| CPC H04L 63/1458 (2013.01) [H04L 45/021 (2013.01); H04L 63/1416 (2013.01)] | 12 Claims |
|
1. A Distributed Denial of Service (DDoS) handling device configured to handle communication directed to a target of a DDoS attack flowing into one of a plurality of gateway devices of an autonomous system that serve as a plurality of connection points to adjacent autonomous systems and correspond to a plurality of mitigating locations for the DDoS attack, respectively, the DDoS handling device comprising:
a load distribution determination unit, including one or more processors, configured to determine whether or not to execute load distribution processing based on an amount of available resources at mitigating locations corresponding to the gateway device of the autonomous system into which the communication directed to the target flows and, if at least one attack has been detected, based further on an amount of the communication directed to the target;
a load distribution processing unit, including one or more processors, configured to select, from among the plurality of mitigating locations, mitigating locations to be used to handle the communication directed to the target to address shortages of resources between mitigating locations for each attack if the load distribution determination unit determines to execute the load distribution processing, wherein selecting the mitigation locations is performed to optimize a combination of (i) a first objective function that minimizes a difference between a maximum value and a minimum value of resource utilization rates at the respective mitigating locations and (ii) a second objective function that minimizes a number of communications directed to the target that is necessary to change from a current communication path; and
an attack handling setting unit, including one or more processors, configured to execute path control such that the communication directed to the target passes through the mitigating locations selected by the load distribution processing unit for each attack.
|