Provided is a method for defending a DoS attack using a firewall of a vehicle network according to an embodiment of the present invention. The method includes: defining a rule according to an attack pattern checked in an application layer and generating a DoS attack rule based on the rule; checking that a packet is received and determining whether the DoS attack rule is activated; checking whether the packet matches the DoS attack rule when the DoS attack rule is activated; and transmitting the packet to a user space when the packet does not match the DoS attack rule. According to the present invention, at least one of an autonomous vehicle, a user terminal, and a server may be linked with an artificial intelligence module, a drone (unmanned aerial vehicle (UAV)), a robot, an augmented reality (AR) device, a virtual reality (VR) device, devices related to 5G services and the like.

Aspects of the present disclosure involve systems, methods, computer program products, and the like, for an orchestrator device associated with a scrubbing environment of a telecommunications network that receives one or more announced routing protocol advertisements from a customer device under an attack. In response to receiving the announcement, the orchestrator may configure one or more scrubbing devices of the network to begin providing the scrubbing service to packets matching the received routing announcement. A scrubbing service state for the customer may also be obtained or determined by the orchestrator. With the received route announcement and the customer profile and state information, the orchestrator may provide instructions to configure the scrubbing devices of the network based on the received information to dynamically automate scrubbing techniques without the need for a network administrator to manually configure the scrubbing environment or devices.

Malicious attacks by certain devices against a radio access network (RAN) can be detected and mitigated, while allowing communication of priority messages. A security management component (SMC) can determine whether a malicious attack against the RAN is occurring based on a defined baseline that indicates whether a malicious attack is occurring. The defined baseline is determined based on respective characteristics associated with respective devices that are determined based on analysis of information relating to the devices. In response to determining there is a malicious attack, SMC determines whether to block connections of devices to the RAN based on respective priority levels associated with respective messages being communicated by the devices. SMC blocks connections of devices communicating messages associated with priority levels that do not satisfy a defined threshold priority level, while managing communication connections to allow messages satisfying the defined threshold priority level to be communicated via the RAN.

Techniques for detecting and mitigating Denial of Service (DoS) attacks in distributed networking environment are disclosed. In certain embodiments, a DoS detection and mitigation system is disclosed that automatically monitors and analyzes network traffic data in a distributed networking environment using a set of pre-defined threshold criteria. The system includes capabilities for automatically invoking various mitigation techniques that take actions on malicious traffic based on the analysis and the pre-defined threshold criteria. The system includes capabilities for automatically detecting and mitigating outbound DoS attacks by analyzing network traffic data originating from an entity within the network to a public network (e.g., the Internet) outside the network as well as detect and mitigate east-west DoS attacks by analyzing network traffic data originating from a first entity located in a first data center of the network to a second entity located in a second data center of the network.

A server receives internet traffic from a client device. The server is one of multiple servers of a distributed cloud computing network which are each associated with a set of server identity(ies) including a server/data center certification identity. The server processes, at layer 3, the internet traffic including participating in a layer 3 DDoS protection service. If the traffic is not dropped by the layer 3 DDoS protection service, further processing is performed. The server determines whether it is permitted to process the traffic at layers 5-7 including whether it is associated with a server/data center certification identity that meets a selected criteria for the destination of the internet traffic. If the server does not meet the criteria, it transmits the traffic to another one of the multiple servers for processing the traffic at layers 5-7.

This disclosure describes techniques that facilitate dynamic filtering and blocking of Denial of Service (DoS) Internet Protocol (IP) attacks via a Real-time Filtering policy (RFP) Server. The RFP server may transmit an anti-attack packet towards a source IP address that has been identified as initiating a DoS IP attack. The anti-attack packet may include an Explicit Congestion Notification (ECN) value that echoes congestion to the source IP address, thereby alerting the source IP address that the RFP server is aware of the intended DoS IP attack. Further, the RFP server may generate, modify, and share filter criteria with one or more MGM node(s) of a multicast network, thereby improving DoS IP attack detection capabilities across the multicast network. Filter criteria may include, but is not limited to, source IP address, destination IP address, file size of IP packets, and a frequency by which IP packets are delivered.

A computer-implemented method for dynamically varying web application firewall security processes based on cache hit results may include (i) identifying, at a computing device, a request directed to a web application resource protected by the computing device, (ii) determining, in response to identifying the request, whether a response to the request will be served from a cache stored on the computing device, (iii) determining, based at least in part on whether the response to the request will be served from the cache, a level of security processing to apply to the request, and (iv) applying the determined level of security processing to the request. Various other methods, systems, and computer-readable media are also disclosed.

Systems and methods for providing security to an integrated circuit/processor and the processor cores in an endpoint device using a dynamic security architecture environment (DSAE) are disclosed. A security system is configured to provide security to a host endpoint device, the security system comprising: a processing unit including an Operational Processing Unit (OPU), an Input Processing Unit (IPU), and an Execution Processing Unit (EPU); logic modules in communication with the processing unit, the logic modules including an Input System, an Operational System, and an Execution System; and a host interface being configured to enable the Input System, the Operational System, and the Execution System to be coupled for data and control transmissions therebetween and coupled for data and control transmissions between the processing unit and a physical Processor Packing Unit (PPU) including at least one processor core, the PPU being configured to use different processor instruction sets, the Input System, the Operational System, and the Execution System being configured to present a different attack surface at different intervals within a period of time for the PPU, each different attack surface corresponding to the PPU executing a different processor instruction set, the processing unit, the logic modules, and the host interface being integrated together with the PPU on an integrated circuit of the host endpoint device.

A message protection method, user equipment, and a core network device are disclosed. The method includes: sending a request message on which no security protection is performed to the core network device, where the request message includes a first random number; receiving an abnormal response message, where the abnormal response message includes a third random number and a signature; and determining, based on the third random number, the signature, and an obtained credential, whether the abnormal response message is a valid message. According to the message protection method provided in the embodiments of the disclosure, security protection can be performed on a message transmitted before a security context is established between the user equipment and the core network device, so as to improve network communication security.

A method for characterizing application layer denial-of-service (DDoS) attacks comprises generating a plurality of dynamic applicative signatures by analyzing at the application layer application layer requests received during an on-going DDoS attack, a dynamic applicative signature characterizing each received request based on frequent application layer attributes appearing in the received requests, wherein the requests are represented as a set of paraphrases, each paraphrase representing a specific aspect of a request's structure, the frequent application layer attributes being determined based on frequency of paraphrases in the set; characterizing each of the received requests based on one of the dynamic applicative signatures, the characterization providing an indication for each request whether a request is generated by an attack tool executing the on-going DDoS attack; and causing a mitigation action on the received request generated by the attack tool based on the generated dynamic applicative signature.