SDN-Based DDOS Attack Prevention Method, Apparatus, and System
US-2018013787-A1 · Jan 11, 2018 · US
Method and device for defending against network attacks
US2016337397A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016337397-A1 |
| Application number | US-201615153534-A |
| Country | US |
| Kind code | A1 |
| Filing date | May 12, 2016 |
| Priority date | May 15, 2015 |
| Publication date | Nov 17, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments of the present application relate to a method and device for defending against website attacks. The method includes obtaining a traffic threshold value corresponding to a target IP address, determining whether real-time visitor traffic for the target IP address exceeds the traffic threshold value, and handling visitor traffic for the target IP address based at least in part on whether the real-time visitor traffic for the target IP address exceeds the traffic threshold value, wherein the handling incoming visitor traffic for the target IP address based at least in part on whether the real-time visitor traffic for the target IP address exceeds the traffic threshold value includes, in the event that the real-time visitor traffic for the target IP address exceeds the traffic threshold value, configuring a blackhole route for the target IP address, and redirecting the incoming visitor traffic for the target IP address to the blackhole route.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method of defending against website attacks, comprising: obtaining a traffic threshold value corresponding to a target IP address; determining whether real-time visitor traffic for the target IP address exceeds the traffic threshold value; and handling incoming visitor traffic for the target IP address based at least in part on whether the real-time visitor traffic for the target IP address exceeds the traffic threshold value, wherein the handling incoming visitor traffic for the target IP address based at least in part on whether the real-time visitor traffic for the target IP address exceeds the traffic threshold value comprises: in the event that the real-time visitor traffic for the target IP address exceeds the traffic threshold value: configuring a blackhole route for the target IP address; and redirecting the incoming visitor traffic for the target IP address to the is blackhole route. 2 . The method of claim 1 , wherein the handling incoming visitor traffic for the target IP address based at least in part on whether the real-time visitor traffic for the target IP address exceeds the traffic threshold value comprises: in the event that the real-time visitor traffic for the target IP address exceeds the traffic threshold value: obtaining a blackhole route release time corresponding to the target IP address; determining whether a blackhole route redirect time associated with the target IP address incoming visitor traffic has reached the blackhole route release time; and in the event that the blackhole route redirect time has reached the blackhole route release time, stopping the blackhole route. 3 . The method of claim 1 , wherein a traffic threshold value is configured to a corresponding value for a corresponding user, and the traffic threshold value corresponding to the target IP address is the traffic threshold value of the corresponding user associated with the target IP address. 4 . The method of claim 1 , wherein a plurality of traffic threshold values are configured separately for a corresponding plurality of IP addresses associated with a user, and the traffic threshold value corresponding to the target IP address is the traffic threshold value set for that target IP address. 5 . The method of claim 1 , wherein the obtaining of the traffic threshold value corresponding to the target IP address comprises: obtaining the traffic threshold value corresponding to the target IP address based at least in part on one or more of status information of a user associated with the target IP address, historical visit information on a plurality of IP addresses associated with the user associated with the target IP address, or both. 6 . The method of claim 1 , wherein the obtaining of the traffic threshold value corresponding to the target IP address comprises: obtaining a plurality of traffic threshold values corresponding to ones of a plurality of target IP addresses of a user, the plurality of traffic threshold values being obtained based at least is in part on: status information of the user associated with the target IP addresses, historical visit information on the target IP addresses, or both. 7 . The method of claim 1 , wherein the obtaining of the traffic threshold value corresponding to the target IP address comprises: obtaining a preset traffic threshold value determining rule; and determining the traffic threshold value corresponding to the target IP address based at least in part on one or more of: the preset traffic threshold value determining rule, status information of a user associated with the target IP address, historical visit information on the target IP address, and historical visit information on a plurality of IP addresses owned by the user associated with the target IP address. 8 . The method of claim 1 , wherein the obtaining of the traffic threshold value corresponding to the target IP address comprises: determining the traffic threshold value corresponding to the target IP address based at least in part on one or more of: a preset traffic threshold value determining rule, status information of a user associated with the target IP address, and historical visit information on a plurality of IP addresses owned by the user associated with the target IP address, wherein: the status information of the user associated with the target IP address comprises a user level of the user associated with the target IP address; and the historical visit information on the plurality of IP addresses owned by the user associated with the target IP address comprises: a number of times that visitor traffic for the plurality of IP addresses owned by the user associated with the target IP address was forwarded to the blackhole route within a specific historical period of time, a total length of time that the plurality of IP addresses owned by the user associated with the target IP address were attacked within the specific historical period of time, or both. 9 . The method of claim 1 , wherein the obtaining of the traffic threshold value corresponding to the target IP address comprises: obtaining a preset traffic threshold value determining rule; and determining the traffic threshold value corresponding to the target IP address based at least in part on one or more of: the preset traffic threshold value determining rule, status is information of a user associated with the target IP address, and historical visit information on a plurality of IP addresses owned by the user associated with the target IP address, wherein the traffic threshold value is determined based on one or more of: an increasing function in relation to a user level of the user associated with the target IP address, a decreasing function in relation to a number of times that visitor traffic for the plurality of IP addresses owned by the user associated with the target IP address was forwarded to the blackhole route within a specific historical period of time, and a decreasing function in relation to a total length of time that the plurality of IP addresses owned by the user associated with the target IP address were attacked within the specific historical period of time. 10 . The method of claim 1 , wherein the obtaining of the traffic threshold value corresponding to the target IP address comprises: obtaining a preset traffic threshold value determining rule; and determining the traffic threshold value corresponding to the target IP address based at least in part on one or more of the preset traffic threshold value determining rule, status information of a user associated with the target IP address, or historical visit information on the target IP address, wherein: the status information of the user associated with the target IP address comprises a user level of the user associated with said target IP address; and the historical visit information on the target IP address comprises one or more of: a number of times that the incoming visitor traffic for the target IP address was forwarded to the blackhole route within a specific historical period of time, and a total length of time that the target IP address was attacked within the specific historical period of time. 11 . The method of claim 1 , wherein the obtaining of the traffic threshold value corresponding to the target IP address comprises: obtaining a preset traffic threshold value determining rule; and determining the traffic threshold value corresponding to the target IP address based at least in part on the preset traffic threshold value determining rule, wherein the traffic threshold value corresponds to one or more of: an increasing function in relation to a user level of a user asso
Assignees
Inventors
Classifications
Network utilisation, e.g. volume of load or congestion level · CPC title
- H04L63/1458Primary
Denial of Service · CPC title
- H04L63/1466Primary
Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks · CPC title
Traffic logging, e.g. anomaly detection · CPC title
based on web technology, e.g. hypertext transfer protocol [HTTP] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016337397A1 cover?
- Embodiments of the present application relate to a method and device for defending against website attacks. The method includes obtaining a traffic threshold value corresponding to a target IP address, determining whether real-time visitor traffic for the target IP address exceeds the traffic threshold value, and handling visitor traffic for the target IP address based at least in part on wheth…
- Who is the assignee on this patent?
- Alibaba Group Holding Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1458. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Nov 17 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).