The present invention relates generally to data networks, and more particularly to filtering unwanted data traffic to a specific customer.
The open access architecture of the Internet provides a high degree of utility for a user to communicate with other users and to access applications on a vast array of network servers. As the Internet has grown from a small community of trusted users to an unorganized global population of users, however, the open access architecture has also become a liability. Large streams of unwanted data traffic now routinely degrade both network and user operations. Well known examples of unwanted data traffic range from e-mail spam, which consumes network resources and wastes users' time, to malicious distributed denial-of-service (DDos) attacks, which may effectively shut down network operations, applications servers, and personal computers.
One approach for reducing unwanted data traffic is to compare a specific source of a data traffic stream against a “blacklist” of data traffic sources which historically have been sources of unwanted data traffic. If the specific source is on the blacklist, then data traffic from the specific source may be filtered and blocked. A blacklist may be maintained in the network, in the user system, or in both the network and in the user system. A blacklist, for example, may contain a raw list of the Internet Protocol (IP) addresses of servers which are known sources of unwanted data traffic. There are several major disadvantages of this approach, however. For example, since the number of sources of unwanted data traffic is large and continues to grow, and since IP addresses of servers may be changed, maintaining and updating a blacklist of individual IP addresses may consume considerable network and user resources. The process of checking a specific source against a large blacklist, furthermore, may itself increase response times and degrade network operations and user applications. In addition, a blacklist may not be effective against unwanted data traffic generated by normally benign servers or personal computers whose operations have been seized by malicious software.
From a user's perspective, a filter which removes unwanted data traffic, in principle, should not inadvertently remove wanted data traffic. What constitutes wanted and unwanted data traffic, however, is dependent on a specific user. What are needed are method and apparatus which has the capability of filtering unwanted data traffic from a large-scale network, and, at the same time, may be customized for a specific user.