US Patent 10116692 Scalable DDoS protection of SSL-encrypted services

A system for mitigating network attacks within encrypted network traffic is provided. The system includes a protected network including a plurality of devices. The system further includes attack mitigation devices communicatively coupled to the protected network and to a cloud platform. The attack mitigation devices are configured and operable to decrypt the encrypted traffic received from the cloud platform and destined to the protected network to form a plurality of decrypted network packets and analyze the plurality of decrypted network to detect attacks. The attack mitigation devices are further configured to generate, in response to detecting the attacks, attack signatures corresponding to the detected attacks and configured to send the generated attack signatures to attack mitigation services provided in the cloud platform. The attack mitigation services are configured and operable to drop encrypted network traffic matching the attack signatures received from the attack mitigation devices.