Distributed denial of service attack detection method and detection device
A technology of distributed rejection and detection method, applied in the field of communication, can solve the problems of high probability of false damage, low accuracy, and business can not work normally in normal packets, and achieve the effect of improving response speed and detection performance
Active Publication Date: 2018-06-19
TENCENT TECH (SHENZHEN) CO LTD +1
View PDF5 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0007] The accuracy of the first detection method is low, and the probability of accidental damage to normal messages is high;
[0008] In the second detection method, since the signature involves the reorganization of the transport layer and all protocols above it, as well as the matching of regular expressions, the response speed of this detection method is slow and the detection performance is poor.
The slow response speed means that after the attack, the business cannot work normally for a long time, and the loss is very large
However, the problem of poor detection performance leads to an increase in investment costs. To purchase more firewall equipment, the investment cost usually needs to be increased by more than ten times.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0023] The specific implementation manners of the present invention will be described in further detail below in conjunction with the accompanying drawings and examples. The following examples are used to illustrate the present invention, but are not intended to limit the scope of the present invention.
[0024] see figure 1 , the present invention provides a kind of detection method of distributed denial of service attack, comprising steps:
[0025] Counting the number of packets received by the source IP address or the destination IP address per unit time, and comparing the number of packets with a preset threshold (S1); preferably, the unit time is 1 second.
[0026] When the number of messages is greater than the preset threshold, extract the fingerprint of one of the messages as a template fingerprint (S2);
[0027] Judging whether the number of packets of the source IP address or the destination IP address matching the template fingerprint received in the subsequent un...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention provides a detection method for a distributed denial of service attack, which includes the steps of: counting the number of packets of the source IP address or the destination IP address received per unit time, and comparing the number of packets with the preset Threshold; when the number of messages is greater than the preset threshold, extract the fingerprint of one of the messages as a template fingerprint; determine whether a source IP address or a destination IP matching the template fingerprint is received within a subsequent unit of time Whether the number of packets of the address is greater than the threshold, if so, it is judged that it is under attack, otherwise it is judged that it is not under attack. The application of the invention can improve the response speed and detection performance while ensuring the detection accuracy.
Description
technical field [0001] The invention relates to the technical field of communications, in particular to a detection method and detection device for a distributed denial-of-service attack. Background technique [0002] One of the existing ways of remotely attacking the server through the network is Denial of Service attack (Denial of Service, DoS for short). The attacker sends a request with a false address to the server, and the server sends a reply message to the false address, and then the server keeps Wait for the required reply message. Denial of service attacks will occupy too many resources of the server, so that legitimate users cannot get the server's response. Because the processing capacity of the server is generally high, using a single computer to carry out DoS attacks often cannot achieve the desired effect, so there has been a distributed denial of service attack (Distributed Denial of Service, referred to as DDoS). The attacker first controls a large number ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 付山阳
Owner TENCENT TECH (SHENZHEN) CO LTD