Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Distributed denial-of-service attack detection method based on external connection behaviors of Web communication group

A technology of denial of service attack and detection method, applied in the field of network security, can solve the problems of unavoidable impact of basic network bandwidth and difficulty in distinguishing

Inactive Publication Date: 2011-11-09
SHANDONG UNIV
View PDF4 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although application-layer DDoS attacks will increase traffic rapidly, unfortunately, Flash Crowd generated by concentrated access by a large number of users has similar traffic characteristics, and it is difficult to distinguish between the two
At present, researchers have carried out some research on application-layer DDoS attack detection and filtering, but these detection methods are mostly suitable for deployment on the attacked end, and cannot avoid the impact of application-layer DDoS attacks on basic network bandwidth.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Distributed denial-of-service attack detection method based on external connection behaviors of Web communication group
  • Distributed denial-of-service attack detection method based on external connection behaviors of Web communication group
  • Distributed denial-of-service attack detection method based on external connection behaviors of Web communication group

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] Below in conjunction with accompanying drawing and embodiment the present invention will be further described:

[0038] In order to deal with application-layer DDoS attacks more effectively, an application-layer DDoS attack detection method that can be deployed in the backbone network is designed. The application scenarios of this detection method are as follows: figure 1 Shown: Port mirroring is set up on network devices such as router 1 or switch, so that all network packets flowing through the device are copied and sent to the network monitoring front-end processor 2; the front-end processor constructs a Web communication group based on the communication relationship and sends it to the detection Server 3; the server 3 extracts the outreach behavior characteristics of the Web group, detects the deviation of the outreach behavior parameters, judges the application layer DDoS attack, and reports the occurrence of the attack to the network monitoring terminal 4.

[003...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a distributed denial-of-service attack detection method based on the external connection behaviors of a Web communication group. The method comprises the following steps of: 1) setting a port mirror image on network equipment, and copying and transmitting all network messages passing through the equipment to an attach detection front-end processor; 2) extracting the communication group of a given Web server and the external connection behaviors of the communication group, and transmitting the communication group and the external connection behaviors thereof to an attack detection server by using the attack detection front-end processor; 3) counting external connection behavior parameters comprising the number CN_MLN of clients connected with a plurality of external connection nodes and a total client number CN of the Web communication group, and monitoring the offset of ratio of the two parameters by using an improved cumulative sum (CUSUM) algorithm to judge the occurrence of an application layer distributed denial-of-service (DDoS) attack according to the offset by using the attack detection server; and 4) reporting whether the application layer DDoS attack occurs to the given Web server or not to a network monitoring terminal at the end of each time period.

Description

technical field [0001] The invention relates to a network security technology, in particular to a denial of service attack detection method based on the outreach behavior of a Web communication group. Background technique [0002] Web service is the most widely used application type in the Internet. However, due to its important social and commercial value, Web server has also become the most important attack target in the Internet. Denial-of-Service attack (Distributed Denial-of-Service attack, DDoS) is one of the most important threats faced by web servers. DDoS attack means that attackers use puppet hosts to consume the computing resources of the target and prevent the target from providing legitimate users with Serve. Consumable computing resources can be CPU, memory, bandwidth, database server, etc. In recent years, DDoS attacks have emerged one after another [1-5]. Amazon, eBay, Yahoo, Sina, Baidu and other well-known domestic and foreign websites have been attacked ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L29/06H04L29/08
Inventor 王风宇郭山清林丰波龚斌胡毅
Owner SHANDONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com