Method and system for monitoring DDOS (distributed denial of service) attacks in small flow

Abstract

The invention discloses a method and a system for monitoring DDOS (distributed denial of service) attacks in small flow, solves the problems that the existing DDOS attack detection technology is high in cost, complex to implement and high in misjudgment rate, cannot respond to DDOS attacks aiming at an application layer and the like, and provides the monitoring scheme of an integrated DPI (dots per inch) technology. A baseline analysis, component analysis and similarity analysis method is used to establish a normal use model, characteristics are accurately matched to detect the attacks in small flow and the application layer attacks, deployment at one point of an operator network and complete coverage of the operator network are achieved, and detection accuracy is increased.

Description

technical field

[0001] The invention belongs to the technical field of mobile Internet security, and in particular relates to a method and a system for monitoring small flow DDOS attacks. Background technique

[0002] Distributed denial of service attack (distributed denial of service attack, referred to as DDOS) is to attack the target system at the same time by controlling multiple machines with relatively weak security defenses on the Internet, causing the victim host system or network to be overloaded and unable to receive or respond to external requests in a timely manner. , so as to achieve the purpose of denial of service attack.

[0003] Generally, on broadband networks, the specific form of DDOS attack is to create high-flow useless data, causing network congestion and interrupting network services. At present, most of the websites on the Internet are hosts with high bandwidth. In principle, it is almost impossible to cause any blockage simply by directly sending p...

Images