Patent Pending Technology


Experience and innovation are key to any successful DDoS mitigation strategy. Black Lotus brings over a decade of experience in the mitigation of advanced and complex zero day DDoS, successfully defeating thousands of attacks each day, largely due to the company's patent pending DDoS mitigation technologies.

Over the years Black Lotus engineers have learned to stay one step ahead of attackers, deploy robust network and security infrastructure, and constantly refine response techniques to ensure customers are not impacted by attacks designed to overwhelm traditional infrastructure. There are a wide variety of DDoS attack types and the tools and resources needed to mitigate them are equally diverse. Black Lotus experts can assist with the identification and assessment of DDoS threats and provide effective solutions at every layer. Below one can find a brief description of the techniques Black Lotus uses to mitigate transport and application layer attacks.

Signatures vs. Heuristics

DDoS attacks on the OSI model To mitigate DDoS attacks system can use signature or heuristic based detection. On the Black Lotus global DDoS mitigation network, this is accomplished by sampling traffic on edge routers to generate sample data called flows which are then sent to an analysis platform. The traffic sample is then evaluated to determine if there is a DDoS attack against the destination IP, and if so traffic to that IP is diverted into one or more scrubbing centers.

Once traffic is in the scrubbing center it can be filtered based on signatures which are predefined traffic patterns which are known to be DDoS attacks, or heuristics which are abnormalities in traffic patterns which may be indicative of a DDoS attack. For traffic which is very obviously malicious, predefined mitigation actions can be taken automatically to cleanly defeat the attack. Unfortunately, not all attacks are easy to detect. While it may be possible to observe that traffic is abnormally high, an attack may be attempting to emulate legitimate traffic to make traditional DDoS mitigation practices seemingly impossible. Black Lotus is able to use the presence of heuristic abnormalities to determine whether to trigger mitigation, using both signatures and heuristics in tandem.

These methods are highly effective when mitigating DDoS attacks against the network transport layer, however new challenges are introduced when mitigating attacks against applications, known as Layer 7 or application layer attacks. Often, attackers will launch both transport and application layer attacks in an attempt to render DDoS mitigation systems ineffective and generally confuse inexperienced engineers. Black Lotus responds to these attacks by isolating application layer attacks and requiring legitimate users to transparently authenticate requests, providing additional precision for HTTP and DNS attacks in particular.

Human Behavior Analysis

Layer 7 DDoS attacks In recent years application layer attacks have become so effective that even the most advanced DDoS mitigation equipment cannot effectively detect and mitigate all threats. This is especially true for HTTP attacks against websites which can often perfectly emulate legitimate traffic, effectively preventing mitigation through network detection methods. In 2009, Black Lotus engineers began observing these types of attacks which prompted the innovation of a technology capable of determining whether each individual request was generated by a true human being.

On April 27, 2012, Black Lotus filed patent US 13/458,129 for Human Behavior Analysis, a system which evaluates application layer DDoS attacks after they have been mitigated by network based DDoS mitigation systems and decides whether each request meets a known valid qualifier, a known malicious qualifier, or needs to be observed for a longer period of time. After a matter of seconds, the system can begin accurately determining whether each request was the result of a human visitor or application layer DDoS attack. Today, Human Behavior Analysis is an integral part of Black Lotus' application layer DDoS mitigation suite, allowing engineers surgical precision in mitigating even the most difficult to detect attacks.