Method and unit for extracting traffic attack message characteristics on network equipment

A technology for network messages and network equipment, applied in data exchange networks, electrical components, digital transmission systems, etc., can solve problems such as manslaughter, and achieve the effect of ensuring normal passage and accurate filtering

Inactive Publication Date: 2010-02-03
BEIJING VENUS INFORMATION TECH +1
View PDF2 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This traffic attack signature detection method only relies on a single packet field value to describe the traffic attack packet characteristics, which is one-sided. If traffic control is implemented based on this, it may lead to accidental killing

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and unit for extracting traffic attack message characteristics on network equipment
  • Method and unit for extracting traffic attack message characteristics on network equipment
  • Method and unit for extracting traffic attack message characteristics on network equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0053] The technical solution of the present invention will be described in more detail below with reference to the drawings and embodiments.

[0054] The present invention provides a method for extracting characteristics of traffic attack messages on network equipment, including:

[0055] Select the type of network packet that needs to extract packet features as the type of attack traffic;

[0056] Taking the header field of the selected type of message as an item, in the received selected type of network message, find all frequent item sets that meet the minimum support;

[0057] First sort all the found frequent item sets in descending order of arity, and then sort the frequent item sets with the same arity in descending order of support; from the sorted frequent item sets, select a group of items that meet the packet filtering ratio threshold in turn. The minimum set of frequent item sets is the attack message characteristic of the selected type of message.

[0058] Wher...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a unit for extracting traffic attack message characteristics on network equipment. The method comprises the steps of: selecting a network message type which needs to extract message characteristics and is taken as an attack traffic type; taking a header field of a message with the selected type as an item, and finding all frequent item sets which meet the requirement of minimum support in the received network message with the selected type; performing descending sort on all the found frequent item sets according to element numbers, and then performing descending sort on the frequent item sets with the same element number according to the support; and sequentially selecting a group of minimum sets of frequent item sets which meet the requirement of a message filtration proportion threshold value as the attack message characteristics of the message with the selected type from the sorted frequent item sets. The method and the unit overcome the one sidedness of a traffic characteristic extraction method, can accurately filter, avoid error killing, and guarantee the normal pass of valid network traffic.

Description

technical field [0001] The invention relates to security protection of network equipment, in particular to a method and unit for extracting characteristics of traffic attack messages on network equipment. Background technique [0002] The network devices in the network system, such as switches and routers, are common, which are responsible for the forwarding of network packets and are key network devices in the network system. But these devices are often subject to traffic attacks. Denial of Service attack (Denial of Service, referred to as DoS) and distributed denial of service attack (Distributed Denial of Service, referred to as DDoS) are the most common traffic attack techniques. Denial of service attack means that the attacker uses reasonable service requests to occupy too many service resources of the attacked party, so that legitimate users cannot get service responses. Distributed denial of service attack is a group behavior of DoS attacking the same target from mu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/36H04L12/56
Inventor 叶润国周涛孙海波郑曙光邓炜
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap