A Method of Detecting UDP Flood Attack and Defense Based on Binary Tree

Abstract

The present invention relates to the technical field of network security, in particular to a method for judging UDPFlood attack and defense based on binary tree detection, comprising the following steps: 1. Construct a binary tree structure to store and query UDP data packets and related information; 2. UDP Pre-store data packets and related information; 3. Search the binary tree, and compare the information stored in the binary tree with the currently analyzed information to determine whether it is a UDP Flood attack; 4. Call the operating system firewall program to filter and send UDP Flood Host IP, refuses to receive packets. The present invention can achieve the following beneficial effects: the large-scale DDoS-type UDP Flood attack adopts a binary tree-based cycle detection method, pre-stores UDP data packets through the binary tree and searches the binary tree for matching and cycle detection, and the detection is fast, efficient, and highly accurate , has an excellent defensive effect.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method for judging UDP Flood attack and defense based on binary tree detection. Background technique [0002] Denial of service attack (DoS) and distributed denial of service attack (DDoS) are currently commonly used network attack methods. This attack consumes the bandwidth of the attacked network and the service resources of the attacked host by sending a large number of forged service requests, thus making Normal service requests are not responded to. Especially UDP Flood attack, because it has utilized the inherent loophole that UDP protocol (the abbreviation of User Datagram Protocol, User Datagram Protocol) exists, so existing protocol system immunity to this attack is very weak. The current defenses against this attack mainly include disabling or filtering monitoring and response services, disabling or filtering unenabled UDP services, disabling some ports that...

AI Technical Summary

Problems solved by technology

[0002] Denial of service attack (DoS) and distributed denial of service attack (DDoS) are currently commonly used network attack methods. This attack consumes the bandwidth of the attacked network and the service resources of the attacked host by sending a large number of forged service requests, thus making Normal service requests are unresponsive

Especially the UDP Flood attack, because it utilizes the inherent loopholes in the UDP protocol (abbreviation of User Datagram Protocol, User Datagram Protocol), so the existing protocol system is very weak against this attack.

The current defenses against this attack mainly include disabling or filtering monitoring and response services, disabling or filtering unenabled UDP services, disabling some ports that are vulnerable to UDP Flood attacks, filtering UDP fragments, and refusing to accept all UDP datagrams ( In some extreme cases), the establishment of UDP connection rules requires that all UDP packets going to the port must first establish a TCP connection with the TCP port. If the user must provide some external UDP services, then a proxy mechanism needs to be used to protect these services , so that it will not be abused, monitor the user's network to understand which systems are using these services, and monitor signs of abuse. Under certain circumstances, these measures may have a certain effect, but these methods Most of them are very passive, have a narrow defense area, poor defense effect, and may accidentally damage normal services and reduce network transmission efficiency. For example, disabling certain ports will seriously interfere with certain normal UDP services and can only defend against disabled ports. UDP Flood attack; disabling or filtering the response service sometimes seriously reduces the transmission efficiency of the network

In summary, it can be seen that when a large-scale UDP-type DDoS attack occurs, conventional defense methods are basically helpless

Images