Patent attributes
A computer method and system for mitigating a Session Level Attack (SLA) upon one or more internet hosted sought user accounts. A login request for a sought user account is received and Layer 3 information regarding the login request is utilized to determine existence of a SLA threat. One or more mitigations actions is performed on the login request to determine if a SLA threat exists based upon the utilization of Layer 3 information. Next, Layer 7 information regarding the login request is utilized to determine existence of a SLA threat wherein the Layer 7 information is only utilized to determine the existence of a SLA threat when no SLA threat was determined through utilization of the Layer 3 information. One or more mitigations actions is performed on the HTTP login request if the existence of a SLA threat exists based upon the utilization of the Layer 7 information.
