Method and device for detecting data message

A technology of data packets and detection methods, which is applied in the field of network security, and can solve the problems that legitimate users cannot normally access DNS servers, firewalls cannot accurately identify attack traffic, and attack traffic flows, etc.

Active Publication Date: 2015-07-29
HILLSTONE NETWORKS CO LTD +1
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0014] Aiming at the problem that the related technology firewall cannot accurately identify the attack traffic, causing a large amount of attack traffic to flow to the server, thus causing legitimate users to be unable to access the DNS server normally, no effective solution has been proposed so far. Therefore, the main purpose of the present invention is to provide a Data message detection method and device to solve the above problems

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting data message
  • Method and device for detecting data message
  • Method and device for detecting data message

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined with each other. The present invention will be described in detail below with reference to the accompanying drawings and examples.

[0039] figure 2 is a schematic structural diagram of an apparatus for obtaining a data packet type according to an embodiment of the present invention. image 3 is based on figure 2 A schematic structural diagram of an apparatus for obtaining a data message type in the illustrated embodiment. Such as figure 2 As shown, the device may include: a first reading module 10, configured to read the domain name parameter of the first data message received; a first processing module 30, used to combine the domain name parameter of the first data message with the preset Set the domain name parameter to carry out random degree calculation, to obtain the random degree score of the domain name parame...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a detection method and a device for a data message. The method comprises a detection method of the data message. The method comprises the following steps: reading the domain name parameter of a received first data message; performing a random degree calculation to the domain name parameter of the first data message and a preset domain name parameter to obtain a random degree score of the domain name parameter of the first data message, wherein the preset domain name parameter is a domain name parameter of a preset valid data message; judging if the random degree score is more than a blocking threshold; and determining the first data message to be an invalid data message when the random degree score is more than the blocking threshold. According to the detection method, accurately identifying the invalid data message is achieved, so that the invalid data message can be processed from a flow of all DNS (Domain Name Server) random requests, the invalid data message of the DNS random requests can be effectively and efficiently cleaned, and a DNS random request attack loses a DDOS (Distributed Denial of Service) effect.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method and device for detecting data packets. Background technique [0002] A bot is a computer that has been breached by hackers and planted with a Trojan horse virus. Hackers can manipulate it at will and use it to do anything, just like a puppet. [0003] Normally, if the DNS request packet is less than 512 bytes, the UDP protocol is used, and only the request packet larger than 512 bytes will be transmitted using the TCP protocol. UDP itself is connectionless, and DNS requests are also connectionless. When using UDP protocol to make DNS requests, it is usually a one-response method. The client sends a Query packet to the server, and the server responds with a Request packet. [0004] With the rapid development of the Internet, and due to the need for investment in domain name resources, the number of legal domain names on the Internet continues to increase. The character co...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/70H04L29/12
Inventor 邓富镭
Owner HILLSTONE NETWORKS CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap