Patents by Inventor Hemant Kumar Jain
Hemant Kumar Jain has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230007040Abstract: Recommendations are made for granular traffic thresholds for a plurality of DDoS attack mitigation appliances that act as a set appliances. The set of appliances can be those commonly found in highly available networks, active-active or active-passive appliances, disaster recovery data centers, backup appliances, etc.Type: ApplicationFiled: June 30, 2021Publication date: January 5, 2023Inventor: Hemant Kumar Jain
-
Patent number: 11503471Abstract: Systems and methods for inspection of traffic between UE and the core network to mitigate DDoS attacks on mobile networks are provided. According to one embodiment, the method involves parsing SCTP packets and monitoring header anomalies to block anomalous packet floods. According to another embodiment, a memory table maintains requesting S1AP-IDs which have sent certain monitored commands and then blocking those which are sending these messages at abnormally high rates. According to yet another embodiment, a packet classifier parses the GTP-U protocol, unwraps the encapsulated IP packet and then monitors layer 3, 4 and 7 rate-based attacks such as UDP, ICMP, SYN, HTTP GET floods and drops them to protect the targeted Internet server as well as mobile infrastructure (e.g., the MME, the SGW, the PGW, and the PDN) downstream from the DDoS mitigation system.Type: GrantFiled: March 25, 2019Date of Patent: November 15, 2022Assignee: Fortinet, Inc.Inventor: Hemant Kumar Jain
-
Patent number: 11316889Abstract: Methods and systems for a two-stage attribution of application layer DDoS attack are provided. In a first table just a hash index is maintained whereas the second stage table keeps the string parameter corresponding to the application layer attribute under attack. A linked list maintains a plurality of rows if there is hash collision in the first table. The second table is aged out and reported periodically with details of large strings.Type: GrantFiled: May 8, 2018Date of Patent: April 26, 2022Assignee: Fortinet, Inc.Inventor: Hemant Kumar Jain
-
Patent number: 10868828Abstract: Systems and methods for mitigating DDoS attacks utilizing NTP are provided. According to one embodiment, a tracking table is maintained by a network security device protecting a private network. The tracking table contains information regarding NTP requests originated by clients of the private network and observed by the network security device. An NTP request sent from a client to an NTP server external to the private network is intercepted by the network security device. An NTP request flooding attack on the NTP server by the first client is mitigated by the network security device by: (i) determining based on the tracking table whether a prior NTP request directed to the NTP server and for which an NTP response has yet to be received was sent by the client within a predetermined or configurable time period of the NTP request; and (ii) when said determining is affirmative, dropping the NTP request.Type: GrantFiled: March 19, 2018Date of Patent: December 15, 2020Assignee: Fortinet, Inc.Inventor: Hemant Kumar Jain
-
Publication number: 20200314655Abstract: Systems and methods for inspection of traffic between UE and the core network to mitigate DDoS attacks on mobile networks are provided. According to one embodiment, the method involves parsing SCTP packets and monitoring header anomalies to block anomalous packet floods. According to another embodiment, a memory table maintains requesting S1AP-IDs which have sent certain monitored commands and then blocking those which are sending these messages at abnormally high rates. According to yet another embodiment, a packet classifier parses the GTP-U protocol, unwraps the encapsulated IP packet and then monitors layer 3, 4 and 7 rate-based attacks such as UDP, ICMP, SYN, HTTP GET floods and drops them to protect the targeted Internet server as well as mobile infrastructure (e.g., the MME, the SGW, the PGW, and the PDN) downstream from the DDoS mitigation system.Type: ApplicationFiled: March 25, 2019Publication date: October 1, 2020Applicant: Fortinet, Inc.Inventor: Hemant Kumar Jain
-
Publication number: 20190289032Abstract: Systems and methods for mitigating DDoS attacks utilizing NTP are provided. According to one embodiment, a tracking table is maintained by a network security device protecting a private network. The tracking table contains information regarding NTP requests originated by clients of the private network and observed by the network security device. An NTP request sent from a client to an NTP server external to the private network is intercepted by the network security device. An NTP request flooding attack on the NTP server by the first client is mitigated by the network security device by: (i) determining based on the tracking table whether a prior NTP request directed to the NTP server and for which an NTP response has yet to be received was sent by the client within a predetermined or configurable time period of the NTP request; and (ii) when said determining is affirmative, dropping the NTP request.Type: ApplicationFiled: March 19, 2018Publication date: September 19, 2019Applicant: Fortinet, Inc.Inventor: Hemant Kumar Jain
-
Patent number: 10419490Abstract: Methods and systems for a scalable solution to behavioral Distributed Denial of Service (DDoS) attacks targeting a network are provided. According to one embodiment, a method to determine the scaling treatment is provided for various granular layer parameters of the Open System Interconnection (OSI) model for communication systems. A hardware-based apparatus helps identify packet rates and determine packet rate thresholds through continuous and adaptive learning with multiple DDoS attack mitigation components. The system can be scaled up by stacking multiple DDoS attack mitigation components to provide protection against large scale DDoS attacks by distributing load across these stacked components.Type: GrantFiled: June 30, 2017Date of Patent: September 17, 2019Assignee: Fortinet, Inc.Inventor: Hemant Kumar Jain
-
Patent number: 10116703Abstract: Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for controlling multiple distributed denial of service (DDoS) mitigation appliances. A DDoS attack mitigation central controller configures attack mitigation policies for the DDoS attack mitigation appliances. The DDoS attack mitigation policies are sent to the DDoS attack mitigation appliances through a network connecting the DDoS attack mitigation central controller and the DDoS attack mitigation appliances.Type: GrantFiled: May 31, 2017Date of Patent: October 30, 2018Assignee: Fortinet, Inc.Inventor: Hemant Kumar Jain
-
Publication number: 20180262528Abstract: Methods and systems for a two-stage attribution of application layer DDoS attack are provided. In a first table just a hash index is maintained whereas the second stage table keeps the string parameter corresponding to the application layer attribute under attack. A linked list maintains a plurality of rows if there is hash collision in the first table. The second table is aged out and reported periodically with details of large strings.Type: ApplicationFiled: May 8, 2018Publication date: September 13, 2018Applicant: Fortinet, Inc.Inventor: Hemant Kumar Jain
-
Patent number: 10009365Abstract: Methods and systems for an integrated solution to the rate based denial of service attacks targeting the Session Initiation Protocol are provided. According to one embodiment, header, state, rate and content anomalies are prevented and network policy enforcement is provided for session initiation protocol (SIP). A hardware-based apparatus helps identify SIP rate-thresholds through continuous and adaptive learning. The apparatus can determine SIP header and SIP state anomalies and drop packets containing those anomalies. SIP requests and responses are inspected for known malicious contents using a Content Inspection Engine. The apparatus integrates advantageous solutions to prevent anomalous packets and enables a policy based packet filter for SIP.Type: GrantFiled: May 24, 2017Date of Patent: June 26, 2018Assignee: Fortinet, Inc.Inventors: Hemant Kumar Jain, Venkata Yallapragada, Bhavin Shah, Radhika Palepu
-
Patent number: 10009373Abstract: Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for mitigating DDoS attacks. A DDoS attack mitigation appliance of multiple mitigation appliances controlled by a DDoS attack mitigation central controller receives DDoS attack mitigation policies through a network connecting the controller and the mitigation appliance. A DDoS attack is mitigated by the mitigation appliance based on the received mitigation policies. The mitigation policies are generated by the controller based on granular behavioral packet rate thresholds estimated based on granular traffic rate information collected from one or more of the multiple mitigation appliances controlled by the controller.Type: GrantFiled: November 18, 2017Date of Patent: June 26, 2018Assignee: Fortinet, Inc.Inventor: Hemant Kumar Jain
-
Patent number: 9973528Abstract: Methods and systems for a two-stage attribution of application layer DDoS attack are provided. In a first table just a hash index is maintained whereas the second stage table keeps the string parameter corresponding to the application layer attribute under attack. A linked list maintains a plurality of rows if there is hash collision in the first table. The second table is aged out and reported periodically with details of large strings.Type: GrantFiled: December 21, 2015Date of Patent: May 15, 2018Assignee: Fortinet, Inc.Inventor: Hemant Kumar Jain
-
Patent number: 9935974Abstract: Methods and systems for an integrated solution to flow collection for determination of rate-based DoS attacks targeting ISP infrastructure are provided. According to one embodiment, a method of mitigating DDoS attacks is provided. Information regarding at least one destination within a network for which a distributed denial of service (DDoS) attack status is to be monitored is received by a DDoS attack detection module coupled with a flow controller via a bus. The DDoS attack status is determined for the at least one destination based on the information regarding the at least one destination. When a DDoS attack is detected the flow controller is notified of the DDoS attack status for the at least one destination by the DDoS attack detection module. Responsive thereto, the flow controller directs a route reflector to divert traffic destined for the at least one destination to a DDoS attack mitigation appliance within the network.Type: GrantFiled: February 28, 2016Date of Patent: April 3, 2018Assignee: Fortinet, Inc.Inventor: Hemant Kumar Jain
-
Publication number: 20180091548Abstract: Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for mitigating DDoS attacks. A DDoS attack mitigation appliance of multiple mitigation appliances controlled by a DDoS attack mitigation central controller receives DDoS attack mitigation policies through a network connecting the controller and the mitigation appliance. A DDoS attack is mitigated by the mitigation appliance based on the received mitigation policies. The mitigation policies are generated by the controller based on granular behavioral packet rate thresholds estimated based on granular traffic rate information collected from one or more of the multiple mitigation appliances controlled by the controller.Type: ApplicationFiled: November 18, 2017Publication date: March 29, 2018Applicant: Fortinet, Inc.Inventor: Hemant Kumar Jain
-
Patent number: 9825990Abstract: Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for mitigating DDoS attacks. A DDoS attack mitigation appliance of multiple mitigation appliances controlled by a DDoS attack mitigation central controller receives DDoS attack mitigation policies through a network connecting the controller and the mitigation appliance. A DDoS attack is mitigated by the mitigation appliance based on the received mitigation policies. The mitigation policies are generated by the controller based on granular behavioral packet rate thresholds estimated based on granular traffic rate information collected from one or more of the multiple mitigation appliances controlled by the controller.Type: GrantFiled: May 31, 2017Date of Patent: November 21, 2017Assignee: Fortinet, Inc.Inventor: Hemant Kumar Jain
-
Publication number: 20170302698Abstract: Methods and systems for a scalable solution to behavioral Distributed Denial of Service (DDoS) attacks targeting a network are provided. According to one embodiment, a method to determine the scaling treatment is provided for various granular layer parameters of the Open System Interconnection (OSI) model for communication systems. A hardware-based apparatus helps identify packet rates and determine packet rate thresholds through continuous and adaptive learning with multiple DDoS attack mitigation components. The system can be scaled up by stacking multiple DDoS attack mitigation components to provide protection against large scale DDoS attacks by distributing load across these stacked components.Type: ApplicationFiled: June 30, 2017Publication date: October 19, 2017Applicant: Fortinet, Inc.Inventor: Hemant Kumar Jain
-
Publication number: 20170264638Abstract: Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for mitigating DDoS attacks. A DDoS attack mitigation appliance of multiple mitigation appliances controlled by a DDoS attack mitigation central controller receives DDoS attack mitigation policies through a network connecting the controller and the mitigation appliance. A DDoS attack is mitigated by the mitigation appliance based on the received mitigation policies. The mitigation policies are generated by the controller based on granular behavioral packet rate thresholds estimated based on granular traffic rate information collected from one or more of the multiple mitigation appliances controlled by the controller.Type: ApplicationFiled: May 31, 2017Publication date: September 14, 2017Applicant: Fortinet, Inc.Inventor: Hemant Kumar Jain
-
Publication number: 20170264646Abstract: Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for controlling multiple distributed denial of service (DDoS) mitigation appliances. A DDoS attack mitigation central controller configures attack mitigation policies for the DDoS attack mitigation appliances. The DDoS attack mitigation policies are sent to the DDoS attack mitigation appliances through a network connecting the DDoS attack mitigation central controller and the DDoS attack mitigation appliances.Type: ApplicationFiled: May 31, 2017Publication date: September 14, 2017Applicant: Fortinet, Inc.Inventor: Hemant Kumar Jain
-
Publication number: 20170257348Abstract: Methods and systems for an integrated solution to the rate based denial of service attacks targeting the Session Initiation Protocol are provided. According to one embodiment, header, state, rate and content anomalies are prevented and network policy enforcement is provided for session initiation protocol (SIP). A hardware-based apparatus helps identify SIP rate-thresholds through continuous and adaptive learning. The apparatus can determine SIP header and SIP state anomalies and drop packets containing those anomalies. SIP requests and responses are inspected for known malicious contents using a Content Inspection Engine. The apparatus integrates advantageous solutions to prevent anomalous packets and enables a policy based packet filter for SIP.Type: ApplicationFiled: May 24, 2017Publication date: September 7, 2017Applicant: Fortinet, Inc.Inventors: Hemant Kumar Jain, Venkata Yallapragada, Bhavin Shah, Radhika Palepu
-
Patent number: 9742800Abstract: Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for mitigating DDoS attacks. A DDoS attack mitigation appliance of multiple mitigation appliances controlled by a DDoS attack mitigation central controller receives DDoS attack mitigation policies through a network connecting the controller and the mitigation appliance. A DDoS attack is mitigated by the mitigation appliance based on the received mitigation policies. The mitigation policies are generated by the controller based on granular behavioral packet rate thresholds estimated based on granular traffic rate information collected from one or more of the multiple mitigation appliances controlled by the controller.Type: GrantFiled: December 31, 2016Date of Patent: August 22, 2017Assignee: Fortinet, Inc.Inventor: Hemant Kumar Jain