Method and equipment for detecting network attack

A network attack and device technology, applied in the field of communications, can solve the problems of attacks, fluctuations in access conditions, and false positives in large-traffic access, and achieve the effects of accurate network attacks, reducing false positive rates, and rapid detection.

Inactive Publication Date: 2009-02-18
HUAWEI DIGITAL TECH (CHENGDU) CO LTD
View PDF0 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In the process of realizing the present invention, the inventors have found that there are at least the following problems in the prior art: due to the huge number of network nodes and complex network topology, normal customer access is random, and it is difficult to use only the statistical characteristics of data packets in a certain An abnormal change in time determines that a DDoS Flooding attack has occurred
The methods in the prior art can easily misreport normal network access fluctuations or normal sudden large traffic accesses as DDoS Flooding attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and equipment for detecting network attack
  • Method and equipment for detecting network attack
  • Method and equipment for detecting network attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0023] Embodiment 1 of the present invention provides a method for detecting network attacks, such as figure 2 shown, including the following steps:

[0024] Step S201, receiving a data packet, and obtaining a comparison value of the average distance values ​​at adjacent observation moments of the data packet;

[0025] Step S202, performing cumulative sum (Cumulative Sum, CUSUM) statistics on the comparison value to obtain cumulative sum statistics;

[0026] Ste...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for detecting network attack comprising: receiving a data pack, getting a comparison value of an average distance value at the adjacent observation time of the data pack; accumulating and counting the comparison value, getting a statistics of the cumulative sum; judging the network attack when the statistics of the cumulative sum exceeds the presetting threshold in a presetting observation period. In the invention, the CUSUM algorithm is mainly to accumulate the variable values which are obvious higher than the average level under a normal operation condition, that is to accumulate the differences, thereby the network attack is more accurately detected and the false alarm rate is reduced; simultaneously the algorithm is simple and the network can be quickly detected.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a method and equipment for detecting network attacks. Background technique [0002] The basic principle of DDoS (Distributed Denial of Service, Distributed Denial of Service) flooding attack is that the attacker sends a large number of service requests or a large number of data packets to the victim by launching a huge number of puppet machines, and finally exhausts the victim's host or network resources, so that victims can no longer provide external services, such as figure 1 Shown is the structure diagram of DDoS Flooding attack. Because the attack tool of DDoS Flooding is very simple, and has the characteristics of huge destructiveness and difficulty of detection and defense, which makes DDoS Flooding attack become one of the biggest security threats in today's Internet network. There are many DDoS Flooding detection and defense methods, but the effect is not very go...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/36G06F21/00G06F21/55
Inventor 张烜谷勇浩张振宇张进军
Owner HUAWEI DIGITAL TECH (CHENGDU) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap