&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12341807.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,341,807 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Packet fingerprinting for enhanced distributed denial of service protection</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Jonathan R. Azaria,  Beit Gamliel (IL); and  Avishay Zawoznik,  Tel-Aviv (IL)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Imperva, Inc.,  San Mateo, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Imperva, Inc.,  San Mateo, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Dec.  17, 2019, as Appl. No. 16/718,059.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2021/0185083 A1, Jun.  17, 2021</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/1458</b></i> (2013.01)&#xa0;[<i><b>H04L 63/0236</b></i> (2013.01); <i><b>H04L 63/1416</b></i> (2013.01)]</td>
            <td class="table_data" align="right"><b>17 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12341807-20250624-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method by one or more network devices implementing a scrubbing center for mitigating distributed denial of service attacks, wherein the scrubbing center is communicatively coupled to a plurality of clients and one or more servers, the method comprising:<div class="claim_text">determining a set of packet fingerprints seen in a set of packets sent between the plurality of clients and the one or more servers;</div>
                <div class="claim_text">assigning a risk value to each packet fingerprint in the set of packet fingerprints based on analyzing historical information regarding previous security decisions made for packets having that packet fingerprint, wherein the previous security decisions were made by one or more security mechanisms separate from the scrubbing center that identify malicious traffic based on analyzing traffic seen by the one or more security mechanisms;</div>
                <div class="claim_text">determining a historical traffic volume distribution of the set of packet fingerprints over a period of time that is longer than a most recent period of time, wherein the historical traffic volume distribution indicates a distribution of traffic volume across the set of packet fingerprints over the period of time;</div>
                <div class="claim_text">detecting an occurrence of a potential distributed denial of service attack based on comparing a current traffic volume distribution of the set of packet fingerprints over the most recent period of time to the historical traffic volume distribution of the set of packet fingerprints over the period of time;</div>
                <div class="claim_text">responsive to detecting the occurrence of a potential distributed denial of service attack, activating a security measure for each of one or more packet fingerprints in the set of packet fingerprints based on the risk value assigned to that packet fingerprint; and</div>
                <div class="claim_text">responsive to detecting the occurrence of the potential distributed denial of service attack, assigning a fixed quota to each of a second one or more packet fingerprints in the set of packet fingerprints based on the historical traffic volume distribution of the set of packet fingerprints and activating a security measure for a given packet fingerprint when a volume of traffic or packet count associated with the given packet fingerprint exceeds the fixed quota assigned to the given packet fingerprint.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>