Abstract: Disclosed are a system, method, and computer readable storage medium having instructions for applying a plurality of interconnected filters to protect a computing device from a DDoS attack. The method includes, responsive to detecting the computing device is subject to the DDoS attack, intercepting data from a network node to the computing device, determining data transmission parameters, assigning an initial danger rating to the network node, identifying a subset of the plurality of the interconnected filters which are concurrently triggered, changing the danger rating of the network node based on an application of the subset of the plurality of interconnected filters that are triggered and the data transmission parameters, and responsive to determining that the danger rating of the network node exceeds a threshold value, limiting a transmittal of data from the network node to the computing device by limiting channel capacity between the network node and the computing device.

Abstract: Disclosed are a system, method, and computer readable storage medium having instructions for applying a plurality of interconnected filters to protect a computing device from a DDoS attack. The method includes, responsive to detecting the computing device is subject to the DDoS attack, intercepting data from a network node to the computing device, determining data transmission parameters, assigning an initial danger rating to the network node, identifying a subset of the plurality of the interconnected filters which are concurrently triggered, changing the danger rating of the network node based on an application of the subset of the plurality of interconnected filters that are triggered and the data transmission parameters, and responsive to determining that the danger rating of the network node exceeds a threshold value, limiting a transmittal of data from the network node to the computing device by limiting channel capacity between the network node and the computing device.

Abstract: Disclosed are a system, a method, and computer readable storage medium having instructions for filtering network traffic to protect a server from a distributed denial-of-service (DDoS) attack. The described technique includes intercepting data from a network node to the computing device responsive to detecting a computing device is subject to a DDoS attack. The technique further includes determining one or more data transmission parameters based on the intercepted data, assigning a danger rating to the network node, and changing the danger rating of the network node based on application of a filter and on the data transmission parameters. The described technique limits a transmittal of data from the network node to the computing device if the resultant danger rating of the network node exceeds a threshold value.

Abstract: Disclosed are a system, a method, and computer readable storage medium having instructions for filtering network traffic to protect a server from a distributed denial-of-service (DDoS) attack. The described technique includes intercepting data from a network node to the computing device responsive to detecting a computing device is subject to a DDoS attack. The technique further includes determining one or more data transmission parameters based on the intercepted data, assigning a danger rating to the network node, and changing the danger rating of the network node based on application of a filter and on the data transmission parameters. The described technique limits a transmittal of data from the network node to the computing device if the resultant danger rating of the network node exceeds a threshold value.

Abstract: Disclosed are systems, methods and computer program products for detection of network attacks on a protected computer. In one example, the system comprises a proxy device configured to redirect and mirror traffic directed to the protected computer; a traffic sensor configured to collect statistical information about the mirrored traffic; a data collector configured to aggregate information collected by the traffic sensor and to generate traffic filtering rules based on the aggregated statistical information; a filtering center configured to, in parallel with collection of statistical information, filter redirected traffic based on the traffic filtering rules provided by the data collector.

Abstract: Disclosed are systems, methods and computer program products for reduction of false positives during detection of network attacks on a protected computer. In one example, the system comprises a proxy device configured to redirect and mirror traffic directed to the protected computer; a traffic sensor configured to collect statistical information about the mirrored traffic; a data collector configured to aggregate information collected by the traffic sensor and to generate traffic filtering rules based on the aggregated statistical information; a filtering center configured to, in parallel with collection of statistical information, filter redirected traffic based on the traffic filtering rules provided by the data collector; and a control module configured to collect and store statistical information about known network attacks and to correct traffic filtering rules used by the filtering center for purpose of reducing false positives during detection of network attacks on the protected computer.