A method and device for defending against ddos ​​attacks directed at multi-service systems

Abstract

The invention aims to provide a method and equipment for defending against a distributed denial of service (DDoS) attack to a multi-service system. The method comprises the following steps of: detecting whether the DDoS attack exists in network access traffic corresponding to the multi-service system according to preset DDoS attack triggering conditions by using network security equipment; when the DDoS attack exists, determining a target service aimed by the DDoS attack according to the DDoS attack triggering conditions corresponding to the DDoS attack; and protecting the network access traffic, corresponding to the target service, in the network access traffic corresponding to the multi-service system according to the service related information of the target service. Compared with the prior art, the invention not only limits the undesirable impact of the DDoS attack on the whole multi-service system, but also effectively supports access requests for other services in the multi-service system by detecting the target service aimed by the DDoS attack and performing corresponding defense processing according to the service related information of the target service, thereby effectively improving the information security capability of the whole multi-service system in defending against the DDoS attack.

Description

Technical field [0001] The present invention relates to the field of network security technology, in particular to a technology for defending against DDoS attacks directed to multi-service systems. Background technique [0002] With the development of Internet technology and popularization of applications, multi-service systems on the network are facing more and more complex network attacks. Among them, DDoS (Distributed Denial of Service) is a more serious network. Attack behavior, which uses a large number of puppet machines to attack a certain system at the same time, making the attacked system unable to support normal business access due to bandwidth congestion or exhaustion of server resources. [0003] In the prior art, multi-service systems often introduce serial or bypass cleaning equipment at the network level to resist DDoS attacks. Although this has improved the ability of the multi-service system to resist DDoS attacks to a certain extent, there are also problems that ...

AI Technical Summary

Problems solved by technology

Although this improves the anti-DDoS attack capability of the multi-service system to a certain extent, there is also the problem that the normal service of the entire multi-service system is affected due to the DDoS attack of individual services, for example, when a certain service is attacked by DDoS , all access requests directed to the multi-service system, including DDoS attack behavior and access requests for other services in the multi-service system, are often drawn to the cleaning device for cleaning, thus affecting the business system’s ability to respond to these other services. Responses to access requests

Images