Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

DoS (Denial of Service) attack defense method based on identity and location separation-and-mapping mechanism

A mapping mechanism and identity technology, applied in the field of network security, can solve the problems that StopIt cannot provide, the terminal cannot provide permission or denial capability, and the integration of StopIt and identity and location separation network system is poor.

Active Publication Date: 2012-05-09
北京地平线轨道技术有限公司
View PDF3 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

When dealing with large-scale DoS attacks, routers need to maintain a huge number of filtering rules, and a large number of complex filtering rules may seriously affect the packet processing speed of the router
[0013] 2) The StopIt system only allows the terminal to send a request to prevent malicious attacks when it is under attack, and cannot provide the terminal with the ability to allow or deny when the communication connection is established
[0014] 3) StopIt is poorly integrated with the identity and location separation network system
[0015] 4) StopIt does not have the function of storing terminal policies
When the terminal needs to maintain a certain policy state for a long time, such as denying or allowing some communication data, StopIt cannot provide this support

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DoS (Denial of Service) attack defense method based on identity and location separation-and-mapping mechanism
  • DoS (Denial of Service) attack defense method based on identity and location separation-and-mapping mechanism
  • DoS (Denial of Service) attack defense method based on identity and location separation-and-mapping mechanism

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0055] In recent years, the number of Internet users has become unprecedentedly large. Various services are carried out on the Internet, including mobility, multi-home, and traffic engineering (Traffic Engineering), which causes a huge increase in the scale of the global routing table and instability. The Internet Architecture Board (IAB) revealed that Internet routing systems face serious scalability problems. With the exhaustion of IPv4 addresses and the gradual application of IPv6, the huge address space of IPv6 may exceed the processing capacity of the routing table, affecting the normal operation of the Internet.

[0056] Therefore, the IAB commissioned the Routing Research Group (RRG) of the Internet Research Task Force (IRTF) to design a new network system to solve the problem of routing scalability. At present, researchers have proposed a variety of network architecture solutions to solve the problem of routing scalability.

[0057] In traditional networks, IP addres...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a DoS (Denial of Service) attack defense method based on an identity and location separation-and-mapping mechanism. The DoS attack defense method comprises the following steps: on the basis of a mapping system of an identity and location separation network architecture, an additional communication status flag is added to mapping information in an xTR mapping cache; a proxy server integrates the communication status flag with the mapping system of the identity and location separation network architecture, and the communication status flag of the mapping information in the xTR mapping cache is obtained by inquiring the proxy server, wherein, the proxy server collects and maintains the communication status of a terminal and responds to inquiry of the xTR communication status by inquiring the terminal within the management range of the proxy server; when the terminal finds to be vulnerable to malicious attack, the terminal requires to stop transmission of attack data stream; and when the terminal sets the communication status to be allowable partial connection, a sending end completes the connection establishment process. By adopting the DoS attack defense method, DoS attack defense can be realized, and the terminal can actively require defense in case of malicious attack so as to prevent further hazard without affecting other communication connection of the terminal.

Description

technical field [0001] The invention relates to a DoS attack defense method based on a separation and mapping mechanism of identity and location, so that when a terminal is attacked maliciously, it can actively request defense to avoid further damage without affecting other communication connections of the terminal. It belongs to the field of network security technology. Background technique [0002] The network system of separating identity and location can solve the problem of routing scalability. However, just like the security problems faced by traditional networks, the network system of separating identity and location still faces many network security problems. DoS and DDoS attacks are the main attack methods in traditional networks, and they will also be the main security threats to the identity and location separation network system. [0003] When a connection is established in a traditional network, the receiving end does not know the communication intention of the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/56
Inventor 刘颖张宏科周华春唐建强
Owner 北京地平线轨道技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com