Identification method and device for denial of service attack

Abstract

The invention provides an identification method and device for the denial of service attack. The identification method for the denial of service attack comprises the following steps of obtaining the total amount of access requests sent to a target host within a first preset time period, and recording as a first request amount; judging whether the first request mount exceeds a threshold value which is obtained by calculating the page view of the target host; and if so, determining that the target host is subjected to the denial of service attack. According to the technical scheme disclosed by the invention, the total amount of the access requests sent to the target host within the preset time is used as a judgment target, the threshold value is obtained by the page view statistics of the target host to serve as a criteria to judge whether denial of service attack is received, the denial of service attack phenomenon is concluded to identify the denial of service attack so as to bring convenience to take corresponding measures, the identification accuracy of the denial of service attack is greatly improved, and the safety protection of the host is realized.

Description

technical field [0001] The invention relates to the field of Internet security, in particular to a method and device for identifying a denial of service attack. Background technique [0002] Denial of service attack means that the attacker finds a way to stop the target machine from providing services or accessing resources. It is one of the attack methods commonly used by hackers. Using a large number of requests that exceed the response capability consumes a large number of attack target resources, including disk space, memory, processes and even network bandwidth, thereby preventing normal users from accessing. In severe cases, some services may be suspended or even the host may crash. [0003] As a type of denial of service attack, CC attack (Challenge Collapsar, challenge black hole attack) is a malicious attack method that uses continuous connection requests to websites to cause denial of service. Its principle is to simulate multiple users continuously accessing pag...

AI Technical Summary

Problems solved by technology

The principle is to simulate multiple users continuously accessing pages that require a large amount of data operations, causing the target host server to run out of resources until it crashes

[0004] Since the attack method of the CC attack is to simulate the user's access request, it is difficult to distinguish, and the technical threshold of the CC attack is low, and the attack can be carried out by using some tools and a certain number of skilled proxy IPs, and the attack effect of the CC attack is obvious

[0005] In the prior art, the solution for denial of service attacks, especially CC attacks, mainly prohibits website proxy access, limits the number of connections, and tries to make the website a static page. However, the above methods of prohibiting proxy access and limiting the number of connections will It affects normal users' access to the website. In addition, due to the limitation of the type and content of the webpage, it is impossible to set all the webpages as static pages, and this method cannot eliminate the effect of CC attacks

For the problem that the denial of service attack cannot be accurately identified in the existing technology, no effective solution has been proposed so far

Images