Abstract: A method and apparatus for processing flow specification (Flowspec) messages to one or more of a plurality of customer networks by a controller device coupled to the plurality of customer networks. Preferably a network controller monitors network traffic flowing through each of the customer networks for detecting a network attack in one of the plurality of customer networks, via monitoring of the network traffic. Upon detection of a network attack, a Flowspec message is generated for the customer network detected to be under network attack wherein the Flowspec message is configured specifically for that customer network. The generated Flowspec message is transmitted to the customer network detected to be under network attack for implementation by the customer network for mitigation of the detected network attack.

Abstract: A computer-implemented method and device for analyzing network packet traffic flow affected by a network security device in a communication network. Received in a network monitoring device is packet traffic flow data from a network security device that filters network traffic based upon prescribed security filter settings. The network monitoring device analyzes the received packet traffic flow data by correlating the received traffic flow data with the security filter settings prescribed in the network security device. Certain statistics are identified regarding the network traffic flow affected by the security filter settings of the network security device based upon the correlating of the received traffic flow data with the security filter settings prescribed in the network security device. A report regarding the identified statistics is preferably sent to a network administrator.

Abstract: A computer-implemented method and device for analyzing network packet traffic flow affected by a network security device in a communication network. Received in a network monitoring device is packet traffic flow data from a network security device that filters network traffic based upon prescribed security filter settings. The network monitoring device analyzes the received packet traffic flow data by correlating the received traffic flow data with the security filter settings prescribed in the network security device. Certain statistics are identified regarding the network traffic flow affected by the security filter settings of the network security device based upon the correlating of the received traffic flow data with the security filter settings prescribed in the network security device. A report regarding the identified statistics is preferably sent to a network administrator.

Abstract: A method to mitigate attack by an upstream service provider using cloud mitigation services. An edge detection device, which located at the subscriber's network edge, is able to communicate information via status messages about attacks to an upstream service provider. The service provider is then able to mitigate attacks based on the status messages. There is a feedback loop whereby the amount of dropped traffic by the service provider is added to the network traffic to keep the mitigation request open and prevent flapping. Likewise, the detection device includes time-to-engage and time-to-disengage timers to further prevent flapping.

Abstract: A node in a communication network determines a data rate capacity of one or more nodes of the communication network and creates a single managed object grouping for each node of the one or more nodes having a same data rate capacity. The node establishes one or more static thresholds for the single managed object grouping based on the data rate capacity. The static thresholds are independent of a baseline condition of detected data rates at each node of the single managed object grouping. The node further detects a current rate of received data at each node of the single managed grouping and triggers at least one alert for each node of the single managed grouping when the current rate of the received data at a particular node exceeds the one or more static thresholds.

Abstract: A node in a communication network determines a data rate capacity of one or more nodes of the communication network and creates a single managed object grouping for each node of the one or more nodes having a same data rate capacity. The node establishes one or more static thresholds for the single managed object grouping based on the data rate capacity. The static thresholds are independent of a baseline condition of detected data rates at each node of the single managed object grouping. The node further detects a current rate of received data at each node of the single managed grouping and triggers at least one alert for each node of the single managed grouping when the current rate of the received data at a particular node exceeds the one or more static thresholds.

Abstract: A method to mitigate attack by an upstream service provider using cloud mitigation services. An edge detection device, which located at the subscriber's network edge, is able to communicate information via status messages about attacks to an upstream service provider. The service provider is then able to mitigate attacks based on the status messages. There is a feedback loop whereby the amount of dropped traffic by the service provider is added to the network traffic to keep the mitigation request open and prevent flapping. Likewise, the detection device includes time-to-engage and time-to-disengage timers to further prevent flapping.