최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0864684 (2015-09-24) |
등록번호 | US-9794281 (2017-10-17) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 35 인용 특허 : 439 |
Systems and methods are described to enable identification of computing devices associated with network attacks, such as denial of service attacks. Data packets used to execute a network attack often include forged source address information, such that the address of an attacker is difficult or impo
Systems and methods are described to enable identification of computing devices associated with network attacks, such as denial of service attacks. Data packets used to execute a network attack often include forged source address information, such that the address of an attacker is difficult or impossible to determine based on those data packets. However, attackers generally provide legitimate address information when resolving an identifier, such as a universal resource identifier (URI), of an attack target into corresponding destination addresses. The application enables individual client computing devices to be provided with different combinations of destination addresses, such that when an attack is detected on a given combination of destination address, the client computing device to which that combination of destination addresses was provided can be identified as a source of the attack.
1. A system comprising: a name resolution server including a physical processor configured with specific computer-executable instructions to: receive, from a first computing device, a request to resolve an identifier of a set of content on a content delivery system;determine a first combination of n
1. A system comprising: a name resolution server including a physical processor configured with specific computer-executable instructions to: receive, from a first computing device, a request to resolve an identifier of a set of content on a content delivery system;determine a first combination of network addresses for the set of content based at least in part on an identifier of the first computing device, wherein the first combination of network addresses is selected from a set of network addresses at which the set of content is made available by the content delivery system;transmit the first combination of network addresses to the first computing device;receive a request to resolve the identifier of the set of content from a second computing device;determine a second combination of network addresses for the set of content based at least in part on an identifier of the second computing device, wherein the second combination of network addresses is different from the first combination of network addresses;transmit the second combination of network addresses to the second computing device;a network attack source identification server including a physical processor configured with specific computer-executable instructions to: detect a network attack on the content delivery system, the network attack directed to a plurality of network addresses;determine that the plurality of network addresses to which the network attack is directed is included in the first combination of network addresses transmitted to the first computing device;derive the identifier of the first computing device from at least the first combination of network addresses transmitted to the first computing device; andidentify the first computing device as associated with the network attack. 2. The system of claim 1, wherein the set of content is associated with a domain name hosted by the content delivery system. 3. The system of claim 1, wherein the plurality of network addresses are internet protocol (IP) addresses. 4. The system of claim 1, wherein the network attack is a denial of service (DoS) attack. 5. The system of claim 1, wherein the name resolution server is further configured to transmit to the network attack source identification server information associating the first combination of network addresses and the identifier of the first computing device, and wherein the network attack source identification server is configured to derive the identifier of the first computing device from at least the information associating the first combination of network addresses and the identifier of the first computing device. 6. A computer-implemented method comprising: receiving a request from a first computing device to resolve an identifier for a set of content on a content delivery system;determining a first combination of addressing information sets for the set of content based at least in part on an identifier of the first computing device, wherein the first combination of addressing information sets is distinct from a second combination of addressing information sets determined for a second computing device, and wherein the first combination addressing information sets is selected from a group of addressing information sets at which the set of content is made available by the content delivery system;transmitting the first combination of addressing information sets to the first computing device;detecting a network attack, on the content delivery system, directed to a plurality of addressing information sets;determining that the plurality of addressing information sets is included within the first combination of addressing information sets;deriving the identifier of the first computing device from at least the first combination of network addresses transmitted to the first computing device; andidentifying the first computing device as associated with the network attack. 7. The computer-implemented method of claim 6, wherein addressing information sets comprise at least one of a network address, a port number, and a protocol. 8. The computer-implemented method of claim 6, wherein detecting the network attack on the content delivery system comprises receiving a notification of the network attack and a listing of the plurality of addressing information sets. 9. The computer-implemented method of claim 6, wherein the first combination of addressing information sets is selected from the group of addressing information sets based at least in part on hashing an identifier of the first computing device. 10. The computer-implemented method of claim 9, wherein the identifier of the first computing device is at least one of an internet protocol (IP) address or a media access control (MAC) address. 11. The computer-implemented method of claim 6, wherein at least one addressing information set is included in both the first combination of addressing information sets and the second combination of addressing information sets. 12. The computer-implemented method of claim 6, wherein the first combination of addressing information sets is transmitted only to the first computing device. 13. The computer-implemented method of claim 6 further comprising: subsequent to identifying of the first computing device as associated with the network attack, receiving a request from the first computing device to resolve an identifier of the set of content;determining one or more addressing information sets to be distributed to computing devices associated with network attacks; andtransmitting to the first computing device the one or more addressing information sets. 14. The computer-implemented method of claim 13, wherein the content delivery system is configured to discard packets addressed to the one or more addressing information sets. 15. The computer-implemented method of claim 6, wherein detecting a network attack, on the content delivery system, directed to a plurality of addressing information sets comprises: detecting that a first addressing information set of the plurality of addressing information sets is under attack; andmodifying the content delivery system to remove the first addressing information set from responses to resolution requests corresponding to the set of content. 16. A system comprising: a computing device in communication with a content delivery system enabling a plurality of client computing devices to access a set of content, the computing device configured with specific computer-executable instructions to: detect a network attack on the content delivery system, the network attack directed to a plurality of addressing information sets at which a set of content may be accessed on the content delivery system;determine a mapping between individual client computing devices, of the plurality of client computing devices, and combinations of addressing information sets distributed to the individual client computing devices in response to requests to access the set of content, the combinations of addressing information sets selected from a group of addressing information sets at which the set of content is made available by the content delivery system;compare the plurality of addressing information sets to the mapping to derive an identifier of a first client computing device from at least the mapping and the plurality of addressing information sets; andidentify the first client computing device as associated with the network attack. 17. The system of claim 16, wherein the specific computer-executable instructions configure the computing device to identify the first client computing device as associated with the network attack by associating the identifier of the first client computing device with the network attack. 18. The system of claim 16, wherein the specific computer-executable instructions configure the computing device to transmit instructions to one or more network routing devices within the content delivery system to discard packets received from the first client computing device. 19. The system of claim 16, wherein the specific computer-executable instructions configure the computing device to determine the mapping based at least in part on information received from a name resolution system, the information identifying combinations of addressing information sets distributed to individual client computing devices of the plurality of client computing devices. 20. The system of claim 16 further comprising a name resolution server configured with specific computer-executable instructions to: receive, from individual client computing devices of the plurality of client computing devices, requests to resolve an identifier of the set of content;distribute to the individual client computing devices distinct combinations of addressing information sets. 21. The system of claim 20, wherein the distinct combinations of addressing information sets are determined by the name resolution server based at least in part on identifiers of the individual client computing devices.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.