Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and system for monitoring DDOS (distributed denial of service) attacks in small flow

A monitoring system and small traffic technology, applied in transmission systems, digital transmission systems, electrical components, etc., can solve the problems of inability to detect low-rate DDoS attacks, high implementation costs, low ease of use, etc., to prevent denial of service attacks. , make up for the high deployment cost and improve the security level

Active Publication Date: 2012-12-12
CHINA TELECOM CORP LTD
View PDF3 Cites 31 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in the face of DDoS attacks, the IDS system often cannot meet the requirements, the main reasons are:
[0008] First, although the intrusion detection system can detect attacks at the application layer, the basic mechanism is based on rules, and protocol sessions need to be restored. Currently, most DDoS attacks use attack traffic based on legal data packets, so the IDS system is very difficult. Difficult to effectively detect these attacks
Although some IDS systems also have the ability to detect certain protocol anomalies, this requires manual configuration by security experts to take effect, and its implementation costs are high and ease of use is extremely low;
[0009] Second, due to the high false positive rate of IDS may form a new denial of service, causing legitimate users to be unable to access network resources
[0011] First, the NetFlow data format cannot provide detailed L4-L7 layer information, and cannot respond to DDoS targeting the application layer;
[0012] Second, due to the consideration of the CPU and memory load of the egress router, the sampling rate of NetFlow is usually adjusted to be relatively high, such as 3000:1 or 5000:1. Due to the sampling error, it can only be used to detect whether there is a large flow exceeding the preset threshold. Network layer attacks make judgments, so low-rate DDoS attacks cannot be detected, and fine-grained security protection cannot be achieved
[0013] Through the above analysis, the industry still lacks an effective method for small traffic DDOS attack monitoring

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for monitoring DDOS (distributed denial of service) attacks in small flow
  • Method and system for monitoring DDOS (distributed denial of service) attacks in small flow
  • Method and system for monitoring DDOS (distributed denial of service) attacks in small flow

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The present invention performs baseline analysis, component analysis, and traffic similarity analysis, and once a threshold alarm occurs after matching the above three models, it is determined that a DDOS attack has occurred. After a DDOS attack occurs, AAA can also perform PPP disconnection on the mobile terminal with the corresponding IMSI number according to the source address, so as to prevent the attack in a timely and effective manner and release the resources on the wireless side. A detailed description will be given below in conjunction with the accompanying drawings.

[0030] figure 1 It is a schematic structural diagram of a system for monitoring small traffic DDOS attacks in the present invention, and the DDOS monitoring system is deployed at the egress of a metropolitan area network.

[0031] The specific structure of the system is as follows figure 2 Shown, including baseline analysis filter, component analysis filter and similarity analysis filter. in:...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a system for monitoring DDOS (distributed denial of service) attacks in small flow, solves the problems that the existing DDOS attack detection technology is high in cost, complex to implement and high in misjudgment rate, cannot respond to DDOS attacks aiming at an application layer and the like, and provides the monitoring scheme of an integrated DPI (dots per inch) technology. A baseline analysis, component analysis and similarity analysis method is used to establish a normal use model, characteristics are accurately matched to detect the attacks in small flow and the application layer attacks, deployment at one point of an operator network and complete coverage of the operator network are achieved, and detection accuracy is increased.

Description

technical field [0001] The invention belongs to the technical field of mobile Internet security, and in particular relates to a method and a system for monitoring small flow DDOS attacks. Background technique [0002] Distributed denial of service attack (distributed denial of service attack, referred to as DDOS) is to attack the target system at the same time by controlling multiple machines with relatively weak security defenses on the Internet, causing the victim host system or network to be overloaded and unable to receive or respond to external requests in a timely manner. , so as to achieve the purpose of denial of service attack. [0003] Generally, on broadband networks, the specific form of DDOS attack is to create high-flow useless data, causing network congestion and interrupting network services. At present, most of the websites on the Internet are hosts with high bandwidth. In principle, it is almost impossible to cause any blockage simply by directly sending p...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/26H04L12/56
Inventor 陆小铭曹维华余勇昌朱华虹
Owner CHINA TELECOM CORP LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products