US 12,289,341 B2
Techniques for generating signatures characterizing advanced application layer flood attack tools
Ehud Doron, Moddi'in (IL); Koral Haham, Nahariya (IL); and David Aviv, Tel Aviv (IL)
Assigned to RADWARE LTD., Tel Aviv (IL)
Filed by Radware Ltd., Tel Aviv (IL)
Filed on Feb. 15, 2024, as Appl. No. 18/442,946.
Application 18/442,946 is a continuation of application No. 18/068,239, filed on Dec. 19, 2022, granted, now 11,916,956.
Application 18/068,239 is a continuation of application No. 17/456,329, filed on Nov. 23, 2021, granted, now 11,552,989, issued on Jan. 10, 2023.
Prior Publication US 2024/0244079 A1, Jul. 18, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/1458 (2013.01) [H04L 63/0236 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/20 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A method of characterization of requests using dynamic applicative signatures, comprising:
determining a plurality of different attributes of requests received during an on-going DDoS attack;
clustering at least one attribute of the plurality of different attributes, wherein the clustering is based on values of the plurality of different attributes;
obtaining at least one dynamic applicative signature characterizing operation of an application layer flood attack tool;
matching the cluster of the at least one attribute to each of the at least one obtained dynamic applicative signature; and
causing a mitigation action when there is a match to the at least one obtained dynamic applicative signature.