Method and apparatus for processing network attack
A network attack and processing method technology, which is applied in the field of network attack processing methods and processing devices, can solve the problems of large-scale abnormality of protocol traffic, failure to find attack operators, and inability to provide network attack topology, etc.
Active Publication Date: 2010-09-22
CHENGDU HUAWEI TECH
View PDF4 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0005] The information obtained when the prior art detection method detects a DDOS attack is only an isolated event in the entire DDOS attack, for example, it is either some control packets or attack packets, or the flow of certain protocols of the victim host is large. Anomalies in scale, etc., but in fact these events are closely related, the existing technology does not take these isolated events into consideration, so it cannot provide a complete network attack topology, and cannot find the real attack controller
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0016] Please refer to Table Item 1 for the data structure of the text section of the frequency overrun event:
[0017] Destination IP
[0018] table entry 1
[0019] In table item 1, the packet sending frequency indicates the speed of sending data packets, and the cumulative number indicates the accumulated number of data packets of this type within the aging time.
[0020] See Table Item 2 for the connection exhaustion event body segment data structure:
[0021] Destination IP
[0022] table item 2
[0023] In table item 2, the connection frequency indicates the connection speed between a certain host and the target host, and the accumulated number indicates the accumulated number of connections within the aging time. The communication state described by the connection exhaustion event mainly refers to a host forming a large number of connections to a target host in a short period of time, exceeding the threshold of connection frequency and cumulative n...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The embodiment of the invention discloses a processing method and a processing device of network attack. The method includes: after determining the attacked target, searching the recorded attach accident corresponding to the attacked target to determine the controlled host computer in the attack network; according to the recorded control accident researched by the controlled host computer and corresponding to the controlled host computer, determining the control host computer in the attack network; and determining the detected host computer which has the same communication with a plurality ofcontrol host computers as an attack operator. Correspondingly, the embodiment of the invention further provides a processing device. The technical proposal provided by the embodiment of the inventioncan provide a whole network attack topology and find out the real attack organization controller.
Description
technical field [0001] The present invention relates to the technical field of communications, and in particular to a network attack processing method and processing device. Background technique [0002] DDOS (Distributed Denial of Service, distributed denial of service attack) attack is one of the flood attacks, mainly refers to the attacker using the main control host as a springboard (possibly multi-level and multi-level) to control a large number of infected Hosts form an attack network to carry out large-scale denial of service attacks on victim hosts. This kind of attack can often amplify the attack of a single attacker in a series form, thus causing a significant impact on the victim host and causing serious network congestion. [0003] There are many ways to detect DDOS attacks in the prior art, such as traffic anomaly detection, packet sending frequency detection, characteristic packet detection, and the like. Traffic anomaly detection is mainly based on the princ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/56
CPCH04L63/1458H04L63/1416
Inventor 蒋武
Owner CHENGDU HUAWEI TECH