최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0864638 (2015-09-24) |
등록번호 | US-9774619 (2017-09-26) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 38 인용 특허 : 437 |
Systems and methods are described that enable the mitigation of network attacks directed to specific sets of content on a content delivery system. A set of content targeted in the attack may be identified based at least in part on a combination of network addresses to which attacked-related packets
Systems and methods are described that enable the mitigation of network attacks directed to specific sets of content on a content delivery system. A set of content targeted in the attack may be identified based at least in part on a combination of network addresses to which attacked-related packets are transmitted. Thereafter, the content delivery system may mitigate the attack based on the identified target. For example, where both targeted and non-targeted sets of content are associated with the attacked network addresses, traffic directed to these sets of content may be separated, e.g., in order to reduce the impact of the attack on the non-targeted sets of content or increase the computing resources available to the targeted content. Redirection of traffic may occur using either or both of resolution-based redirection or routing-based redirection.
1. A content delivery system comprising: a point of presence (“POP”) comprising a plurality of computing devices, the point of presence configured to retrieve content requests and transmit, in response to the content requests, a plurality of sets of content;a domain name system (“DNS”) server compri
1. A content delivery system comprising: a point of presence (“POP”) comprising a plurality of computing devices, the point of presence configured to retrieve content requests and transmit, in response to the content requests, a plurality of sets of content;a domain name system (“DNS”) server comprising one or more processors configured with specific computer-executable instructions to retrieve requests for network addresses of individual sets of content on the content delivery system, and to respond to the requests with network addresses identifying computing devices from the POP at which the individual sets of content may be accessed; andone or more computing devices implementing an attack mitigation service, the one or more computing devices configured with specific computer-executable instructions to: detect a network attack on the POP, wherein the network attack is directed to a combination of network addresses, including at least two different network addresses, utilized by the POP;identify, based at least in part on the combination of network addresses, a first set of content, from the plurality of sets of content, as a target of the network attack;identify, based at least in part on the combination of network addresses, a second set of content, from the plurality of sets of content, as not targeted by the network attack, wherein the second set of content is made available at at least one network address of the combination of network addresses; andsegregate traffic associated with the first and second sets of content at least partly by transmitting instructions to the DNS server to provide, in response to requests to resolve an identifier of the first set of content, network addresses associated with a second POP of the content delivery system. 2. The content delivery system of claim 1, wherein the combination of network addresses includes internet protocol (IP) addresses. 3. The content delivery system of claim 1, wherein the network attack is a denial of service (DoS) attack. 4. The content delivery system of claim 1, wherein the specific computer-executable instructions further configure the one or more computing devices to segregate traffic associated with the first and second sets of content at least partly by transmitting instructions to the DNS service to provide, in response to request to resolve an identifier of the second set of content network addresses associated with a third POP of the content delivery system. 5. The content delivery system of claim 1, wherein the specific computer-executable instructions further configure the one or more computing devices to generate the instructions to the DNS server, and wherein the instructions request that the DNS server identify the second POP based at least in part on a characteristic of the second POP included within the instructions. 6. The content delivery system of claim 5, wherein the characteristic of the second POP includes execution, by the second POP, of network attack mitigation software. 7. A computer-implemented method comprising: detecting a network attack on one or more computing devices of a content delivery system, wherein the network attack is directed to a combination of network addresses, including at least two different network addresses, utilized by the one or more computing devices, and wherein the one or more computing devices provide access to a plurality of sets of content;identifying a first set of content, from the plurality of sets of contents, as a target of the network attack based at least partly on the combination of network addresses to which the attack is directed;identifying, based at least in part on the combination of network addresses, a second set of content, from the plurality of sets of content, as not targeted by the network attack, wherein the second set of content is made available at at least one network address of the combination of network addresses; andmitigating the network attack based at least in part on segregating traffic associated with the first and second sets of content, wherein segregating the traffic comprises transmitting instructions to a resolution server of the content delivery system to provide, in response to requests to resolve an identifier of the first set of content, a second combination of network addresses associated with one or more alternative computing devices on the content delivery system. 8. The computer-implemented method of claim 7, wherein the second combination of network addresses is associated with the one or more alternative computing devices via anycast routing. 9. The computer-implemented method of claim 7 further comprising selecting the second combination of network addresses based at least in part on an association of the second combination of network addresses with one or more physical ports of a routing device within the content delivery system. 10. The computer-implemented method of claim 7 further comprising: gathering impact data for the network attack from the content delivery system; andselecting the one or more alternative computing devices based at least in part on comparing the impact data to a set of rules mapping impact data criteria to potential computing devices. 11. The computer-implemented method of claim 7, wherein identifying the first set of content as the target of the network attack comprises determining that the combination of network addresses is included within a set of network addresses that identifies the first set of content. 12. The computer-implemented method of claim 7 further comprising: gathering impact data for the network attack on the one or more alternative computing devices;determining that the impact data satisfies a threshold value; andtransmitting instructions to the resolution server to provide, in response to requests to resolve the identifier of the first set of content, a network address, wherein the content delivery system is configured to discard data addressed to the network address. 13. Non-transitory computer-readable media comprising computer-executable instructions that, when executed by a computing system, cause the computing system to: detect a network attack on a content delivery system, wherein the network attack is directed to a combination of addressing information sets, including at least two different addressing information sets, utilized by one or more computing devices of the content delivery system, and wherein the one or more computing devices provide access to a plurality of sets of content;identify a first set of content, from the plurality of sets of contents, as a target of the network attack based at least partly on the combination of addressing information sets to which the attack is directed;identify, based at least in part on the combination addressing information sets, a second set of content, from the plurality of sets of content, as not targeted by the network attack, wherein the second set of content is made available at at least one network address of the combination of network addresses;receive a request from an accessing computing device to resolve an identifier of the first set of content;based at least partly on identifying the first set of content as the target of the network attack, determine a second combination of addressing information sets to include within a response to the request, wherein the combination of addressing information sets are associated with one or more alternative computing devices on the content delivery system; andtransmit the second combination of network addresses to the accessing computing device in response to the request. 14. The non-transitory computer-readable media of claim 13, wherein addressing information sets comprises at least one of a network address, a port number, and a protocol. 15. The non-transitory computer-readable media of claim 13, wherein execution of the computer-executable instructions further causes the computing system to: obtain impact data for the network attack from the content delivery system; anddetermine the second combination of addressing information sets at least partly by comparing the impact data to a set of rules maintained in a data store of the content delivery system, the set of rules associating impact data criteria to addressing information sets of the content delivery system. 16. The non-transitory computer-readable media of claim 13, wherein execution of the computer-executable instructions further causes the computing system to determine the second combination of addressing information sets based at least in part on an association of the second combination of addressing information sets with one or more physical ports of a routing device within the content delivery system. 17. The non-transitory computer-readable media of claim 13, wherein execution of the computer-executable instructions further causes the computing system to: receive a request from an accessing computing device to resolve an identifier of the second set of content;based at least partly on identifying the second set of content as not targeted by the network attack, determine a third combination of addressing information sets to include within a response to the request; andtransmit the third combination of network addresses to the accessing computing device in response to the request. 18. The non-transitory computer-readable media of claim 13, wherein execution of the computer-executable instructions further causes the computing system to identify, based at least in part on the combination of network addresses, the first set of content as a target of the network attack at least partly by determining that the combination of addressing information sets is including within a plurality of addressing information sets that identify the first set of content. 19. The non-transitory computer-readable media of claim 13, wherein execution of the computer-executable instructions further causes the computing system to: gather impact data for the network attack on the one or more alternative computing devices;determine that the impact data satisfies a threshold value;receive a second request to resolve the identifier of the first set of content; andtransmit, in response to the second request, a predetermined addressing information set, wherein one or more routing devices within the content delivery system are configured to delay responses to data directed to the predetermined addressing information set. 20. The non-transitory computer-readable media of claim 13, wherein execution of the computer-executable instructions further causes the computing system to: gather impact data for the network attack on the one or more alternative computing devices;receive a second request to resolve the identifier of the first set of content;determine a third combination of addressing information sets to include within a response to the second request based at least in part on the impact data; andtransmit a response to the second request including the third combination of network addresses.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.