IPv4 and IPv6-based detection method and system for denial of service attacks

A denial of service attack and detection method technology, applied in transmission systems, electrical components, etc., can solve the problems of DOS/DDOS attacks that are difficult to detect and do not consider business characteristics, and achieve the effect of high accuracy and lower requirements

Active Publication Date: 2013-08-14
HARBIN ANTIY TECH
View PDF3 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Currently, there are flaws in the detection of DOS / DDOS attacks, and the detection method relies more on the statistics of the characteristics of the data packets of the entire network; the detection does not consider specific service characteristics, and it is difficult to detect DOS / DDOS attacks disguised as legitimate requests

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • IPv4 and IPv6-based detection method and system for denial of service attacks
  • IPv4 and IPv6-based detection method and system for denial of service attacks
  • IPv4 and IPv6-based detection method and system for denial of service attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the present invention more obvious and easy to understand, the technical solutions in the present invention will be further detailed below in conjunction with the accompanying drawings illustrate.

[0042] The present invention provides a denial-of-service attack detection method and system based on IPv4 and IPv6, including that it can only process the traffic directed at the current target host, basically shielding the interference of the large traffic data of the entire network on the analysis, so it has no impact on DOS / The detection rate of DDOS attacks is more accurate.

[0043] First introduce the denial of service attack detection method based on IPv4 and IPv6 of the present invention, comprise, as figure 1 shown, including:

[0044] S101. Operation monitoring:...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an IPv4 and IPv6-based detection method for denial of service attacks. The method comprises the following steps: during usual operation detection, a system only picks up basic operation parameters in flow, and a simple flow model is used for judging possible abnormalities; under the condition that abnormalities exist, a service flow model is used for judging abnormalities; and under the condition that abnormalities are confirmed, an attack flow model is used for judging attack types. The invention further discloses an IPv4 and IPv6-based detection system for denial of service attacks, wherein the system comprises a flow model module, an operation monitoring module, an abnormality conforming module, and an attack type conforming module and handling module. The method and the system provided by the invention basically shield interference of large flow data of the whole network to analysis, and are high in relevance ratio accuracy of DOS (disk operating system)/DDOS (diagnostic disk operating system) attacks.

Description

technical field [0001] The invention relates to network DOS / DDOS attack detection technology, in particular to a method and system for detecting denial of service attacks against servers in IPv4 and IPv6 Ethernet networks. Background technique [0002] With the development of the Internet, people increasingly rely on servers that provide various services on the Internet in their daily lives. Denial of Service attack DOS / DDOS (Denial of Service / Distributed Denial of service) utilizes the defect of TCP / IP protocol to exhaust the network resources of the target host by initiating a large number of connections to the target host, making it unable to provide normal services, or even cause the system to crash. Several common DOS / DDOS attacks include: flood attack, reflection attack, CC (Challenge Collapsar) attack, HTTP slow connection attack, etc. An effective DOS / DDOS causes the company to be unable to provide effective services to users, and brings commercial loss to the comp...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12H04L29/08
Inventor 邱勇良
Owner HARBIN ANTIY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap