公开(公告)号：US09633202B2

公开(公告)日：2017-04-25

申请号：US13854594

申请日：2013-04-01

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Robert W. Danford ,  Terry D. Escamilla ,  Kevin D. Himberger ,  Clark D. Jeffries

IPC: G06F15/173 ,  G06F21/55 ,  H04L29/06 ,  G06F11/34

CPC classification number: G06F21/55 ,  G06F11/349 ,  G06F11/3495 ,  G06F2201/81 ,  H04L63/1416 ,  H04L63/1458 ,  H04L2463/141 ,  H04L2463/144 ,  Y02D10/34

Abstract: A method, system, and/or computer program product manages a distributed denial of service attack in a multiprocessor environment. A determination is made of (a) a first upper threshold for a normal number of packets from the multiprocessor environment to multiple destination addresses, (b) a second upper threshold for a normal ratio of the packets from the multiprocessor environment to a single destination address compared to the packets from the multiprocessor environment to the multiple destination addresses, and (c) a third upper threshold for a normal ratio of packets from the multiprocessor environment to a single port at a single destination address compared to packets from the multiprocessor environment to the multiple destination addresses. In response to the first and second thresholds being exceeded, a specific port is monitored to determine if the third upper threshold is being exceeded at that port, thus indicating an apparent distributed denial of service attack.