Method, device and system for testing DDOS (distributed denial of service) attacks

An attack test and technology to be tested, applied in the field of network security, can solve the problems of small product line sampling test, poor customizability, long training period, etc., to achieve the effect of improving accuracy, improving flexibility and reducing costs

Active Publication Date: 2010-06-23
BEIJING BAIDU NETCOM SCI & TECH CO LTD +1
View PDF0 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the existing dedicated network testing products can be used for DDoS attack testing, but these products are based on dedicated software and hardware p

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and system for testing DDOS (distributed denial of service) attacks
  • Method, device and system for testing DDOS (distributed denial of service) attacks
  • Method, device and system for testing DDOS (distributed denial of service) attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The technical solutions of the present invention will be described in further detail below with reference to the accompanying drawings and embodiments.

[0025] figure 1 It is a flowchart of the first embodiment of the DDoS attack testing method of the present invention. Such as figure 1 As shown, this embodiment includes:

[0026] Step 11, modifying the Network Subsystem (Network Subsystem) and the Memory Management Subsystem (Memory Management Subsystem) of the Linux kernel;

[0027] The modification to the network subsystem includes: removing the spin lock (Qdisc) contained in the flow control module in the network subsystem of the Linux kernel; according to the predefined packet format, expanding the kernel packet sender ( pktgen) allows custom packet fields;

[0028] The modification to the memory management subsystem includes: setting the attribute of the packet memory allocation interface function provided by the memory management subsystem of the Linux kerne...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method, a device and a system for testing DDOS (distributed denial of service) attacks. The method comprises the following steps of: modifying the network subsystem and the memory management subsystem of a Linux kernel; invoking a kernel package sending engine in the modified kernel network subsystem to generate massive data packets and sending a generated data packet to a cluster to be tested; wherein the source address of the generated data packet randomly changes in a preset range, and a target address is a service address provided by a cluster to be tested; when receiving a response data packet returned by the cluster to be tested, discarding the response data packet sent by the cluster to be tested; or sending a partial request data packet to the cluster to be tested; or sending a complete request data packet to the cluster to be tested, and when receiving the request/response data packet returned by the cluster to be tested, discarding the request/response data packet. The invention realizes the DDoS attack tests based on the modified Linux kernel without special hardware for design, thereby reducing the cost of DDoS attack test products.

Description

technical field [0001] The present invention relates to network security technology, in particular to a distributed denial-of-service (Distributed Denial-of-Service, DDoS for short) attack testing method, device and system. Background technique [0002] Distributed Denial of Service (Distributed Denial-of-service, DDoS for short) attack has always been a major security threat faced by large websites. In order to improve the performance of defending large websites against DDoS attacks, protection products (or security solutions) against DDoS attacks are emerging rapidly. [0003] Because DDos attacks have some characteristics that ordinary Deny of Service (DoS) attacks do not have, such as: the dispersion of attack source IP addresses, the diversity of TCP / IP parameters, etc., as well as packet loss and delay in real environments And other reasons, making it difficult to accurately evaluate the actual protection effectiveness and protection limit performance of protection pr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L9/36H04L12/56H04L29/06
Inventor 刘颖齐路李闻田燕杨毅唐会军林晓东刘拴林
Owner BEIJING BAIDU NETCOM SCI & TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap