최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0714993 (2017-09-25) |
등록번호 | US-10200402 (2019-02-05) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 0 인용 특허 : 504 |
Systems and methods are described that enable the mitigation of network attacks directed to specific sets of content on a content delivery system. A set of content targeted in the attack may be identified based at least in part on a combination of network addresses to which attacked-related packets
Systems and methods are described that enable the mitigation of network attacks directed to specific sets of content on a content delivery system. A set of content targeted in the attack may be identified based at least in part on a combination of network addresses to which attacked-related packets are transmitted. Thereafter, the content delivery system may mitigate the attack based on the identified target. For example, where both targeted and non-targeted sets of content are associated with the attacked network addresses, traffic directed to these sets of content may be separated, e.g., in order to reduce the impact of the attack on the non-targeted sets of content or increase the computing resources available to the targeted content. Redirection of traffic may occur using either or both of resolution-based redirection or routing-based redirection.
1. A computer-implemented method comprising: detecting a network attack on one or more computing devices of a content delivery system, wherein the network attack is directed to a combination of addressing information sets including at least two different addressing information sets, each addressing
1. A computer-implemented method comprising: detecting a network attack on one or more computing devices of a content delivery system, wherein the network attack is directed to a combination of addressing information sets including at least two different addressing information sets, each addressing information set, of the at least two addressing information sets, used by the one or more computing devices to provide access to multiple different sets of content from a plurality of sets of content made available on the content delivery system;identifying a first set of content, from the plurality of sets of contents, as a target of the network attack based at least partly on the combination of addressing information sets to which the attack is directed; andmitigating the network attack based at least in part on redirecting requests to access the first set of content to one or more alternative computing devices on the content delivery system. 2. The computer-implemented method of claim 1, wherein an addressing information set comprises at least one of a network address, a port number, or a protocol. 3. The computer-implemented method of claim 1, wherein redirecting requests to access the first set of content to one or more alternative computing devices on the content delivery system comprises transmitting instructions to a resolution server of the content delivery system to provide, in response to requests to resolve an identifier of the first set of content, a second combination of addressing information sets associated with one or more alternative computing devices on the content delivery system. 4. The computer-implemented method of claim 1, wherein redirecting requests to access the first set of content to one or more alternative computing devices on the content delivery system comprises: transmitting instructions to the one or more computing devices to withdrawal their association with individual addressing information sets of the combination of addressing information sets; andtransmitting instructions to the one or more alternative computing devices to generate an association between the one or more alternative computing devices and the combination of addressing information sets. 5. The computer-implemented method of claim 4, wherein the instructions to the one or more computing devices to withdrawal their association with the combination of addressing information sets comprise instructions for the one or more computing devices to generate a border gateway protocol (“BGP”) packet and transmit the BGP packet to at least one router in communication with the one or more computing devices. 6. The computer-implemented method of claim 1, wherein redirecting requests to access the first set of content to one or more alternative computing devices on the content delivery system comprises instructing the one or more alternative computing devices to discard the requests to access the first set of content. 7. The computer-implemented method of claim 1, wherein the one or more computing devices are included within a point of presence (POP) of the content delivery system. 8. A system comprising: a memory comprising computer-executable instructions; andone or more computing devices configured to execute the computer-executable instructions to: detect a network attack on one or more computing devices of a content delivery system, wherein the network attack is directed to a combination of addressing information sets including at least two different addressing information sets, each addressing information set, of the at least two addressing information sets, used by the one or more computing devices to provide access to multiple different sets of content from a plurality of sets of content made available on the content delivery system;identify a first set of content, from the plurality of sets of contents, as a target of the network attack based at least partly on the combination of addressing information sets to which the attack is directed; andmitigate the network attack based at least in part on redirecting requests to access the first set of content to an alternative location on the content delivery system. 9. The system of claim 8, wherein the one or more computing devices are configured to redirect requests to access the first set of content to one or more alternative computing devices on the content delivery system at least partly by transmitting instructions to a resolution server of the content delivery system to provide, in response to requests to resolve an identifier of the first set of content, a second combination of addressing information sets associated with one or more alternative computing devices on the content delivery system. 10. The system of claim 8, wherein the resolution server is a domain name system (DNS) server. 11. The system of claim 8, wherein the alternative location on the content delivery system corresponds to one or more alternative computing devices, and wherein the one or more computing devices are further configured to generate the instructions to the resolution server, and wherein the instructions request that the resolution server identify the one or more alternative computing devices based at least in part on a characteristic of the one or more alternative computing devices included within the instructions. 12. The system of claim 11, wherein the characteristic of the one or more alternative computing devices includes execution, by the one or more alternative computing devices, of network attack mitigation software. 13. The system of claim 8, wherein the one or more computing devices are configured to redirect requests to access the first set of content to an alternative location on the content delivery system at least partly by transmitting instructions to one or more routing devices, in communication with the content delivery system, to redirect traffic addressed to the combination of addressing information sets from the one or more computing devices to the alternative location on the content delivery system. 14. The system of claim 8, wherein the instructions cause the one or more routing devices to limit traffic addressed to the combination of addressing information sets to less than all physical ports on the one or more routing devices. 15. Non-transitory computer-readable media comprising instructions that, when executed by a computing system, cause the computing system to: detect a network attack on one or more computing devices of a content delivery system, wherein the network attack is directed to a combination of addressing information sets including at least two different addressing information sets, each addressing information set, of the at least two addressing information sets, used by the one or more computing devices to provide access to multiple different sets of content from a plurality of sets of content made available on the content delivery system;identify a first set of content, from the plurality of sets of contents, as a target of the network attack based at least partly on the combination of addressing information sets to which the attack is directed; andmitigate the network attack based at least in part on redirecting requests to access the first set of content to an alternative location on the content delivery system. 16. The non-transitory computer-readable media of claim 15, wherein individual sets of content, within the plurality of sets of content, correspond to at least one of individual domain names, individual web sites, or individual network-accessible services. 17. The non-transitory computer-readable media of claim 15, wherein the instructions cause the computing system to redirect requests to access the first set of content to the alternative location on the content delivery system at least partly by transmitting instructions to a resolution server of the content delivery system to provide, in response to requests to resolve an identifier of the first set of content, a second combination of addressing information sets associated with the alternative location. 18. The non-transitory computer-readable media of claim 15, wherein the instructions cause the computing system to redirect requests to access the first set of content to the alternative location on the content delivery system at least partly by transmitting instructions to one or more routing devices, in communication with the content delivery system, to redirect traffic addressed to the combination of addressing information sets from the one or more computing devices to the alternative location. 19. The non-transitory computer-readable media of claim 18, wherein the instructions to the one or more computing devices to withdrawal their association with the combination of addressing information sets comprise instructions for the one or more computing devices to generate a border gateway protocol (“BGP”) packet and transmit the BGP packet to at least one router in communication with the one or more computing devices. 20. The non-transitory computer-readable media of claim 15, wherein redirecting requests to access the first set of content to the alternative location comprises transmitting instructions to the one or more computing devices to withdrawal their association with the combination of addressing information sets.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.