Detection method and device for DDoS attack

A distributed denial and attack detection technology, applied in the network field, can solve problems such as missed detection, achieve the effect of not easy to miss detection and improve efficiency

Inactive Publication Date: 2008-03-26
HUAWEI DIGITAL TECH (CHENGDU) CO LTD +1
View PDF0 Cites 27 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] It can be seen from the above that DDoS attacks can be detected using the above technical solution, but this solution only uses the traffic of multiple links for PCA decomposition. The magnitude of the abnormal traffic, because there are not only abnormal traffic of DDoS attacks on the link, but also other normal traffic, when the abnormal traffic is relatively small, the abnormal traffic will be "submerged" by the normal traffic, so only when Abnormal tra

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method and device for DDoS attack
  • Detection method and device for DDoS attack
  • Detection method and device for DDoS attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0069] Embodiment 1 uses the link signal flow matrix to realize the present invention. In practical application, the embodiment of the present invention can further use the origin-destination (OD: Origin-Destination) flow flow matrix to realize the present invention, and the OD flow is a specific starting point The flow between the destination pair can contain multiple intermediate nodes. In a network with a fixed number of nodes, the number of OD flows is far greater than the number of links, and the traffic on a link often includes multiple OD flows with different starting node pairs. When using the OD flow flow matrix, the above paths are OD flows. Each row of the OD flow flow matrix represents the flow of one OD flow in the network, and the entire flow matrix describes the distribution of network flow among each OD flow. Wherein, the starting point and end point of the OD flow are different according to the specific situation, for example, it can be a link, a router, a ne...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to network technology, discloses a DDoS attack detecting method and a device thereof, wherein the DDoS attack detecting method comprises: acquiring a signal flow matrix which describes a signal flow of a path to a destination node; decomposing the signal flow matrix to acquire an abnormal space flow matrix; according to the abnormal space flow matrix, calculating the average frequency domain correlation coefficient of a path signal flow on a frequency domain; matching the average time domain correlation coefficient with the presetting time domain condition; matching the average frequency domain correlation coefficient with the presetting frequency domain condition; if the average time domain correlation coefficient accords with the presetting time domain condition, and/or the average frequency domain correlation coefficient accords with the presetting frequency domain condition, detecting DDoS attack with a attack destination node. The technical proposal provided by the embodiment of the invention can detect DDoS attack according to abnormal flows of a plurality of paths.

Description

technical field [0001] The invention relates to network technology, in particular to a distributed denial of service (DDoS: Distributed Denial of Service) attack detection method and device. Background technique [0002] A DDoS attack refers to an attacker using multiple hired computers to launch a Denial of Service (DoS: Denial of Service) attack on one or more targets. Using the client / server model, an attacker can multiply the effect of a denial of service attack by using many unwitting computers as attack platforms. Under the attack of high-speed data packets, the key resources of the victim's host, such as bandwidth, buffer, CPU resources, etc., are quickly exhausted, and the victim either crashes, or spends a lot of time processing the attack packets and cannot serve normally. Cause serious economic losses, so effectively detecting and defending against DDoS attacks is an important part of building a secure network. [0003] An existing DDoS attack detection method i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
Inventor 胡光岷罗华杨松姚兴苗张智勇李宗林
Owner HUAWEI DIGITAL TECH (CHENGDU) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap