defending Against such an Attack},
author = {Sean Rooney and Christopher J. Giblin and Marcel Waldvogel and Paul T. Hurley},
url = {https://netfuture.ch/wp-content/uploads/2017/01/us2006010389a1.pdf},
year  = {2004},
date = {2004-04-05},
urldate = {1000-01-01},
abstract = {The invention provides methods, apparatus and systems for detecting distributed denial of service (DDoS) attacks within the Internet by sampling packets at a point or points in Internet backbone connections to determine a packet metric parameter. The packet metric parameter which might comprise the volume of packets received is analysed over selected time intervals with respect to specified geographical locations in which the hosts transmitting the packets are located. The expected behaviour can be employed to identify traffic distortions revealing a DDoS attack. In a complementary aspect, the invention provides a method of authenticating packets at routers in order to elevate the QoS of authenticated packets. This method can be used to block or filter packets and can be used in conjunction with the DDoS attack detection system to defend against DDoS attacks within the Internet in a distributed manner.},
howpublished = {International Patent TWI332159},
keywords = {Denial of Service, Security},
pubstate = {published},
tppubtype = {misc}
}