A method for filtering internet traffic between one or more users and the internet is described herein, the method iterated in a computer system having a processor and an operating system software implemented by the processor and representative of executable code. In the method, website requests are received from one or more client devices of the one or more users, and the requests are compared against one of an internal whitelist of websites built and maintained by one or more external servers on behalf of a consumer organization, and a master whitelist approved and managed by the organization. If the website is on the whitelist, the one or more external servers grant access to the internet traffic so that the client device receives the website URL and content thereof, otherwise access to the requested website is blocked.

A method (100) for preventing malicious network traffic is described, the method including: providing (110), by a key generation appliance, a client key to a client device; receiving (120), by a control appliance, a data packet intended for an application server from the client device; determining (130), by the control appliance, whether the data packet includes the client key; forwarding (140) the data packet, by the control appliance, to the application server in response to a determination that the data packet comprises the client key; and/or blocking (150) the data packet, by the control appliance, in response to a determination that the data packet does not include the client key. Further, an apparatus (360) and a system (300) are provided that are configured to perform the method (100).

A method of delaying computer network clients from sending DNS queries. The method includes receiving a DNS query from a client and consulting a client record in a client record database and/or a flow record in a flow record database storing information about the flow including about one or more previous DNS queries and/or responses in the flow. The method further includes formulating a response to the DNS query as a function of the information about the client and/or the information about the flow, updating the client record with information about the client and/or the flow record with information about the DNS query and the response as formulated, and transmitting the response as formulated to the client. The DNS query includes a question and the response is intentionally defective or incomplete and causes the client to be delayed in sending another DNS query as part of an attack.

A method and apparatus for causing a delay in processing requests for Internet resources received from client devices is described. A server receives from a client device a request for a resource. The server transmits a response to the first client device indicating that access to the resource is temporarily denied. The response includes a cryptographic token associated with the first request and a predetermined period of time during which the first client device is to wait prior to transmitting another request to access the resource. The server receives a second request for the resource, upon determining that the second request includes a valid cryptographic token, the server causes the second request to be processed. The server receives a third request for the resource, and upon determining that the third request does not include a valid cryptographic token, the server blocks the third request.

A method and apparatus for causing a delay in processing requests for Internet resources received from client devices is described. A server receives from a client device a request for a resource. The server transmits a response to the first client device indicating that access to the resource is temporarily denied. The response includes a cryptographic token associated with the first request and a predetermined period of time during which the first client device is to wait prior to transmitting another request to access the resource. The server receives a second request for the resource, upon determining that the second request includes a valid cryptographic token, the server causes the second request to be processed. The server receives a third request for the resource, and upon determining that the third request does not include a valid cryptographic token, the server blocks the third request.

A system and a method are disclosed for identifying network threats based on hierarchical classification. The system receives packet flows from a data network and determines flow features for the received packet flows based on data from the packet flows. The system also classifies each packet flow into a flow class based on flow features of the packet flow. Based on a criterion, the system selects packet flows from the received packet flows and places the selected packet flows into an event set that represents an event on the network. The system determines event set features for the event set based on the flow features of the selected packet flows. The system then classifies the event set into a set class based on the determined event set features. Based on the set class, the computer system may report a threat incident on an internetworking device that originated the selected packet flows.

Methods and systems for an integrated solution to the rate based denial of service attacks targeting the Session Initiation Protocol are provided. According to one embodiment, header, state, rate and content anomalies are prevented and network policy enforcement is provided for session initiation protocol (SIP). A hardware-based apparatus helps identify SIP rate-thresholds through continuous and adaptive learning. The apparatus can determine SIP header and SIP state anomalies and drop packets containing those anomalies. SIP requests and responses are inspected for known malicious contents using a Content Inspection Engine. The apparatus integrates advantageous solutions to prevent anomalous packets and enables a policy based packet filter for SIP.

A method of DDoS and hacking protection for internet-based servers using a private network of internet servers utilizes multiple data streams sent over a network of proxy servers to mitigate malicious attacks and ensure fast connections from a user to a destination server. The destination server is hidden from the user and the redundancy of the proxy network serves to maintain security and connection quality between the user and the destination server.

Techniques are disclosed for processing data packets and implementing policies in a software defined network (SDN) of a virtual computing environment. A plurality of computing nodes are communicatively coupled to network devices. The computing nodes are configured to provide at least one cloud edge processing function. The network devices are configured to enable communications between virtual machines within a virtual network of the virtual computing environment in accordance with associated policies. The network devices and the processing function are disaggregated from dependencies on particular computing nodes that are hosting the virtual machines.

A computing platform may train, using historical node performance information and historical application parameter information, a node selection model, which may configure the model to select nodes for application cloud deployment. The computing platform may receive a request to deploy an application to a cloud network. The computing platform may select a node, of the plurality of nodes of the cloud network, to which the application should be deployed. The computing platform may queue, along with other applications scheduled for deployment to the plurality of nodes, the application for deployment to the node. After identifying that the application is first in the queue, the computing platform may deploy the application to the node of the cloud network, which may create, at the node, a container corresponding to the application.