Unlock instant, AI-driven research and patent intelligence for your innovation.

Flow detection method and equipment in unidirectional flow detection mode

A technology for detecting equipment and detection modes, which is applied in the field of communication, can solve problems such as DDoS attacks, difficulty in effective identification, and normal application impact, and achieve the effect of improving the effect, low cost, and simple implementation

Active Publication Date: 2013-06-05
NEW H3C TECH CO LTD
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, when the attack source IP is legal, this detection mechanism is difficult to work
[0013] An attacker can initiate a connection request to a protected Hypertext Transfer Protocol (HyperText Transfer Protocol, HTTP) server through a legal source IP, and recursively obtain all image or page resources on the HTTP server at a lower rate. Specifically, It can be easily implemented by writing page scripts, which may lead to a decrease in server processing performance, and cannot normally process legitimate user connection requests, resulting in DDoS attacks
[0014] It is difficult to effectively identify the above attack methods in a one-way flow environment. At this time, if the threshold packet loss is simply performed by limiting the flow rate and other methods, it will easily affect normal applications on the one hand, and may cause did not achieve the expected preventive effect

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Flow detection method and equipment in unidirectional flow detection mode
  • Flow detection method and equipment in unidirectional flow detection mode
  • Flow detection method and equipment in unidirectional flow detection mode

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0059] In actual application scenarios, the TCP protocol works at the transport layer of OSI and is a reliable connection-oriented data flow protocol. The reason why TCP is reliable is that it guarantees the order of transmitting data packets, and the order is determined by a Serial number and confirmation number to guarantee.

[0060] Both the serial number and the confirmation number are 32-bit unsigned integers, which can represent the range of 0-4G (232) bytes. Among them, the serial number indicates the serial number of the first byte of the data part, and the confirmation number indicates the serial number of the next byte that the recipient of the datagram expects the other party to send. Based on this setting, it can be confirmed that the serial number is less than The data of the acknowledgment number has been received correctly.

[0061] The present invention proposes a traffic detection method in a unidirectional flow detection mode based on such a sequence number ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a flow detection method and equipment in the unidirectional flow detection mode. The bidirectional flow can be detected under unidirectional flow environment according to the message sequence number and the acknowledgment number in the unidirectional flow, thereby providing analysis basis for effectively identifying attack occurrence under unidirectional flow environment. The technical scheme has simple implementation method and low cost, has no need for changing network topology and better improves the effect of preventing DDoS attack under unidirectional flow environment.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a flow detection method and equipment in a unidirectional flow detection mode. Background technique [0002] Distributed denial of service attack (Distribution Denial of Service, DDoS) generally has the characteristics of large attack traffic, many attack sources, difficult to filter, difficult to distinguish the true and false attack source IP, and concealment of attacker's indirect attack identity. [0003] Currently, there are two common attack detection modes: unidirectional flow detection and bidirectional flow detection. [0004] Unidirectional flow detection only detects the traffic whose destination IP address is the protected IP, and does not detect the traffic sent by the protected IP. But because this mode can only see the flow in one direction, it is difficult to judge whether there is an attack in some cases. [0005] Bi-directional flow detection detects bo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/26
Inventor 陈光辉杨宏会
Owner NEW H3C TECH CO LTD