Method, device and system for processing attack data packages

A processing method and data packet technology, applied in the field of communication, can solve problems such as occupying large network bandwidth and affecting data packet transmission

Active Publication Date: 2015-04-29
HUAWEI TECH CO LTD
View PDF4 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, in the above-mentioned method of preventing the attack data packets from entering the cloud server through the firewall, since the firewall can only prevent the attack data packets from entering the cloud server, the switch responsible for forwarding the data packets to th...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and system for processing attack data packages
  • Method, device and system for processing attack data packages
  • Method, device and system for processing attack data packages

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0098] The embodiment of the present invention provides a method for processing attack data packets, such as figure 2 As shown, the method can include:

[0099] S101. The management node receives the description information of the attack data packet sent by the sensing node and the attack type of the attack data packet.

[0100] Among them, the attack data packet can be understood as a data packet that threatens the sensing node, such as a data packet with a malformed message, a data packet with abnormal message fragmentation, and transmission control protocol (English: transmission control protocol, abbreviation: TCP) is invalid Connected data packets, data packets with excessive data volume, etc.

[0101] Optionally, the description information of the attack data packet may be information obtained by the sensing node from the header of the attack data packet, and specifically may be the source IP address of the attack data packet, the destination IP address of the attack data pack...

Embodiment 2

[0147] The embodiment of the present invention provides a method for processing attack data packets, such as Image 6 As shown, the method can include:

[0148] S401. The sensing node receives a data packet.

[0149] S402. The sensing node recognizes that the data packet is an attack data packet.

[0150] S403. The sensing node determines the description information of the attack data packet and the attack type of the attack data packet.

[0151] S404: The sensing node sends the description information and the attack type to the management node.

[0152] Specifically, for the specific implementation of S401-S404 above, please refer to Figure 5 The related description in the shown embodiment will not be repeated here.

[0153] S405. After receiving the description information and the attack type sent by the sensing node, the management node determines a processing strategy for the attack data packet with the attack type according to the attack type.

[0154] S406: The management node send...

Embodiment 3

[0177] Such as Picture 11 As shown, the embodiment of the present invention provides a management node, and the management node may include:

[0178] The receiving unit 10 is configured to receive the description information of the attack data packet and the attack type of the attack data packet sent by the sensing node.

[0179] The determining unit 11 is configured to determine, according to the attack type received by the receiving unit 10, a processing strategy for the attack data packet with the attack type, and the processing strategy is used to instruct the switch to attack the attack with the description information The data packet performs the operation indicated by the processing strategy.

[0180] The sending unit 12 is configured to send the description information received by the receiving unit 10 and the processing strategy determined by the determining unit 11 to the switch via a software-defined network SDN controller, and the switch will perform The attack data pac...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides a method, device and system for processing attack data packages, and relates to the technical field of communications. The method, device and system provided by the invention can be adopted to limit a network bandwidth which is occupied when the attack data packages are transmitted in a network, so that the transmission of normal data packages is guaranteed. The method comprises the following steps: a management node receives the description information of an attack data package, which is sent by a sensing node, and the attack type of the attack data package; a processing strategy of the attack data package of the attack type is confirmed according to the attack type, and the description information and the processing strategy are sent to an interchanger through an SDN controller; the interchanger executes the operation indicated in the processing strategy on the attack data package with the description information, wherein the processing strategy is used for indicating the interchanger to execute the operation indicated in the processing strategy on the attack data package with the description information. The method provided by the invention is applied to a network security maintenance technique.

Description

Technical field [0001] The present invention relates to the field of communication technology, in particular to a processing method, device and system for attacking data packets. Background technique [0002] With the rapid development of cloud technology, there are more and more problems in the application of cloud technology. For example, the server of the cloud data center (hereinafter referred to as the cloud server) will be attacked by various attack data packets during network protocol (English: Internet Protocol, abbreviation: IP), such as distributed denial of service (English: distributed denial of service). service, abbreviation: DDoS) attacks, fake news attacks, etc. Therefore, processing attack data packets and ensuring secure communication with cloud servers has become one of the core technologies of cloud technology. [0003] Currently, a common way to process attack data packets is to deploy a physical firewall on the entrance cloud server of the cloud data center,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/24H04L45/42H04L45/74H04L47/20
CPCH04L63/1458H04L63/1441H04L45/54H04L63/0236H04L63/20H04L63/302H04L9/40G06F9/45558H04L69/22
Inventor 余庆华杨欣华
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap