Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and device for preventing malicious traffic attack

A technology of malicious traffic and traffic limitation, applied in the field of traffic transmission, can solve the problem of being unable to prevent the attack of changing source and target

Active Publication Date: 2018-07-20
NEW H3C TECH CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] These two methods can prevent attack traffic with fixed source IP address or fixed destination IP address, but cannot prevent attacks with variable source and changed destination

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for preventing malicious traffic attack
  • Method and device for preventing malicious traffic attack
  • Method and device for preventing malicious traffic attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0028] figure 1 The flow chart of the method for preventing malicious traffic attacks provided by the embodiment of the present invention, such as figure 1 As shown, the specific steps are as follows:

[0029] Step 100: Preset a shared token bucket on the network device.

[0030] Wherein, the size of the shared token bucket and the adding rate of tokens can be determined according to experience.

[0031] Step 101: When a network device receives a packet, it is determined whether the packet satisfies the semi-connected state or the fully-connected state, and if the semi-connected state is satisfied, step 102 is performed; if the full-connected state is satisfied, step 103 is executed.

[0032] Step 102: The network device uses the shared token bucket to restrict the flow of the message, and this process ends.

[0033] Step 103: The...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention proposes a method and device for preventing malicious traffic attacks. The method includes: maintaining a shared token bucket for all semi-connected sessions on the network device; when the network device receives a message, if it is found that the message meets the semi-connected state, the shared token bucket is used to Packet flow limitation; if the packet is found to be fully connected, use the exclusive token bucket of the session corresponding to the packet to restrict the flow of the packet. The present invention prevents malicious traffic attacks from changing sources and changing purposes.

Description

technical field [0001] The invention relates to the technical field of traffic transmission, in particular to a method and device for preventing malicious traffic attacks. Background technique [0002] During actual network operation, personal computers (PCs, Personal Computers) are often poisoned or maliciously attacked, causing them to send a large amount of abnormal traffic to the network, resulting in high utilization of the central processing unit (CPU, Central Processing Unit) of network equipment, or chain failures. The load on the road is high, affecting normal business operation. At present, there are two main solutions for malicious attacks: [0003] 1. Committed Access Rate (CAR, Committed Access Rate) speed limit based on the source IP address or destination IP address, and the traffic from each IP address cannot exceed a certain traffic limit; [0004] 2. Limit the number of sessions based on the source IP address or destination IP address. The number of sessi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1441H04L63/1425H04L63/145
Inventor 罗忠海
Owner NEW H3C TECH CO LTD