Method and device for preventing denial of service (DoS) attacks

A denial of service attack and purpose technology, which is applied in the network field where the identity mark and the location mark are separated, can solve problems such as excessive load of network equipment and failure to work normally, and achieve the effect of preventing denial of service attacks

Active Publication Date: 2014-04-30
昆山乐凯锦富光电科技有限公司
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0018] The technical problem to be solved by the present invention is to provide a method and device for preventing denial-of-service attacks, and to solve the problem that malicious users frequently send data packets with different destination addresses, causing the network equipment to be overloaded so that it cannot work normally

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for preventing denial of service (DoS) attacks
  • Method and device for preventing denial of service (DoS) attacks
  • Method and device for preventing denial of service (DoS) attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0064] Figure 5 Shown is another network architecture that realizes the separation of identity identifiers and location identifiers. In this architecture, the network is divided into an access network and a backbone network. The access network is located at the edge of the backbone network and is responsible for the access of all terminals. The backbone network is responsible for the routing and forwarding of data packets between terminals accessed through the access network. There is no overlap between the access network and the backbone network in topology.

[0065] There are two types of identifiers in the network of this architecture: Access Identifier (AID: Access Identifier) ​​and Routing Identifier (RID: RoutingIdentifier). Among them, AID is the user identity identification of the terminal, which is used to identify the identity of the terminal user (also referred to as the user for short). The network uniquely assigns an AID to each terminal user. Change; RID is a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A method for preventing denial-of-service (DOS) attacks includes: a user is set as a restricted state if the hit-rate of the user is lower than a hit-rate threshold and / or the non-hit number of the user is higher than a non-hit number threshold; a packet is judged whether it is a non-hit packet, if yes, the state of the user transmitting the packet is queried, and if the user is in the restricted state, then the packet is discarded. An apparatus for preventing denial-of- service attacks is provided by this invention, and the apparatus includes: a user data reception unit, a local mapping list query unit and a first-package attack identification and control unit. It is realized by this invention that the DOS / Distributed-Denial-Of-Service (DDOS) attacks caused by a malicious user transmitting the first-package continually are able to be controlled. The limit of the first-package attack is able to adjusted according to the circumstance of system startup, system over loading, especial users and user logging, et al, thereby it is able to assure that in the above especial scenarios, the first-package attack is avoided in the system and simultaneously the user is able to use the network normally.

Description

technical field [0001] The invention relates to a network in which identity marks and location marks are separated, in particular to a method and device for preventing denial of service attacks in a network in which identity marks and position marks are separated. Background technique [0002] At present, the IP address in the TCP / IP (Transmission Control Protocol / Internet Internet Protocol) protocol widely used on the Internet has dual functions. The identity of the interface. At the beginning of the TCP / IP protocol design, the movement of the host was not considered. However, when the host mobile becomes more and more common, the semantic overload defect of this IP address becomes more and more obvious. When the IP address of the host changes, not only the route will change, but also the identity of the communication terminal host will change, which will lead to an increasingly heavy routing load, and the change of the host identity will lead to interruption of applicati...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1458
Inventor 张世伟符涛何辉
Owner 昆山乐凯锦富光电科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap