Arbor Networks is a software company founded in 2000 and based in Burlington, Massachusetts, United States, which sells network security and network monitoring software, used – according to the company's claims – by over 90% of all Internet service providers. The company's products are used to protect networks from denial-of-service attacks, botnets, computer worms, and efforts to disable network routers. Wikipedia.
Arbor Networks | Date: 2016-01-14
A network agent includes an ingress port in data communication with a network traffic source for receiving network traffic entering a network and an egress port in data communication with the ingress port and a protection device included in the network. The egress port is configured to transmit network traffic received from the ingress port to a network device included in the network. A processing device receives from a protection device included in the network blacklist addresses determined by the protection device to be a threat to the network, and maintains a blacklist that includes the received blacklist addresses. A physical layer device compares the network layer source address of a packet of the network traffic received by the ingress port to the blacklist and forwards the packet to the egress port only if the packets source address is not included in the blacklist.
Arbor Networks | Date: 2015-12-28
A system for mitigating network attacks is provided. The system includes a protected network including a plurality of devices. The system further includes one or more attack mitigation devices communicatively coupled to the protected network. The attack mitigation devices are configured and operable to employ a recurrent neural network (RNN) to obtain probability information related to a request stream. The request stream may include a plurality of at least one of: HTTP, RTSP and/or DNS messages. The attack mitigation devices are further configured to analyze the obtained probability information to detect one or more atypical requests in the request stream. The attack mitigation services are also configured and operable to perform, in response to detecting one or more atypical requests, mitigation actions on the one or more atypical requests in order to block an attack.
Arbor Networks | Date: 2015-09-04
A system for mitigating network attacks within encrypted network traffic is provided. The system includes a protected network including a plurality of devices. The system further includes attack mitigation devices communicatively coupled to the protected network and to a cloud platform. The attack mitigation devices are configured and operable to decrypt the encrypted traffic received from the cloud platform and destined to the protected network to form a plurality of decrypted network packets and analyze the plurality of decrypted network to detect attacks. The attack mitigation devices are further configured to generate, in response to detecting the attacks, attack signatures corresponding to the detected attacks and configured to send the generated attack signatures to attack mitigation services provided in the cloud platform. The attack mitigation services are configured and operable to drop encrypted network traffic matching the attack signatures received from the attack mitigation devices.
Arbor Networks | Date: 2015-12-18
A method and computer system are provided. A processing device of the computer system is configured to execute a browser function. The browser function is configured to access an information resource having a data element that is associated with an attribute that includes information. The browser function is further configured to display the information resource in a display portion of a display screen of the processing device. The data element is associated with an area positioned at a location of the displayed information resource, wherein the area is designated for displaying the data element. The browser function is further configured to display the attributes information in the area associated with the data element in response to a first user action.
Arbor Networks | Date: 2015-06-11
A method for automatically detecting and configuring Virtual Private Network (VPN) sites is provided. A Border Gateway Protocol (BGP) message is received from a Provider Edge (PE) router. The BGP message includes one or more attributes. The VPN site is identified based on the one or more attributes. Such attributes may include extended community attributes.
Arbor Networks | Date: 2015-04-28
A computer system and method for monitoring traffic for determining denial of service attacks in a network. Data packets are monitored which are attempting to access one or more server devices in a protected network. A Transport Control Protocol (TCP) window advertisement value is determined for the data packets. If a detected TCP window advertisement value for monitored packets is determined less than a TCP window advertisement threshold value then a determination is made as to whether the data rate for the packets is less than a data rate threshold value. The monitored packets are determined malicious if the detected window advertisement value is less than the TCP window advertisement threshold value and the determined data rate is less than the data rate threshold value.
Arbor Networks | Date: 2015-03-31
A computer-implemented system and method for mitigating against denial of service attacks. The system includes a network having a plurality of programmable network switches and a mitigation device connected to one or more of the network switches. The mitigation device includes logic integrated with and/or executable by a processor. The logic being adapted to monitor network traffic from one or more of the network switches and determine network policies to provide protection against denial of service attacks. The mitigation device is configured and adapted to send a software-defined networking (SDN) protocol signal to the one or more of the network switches to program the one or more of the switches to match and drop attacker data traffic contingent upon the determined network policies.
Arbor Networks | Date: 2014-08-26
A method for monitoring control traffic in a network is provided. A network monitoring probe passively monitors one or more network performance metrics related to control traffic. A plurality of threshold values associated with the one or more network performance metrics is received from a user. An alert notification message is sent to the user via an alert engine, in response to determining that at least one of the plurality of threshold values has been reached by the control traffic.
Arbor Networks | Date: 2015-05-12
A system and method for providing redundancy with remote scrubbing center devices. The system includes an edge detection device and a plurality of scrubbing center devices in a telecommunications network for providing redundant scrubbing center functionality for the edge detection device. The edge detection device maintains a network connection with more than one of the plurality of scrubbing center devices whereby each of the more than one of the plurality of scrubbing center devices sends and receives a synchronization signal with each of the one or more edge detection devices as if it was the only remote scrubbing center device coupled to the edge detection device.
Arbor Networks | Date: 2014-11-07
A method for network traffic characterization is provided. Flow data records are acquired associated with a security alert signature. Unidimensional traffic clusters are generated based on the acquired data. A Bloom filter is populated with the acquired flow data records. Clusters of interest are identified from the generated unidimensional traffic clusters. The identified clusters of interest are compressed into a compressed set. A determination is made whether a multidimensional processing of the acquired flow data needs to be performed based on a priority associated with the alert signature. A multidimensional lattice corresponding to the unidimensional traffic clusters is generated. The multidimensional lattice is traversed and for each multidimensional node under consideration a determination is made if the Bloom filter contains flow records matching the multidimensional node under consideration. A determination is made if the unidimensional node corresponding to the multidimentional node is included in the compressed set of unidimensional nodes.