Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Large-scale DDoS (Distributed Denial of Service) attack defense system and method based on two-level linkage mechanism

A large-scale, mechanism-based technology, applied in the field of network security, can solve problems such as difficult customer DDoS attack protection, high-level cleaning system deployment, and difficult deployment of protection strategies, so as to reduce deployment costs, improve cleaning accuracy, and improve large-scale DDoS attacks The effect of defense

Active Publication Date: 2013-04-10
CHINA TELECOM CORP LTD
View PDF6 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, since this mechanism is mainly for cleaning at the backbone network level, it is difficult to defend against internal mutual attacks such as the MAN and Internet Data Center (IDC, Internet Data Center). At the same time, due to the high deployment level of the cleaning system, it is difficult to deploy refined protection strategy; the above two factors may cause some attack traffic to avoid the protection system, making it difficult to provide customers with refined DDoS attack protection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Large-scale DDoS (Distributed Denial of Service) attack defense system and method based on two-level linkage mechanism
  • Large-scale DDoS (Distributed Denial of Service) attack defense system and method based on two-level linkage mechanism
  • Large-scale DDoS (Distributed Denial of Service) attack defense system and method based on two-level linkage mechanism

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] The present invention will be described more fully hereinafter with reference to the accompanying drawings, in which exemplary embodiments of the invention are illustrated.

[0028] figure 1 A schematic structural diagram of a large-scale DDoS attack defense system based on a two-level linkage mechanism provided by an embodiment of the present invention is shown.

[0029] Such as figure 1 As shown, the large-scale DDoS attack defense system 100 based on the two-level linkage mechanism includes a traffic monitoring subsystem 102 and a traffic cleaning subsystem 104, wherein

[0030] The traffic monitoring subsystem 102 is used to monitor the traffic of the entire network in real time, and after searching and confirming the DDoS attack behavior, send an alarm message triggering the cleaning operation to the traffic cleaning subsystem, and draw the abnormal traffic of the DDoS attack behavior to the traffic cleaning subsystem. For example, the traffic monitoring subsyst...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses large-scale DDoS (Distributed Denial of Service) attack defense system and method based on a two-level linkage mechanism. The method comprises the following steps of: monitoring the flow of a total network by a flow monitoring subsystem in real time, and searching and confirming a DDoS attack behavior; sending an alarm message for triggering a cleaning operation to a flow cleaning subsystem, and guiding the abnormal flow of the DDoS attach behavior to the flow cleaning subsystem; receiving the abnormal flow guided by the flow monitoring subsystem by the flow cleaning subsystem, cleaning the abnormal flow according to the cleaning operation triggered by the alarm message, (wherein the flow cleaning subsystem adopts the two-level architecture of a backbone network plus a local network defense system, and the two levels of cleaning system work cooperatively and clean synchronously), and injecting the cleaned cleaning flow back to a target customer network. The large-scale DDoS attack defense system and method based on the two-level linkage mechanism solve the problems of cleaning capacity, cleaning precision, and the like existing in the traditional DDoS defense technology; and on the basis of reducing the deployment cost of service scale, the large-scale DDoS attach defense capability of the total network is greatly improved, and the cleaning precision ofthe attack flow is increased.

Description

technical field [0001] The invention relates to the field of network security, in particular to a large-scale DDoS attack defense system and method based on a two-level linkage mechanism. Background technique [0002] With the continuous improvement of the informatization level of various industries, the normal business operations of more and more enterprise users are increasingly dependent on the Internet. At present, due to the deteriorating Internet network security environment, the Internet business of such customers is facing great threats and risks. [0003] Among them, Distributed Denial of Service (DDoS, Distributed Denial of Service) attack is one of the most common and most harmful attack forms existing in the Internet at present. DDoS attack refers to the use of client / server technology to combine multiple computers as an attack platform to launch a DoS attack on one or more targets. DDoS attacks are becoming more and more common attack methods due to their simp...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08
Inventor 汪来富沈军金华敏史国水谭峣仪
Owner CHINA TELECOM CORP LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com