Method, network equipment and network system for defending distributed denial service DDoS attack

A technology of network equipment and network systems, applied in transmission systems, digital transmission systems, secure communication devices, etc., can solve the problems of the characteristics of attacks and the thresholds for judging attacks that are not easy to determine, false positives and false negatives, etc. The effect of effective defense

Active Publication Date: 2009-11-25
HUAWEI TECH CO LTD
View PDF0 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] Since the defense scheme uses independent equipment, it only detects certain characteristics from the network traffic to determine whether there is an attack. However, for different attacked targets, the characteristics of the attack and the threshold for judging the attack are not easy to determine. prone to a certain degree of false positives and false negatives

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, network equipment and network system for defending distributed denial service DDoS attack
  • Method, network equipment and network system for defending distributed denial service DDoS attack
  • Method, network equipment and network system for defending distributed denial service DDoS attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0031] The embodiment of the present invention proposes to install a DDoS attack defense module on the attacked target server, which can detect the running status of the server and / or the network data flow entering the server, and then feed back the detection results to the data flow cleaning equipment. The server-side DDoS attack defense module can be hardware or software, and it can be not limited to network interface layer, kernel-level or application-level software. This module can be an independent software or a part of a security software. It can be from Hardware or software for defense at all levels.

[0032] The running state of the server may be the running load of the central processing unit, the memory, network traffic, and the like.

[0033] like figure 1 As shown, the network system of this embodiment includes:

[0034] The attack detection device Detector102 is used to detect the network data flow on the network side; when a DDoS attack against a certain serve...

Embodiment 2

[0052] In this embodiment, there is no need to install an attack detection device Detector on the network side, and only a DDoS attack defense module needs to be installed on the attacked target server.

[0053] like Figure 4 As shown, the network system of this embodiment includes:

[0054] The data flow cleaning device Cleaner402 is used to negotiate with the attack detection device Detector and the server, and clean the network data flow according to the negotiation result;

[0055] At least one server 404 is used to receive and process the network data flow from the network side, which includes: a DDoS attack defense module, which is used to detect the running status of the server and / or network data flow, and feed back the detection result to the data cleaning device; furthermore, the data stream that has been cleaned by the data cleaning device can also be cleaned.

[0056] The data cleaning device Cleaner can be deployed anywhere on the front end of the server. like...

Embodiment 3

[0066] The solution of this embodiment adds a load alarm mechanism on the server, see Image 6 As shown, the DDoS attack defense module may further include:

[0067] The load alarm unit 602 is used to monitor the traffic of the network data stream entering the server, and send an alarm to the data cleaning device when the data stream traffic reaches a preset value, such as a self-defined dangerous level.

[0068] Detecting the traffic entering the server can be realized by detecting the traffic on the network card, which can be divided into levels according to the capacity, and can be linked with the cleaning and filtering intensity of the data cleaning equipment. When the traffic passing through the network card of the server reaches a dangerous level, an alarm is sent to the data cleaning device.

[0069] Through the embodiment of the present invention, the server end can be made to alarm and defend against DDos attacks according to the traffic, thereby improving the securi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses a method for defending distributed denial service DDoS attack, comprising the following steps: detecting the running state of a server at a server terminal or network data flow which enters the server, and judging whether DDoS attack which aims at the server occurs or not; and informing data cleaning equipment of cleaning the network data flow which flows to the server if the DDoS attack which aims at the server occurs. The embodiment of the invention also discloses network equipment and a network system. By the embodiment of the invention, detection and initial defense can be carried out from a target terminal which is attacked, the attack state can be accurately obtained, and information required by defense can be provided, thereby the DDoS attack is effectively defended.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method for preventing distributed blocking service DDoS attacks, network equipment and a network system. Background technique [0002] Distributed denial of service DDoS (Distributed Denial of Service) attacks mainly utilize the basic advantages of the internet protocol and the internet - to transmit data packets from any source to any destination without deviation. There are two types of DDoS attacks: either large data and large traffic to overwhelm network devices and servers, or intentionally create a large number of incomplete requests that cannot be completed to quickly exhaust server resources. [0003] DDoS attack method is a kind of attack method generated on the basis of traditional DoS attack. DDoS attack is to use more puppet machines to attack and attack victims on a much larger scale than before. From a technical point of view, DDoS attacks include threa...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L9/36H04L29/06
CPCH04L63/1458H04L63/0263H04L2463/141
Inventor 李红星
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap