Method and device for dynamic threshold anomaly traffic detection of DDOS (distributed denial of service) attack

An abnormal flow, dynamic threshold technology, applied in the field of network security and communication, can solve the problems of inability to detect system attacks in real time, reduce the strength of enterprise security control, and untimely detection of security events, so as to improve accuracy, ensure accuracy and Targeted and improved accuracy

Inactive Publication Date: 2014-08-06
HANDAN BRANCH OF CHINA MOBILE GRP HEBEI COMPANYLIMITED
View PDF4 Cites 36 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Since in a complete multi-step attack, the attack may last for many days, the misuse detection method cannot detect that the system is attacked in real tim

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for dynamic threshold anomaly traffic detection of DDOS (distributed denial of service) attack
  • Method and device for dynamic threshold anomaly traffic detection of DDOS (distributed denial of service) attack
  • Method and device for dynamic threshold anomaly traffic detection of DDOS (distributed denial of service) attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] The specific embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings, but it should be understood that the protection scope of the present invention is not limited by the specific embodiments.

[0032] The invention provides a DDOS attack dynamic threshold abnormal traffic detection method, and the determination of the dynamic threshold is based on the statistical principle. It is possible to generate a dynamic traffic threshold by establishing a curve statistical model for normal traffic within a period (such as a week) and combining statistical principles without prior predefined attack knowledge. If the detected traffic value exceeds the dynamic traffic threshold, it is considered that the network traffic is abnormal, and an alarm is generated. The abnormal flow detection method of the present invention can timely discover security problems in the network, and effectively improves the accuracy of abnormal f...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a device for dynamic threshold anomaly traffic detection of DDOS (distributed denial of service) attack. The method includes: acquiring historical data of anomaly traffic detection, and generating a traffic threshold above a tolerable line and a traffic threshold below the tolerable line of anomaly traffic detection according to the historical data of anomaly traffic detection; comparing a traffic value obtained by detection to the traffic threshold above the tolerable line and the traffic threshold below the tolerable line of anomaly traffic detection; if the traffic value is larger than the traffic threshold above the tolerable line or smaller than the traffic threshold below the tolerable line, sending out an anomaly traffic detection alarm. By the method and the device for dynamic threshold anomaly traffic detection of the DDOS attack, the traffic threshold above the tolerable line and the traffic threshold below the tolerable line can be generated effectively by utilization of the historical data, the defect of high difficulty in threshold determination in the process of anomaly traffic detection of the DDOS attack n the prior art is made up, accuracy of DDOS anomaly traffic detection is improved significantly through a statistics-based threshold determination method, and false alarm rate of anomaly traffic detection alarm is lowered.

Description

technical field [0001] The present invention relates to the technical field of network security in the communication field, in particular to a DDOS attack dynamic threshold abnormal traffic detection method and device. Background technique [0002] DDOS is the abbreviation of Distributed Denial of Service, that is, distributed denial of service. DDOS attack, that is, distributed denial of service attack, refers to a host computer controlling a large number of puppet hosts on the network to launch a denial of service attack on the attack target at the same time, in order to exhaust server resources. At present, there are usually two methods of detecting DDOS attacks: anomaly detection and misuse detection. [0003] When using the misuse detection method, it is necessary to extract the characteristics of each attack, and then compare the current traffic characteristics with the signatures of each attack in the attack knowledge base. If they match, it can be determined that th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
Inventor 王立川刘艳青汤云峰赵洪峰陈平李绍辉魏春来李京红赵志伟耿志刚田毅马学冉
Owner HANDAN BRANCH OF CHINA MOBILE GRP HEBEI COMPANYLIMITED
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap