Method and device for automatic defense distributed denial of service attack of firewall

A distributed rejection and automatic defense technology, applied in the direction of electrical components, transmission systems, etc., can solve the problems of high technical cost and high resource occupancy rate of firewall equipment, and achieve the effect of reducing resource occupancy rate and improving work efficiency

Active Publication Date: 2015-04-15
CHINA TELECOM CORP LTD
View PDF4 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, the firewall device has certain protection capabilities against common DDOS attacks, but it is necessary to configure security policies and rules in the security rule base of the firewall device in advance. The more polici...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for automatic defense distributed denial of service attack of firewall
  • Method and device for automatic defense distributed denial of service attack of firewall
  • Method and device for automatic defense distributed denial of service attack of firewall

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] Various exemplary embodiments of the present invention will now be described in detail with reference to the accompanying drawings. It should be noted that the relative arrangements of components and steps, numerical expressions and numerical values ​​set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise.

[0041] At the same time, it should be understood that, for the convenience of description, the sizes of the various parts shown in the drawings are not drawn according to the actual proportional relationship.

[0042] The following description of at least one exemplary embodiment is merely illustrative in nature and in no way taken as limiting the invention, its application or uses.

[0043] Techniques, methods and devices known to those of ordinary skill in the relevant art may not be discussed in detail, but where appropriate, such techniques, methods and devices should be considered part of the descript...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Embodiments of the invention disclose a method and a device for automatic defense distributed denial of service attack of a firewall. The method comprises: performing FLOW analysis on data traffic passing through and reaching a firewall device; according to the result of the FLOW analysis, if the result is detected to conform to attack characteristics of a certain distributed denial of service (DDOS) attack type, and the data traffic conforming the attack characteristics is DDOS attack flow, according to correspondence between DDOS attack types and protection security strategy arranged in advance, automatically generating protection security strategy holding up DDOS attack flow, and configuring the generated protection security strategy on the firewall device; and responding to disappearing of the attack characteristics which conform to a certain DDOS attack type, deleting the protection security strategy from the firewall device, the strategy holds up the DDOS attack flow. The method does not need to configure the protection security strategy in a safety regulation base of the firewall device in advance, and automatic defense of DDOS attack can be realized on a universal firewall device.

Description

technical field [0001] The invention relates to network and information security technology, in particular to a method and device for a firewall to automatically defend against distributed denial of service (Distributed Denial of Service, DDOS) attacks. Background technique [0002] At present, the security rules of firewall devices are usually issued by administrators who are familiar with the network environment and devices. When the firewall is in the state of allowing traffic, and when a DDOS attack occurs and there is no matching entry in the security rule base to prevent the DDOS attack, DDOS attacks can successfully pass through firewall devices. At present, the firewall device has certain protection capabilities against common DDOS attacks, but it is necessary to configure security policies and rules in the security rule base of the firewall device in advance. The more policies and rules are configured, the higher the resource usage of the firewall device will be. ....

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/0218H04L63/1458
Inventor 肖宇峰刘东鑫沈军金华敏郭亮
Owner CHINA TELECOM CORP LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap