Protection method, apparatus and system for distributed denial of service DDoS (distributed denial of service) attack

A technology of distributed rejection and protection device, applied in the computer field, can solve the problem of low protection ability, and achieve the effect of improving protection ability, continuous effective cleaning and filtering, and improving accuracy

Active Publication Date: 2015-10-07
TENCENT CLOUD COMPUTING BEIJING CO LTD
View PDF3 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The embodiment of the present invention provides a distributed denial of service DDoS attack protection method and its device and system, to at least sol

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Protection method, apparatus and system for distributed denial of service DDoS (distributed denial of service) attack
  • Protection method, apparatus and system for distributed denial of service DDoS (distributed denial of service) attack
  • Protection method, apparatus and system for distributed denial of service DDoS (distributed denial of service) attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0026] According to an embodiment of the present invention, a method for protecting against a distributed denial of service DDoS attack is provided. In this embodiment, the above method for protecting against a distributed denial of service DDoS attack can be applied to such as figure 1 In the shown network, wherein, the above-mentioned network includes but not limited to: a backbone network, a metropolitan area network under the backbone network, an Internet Data Center (IDC) under the metropolitan area network, and a service under the Internet Data Center (IDC) Servers and clients connected to the backbone network. Optionally, in this embodiment, the MAN under the backbone network may also be regarded as the backbone network in the above-mentioned network, but not limited to.

[0027] For example, if figure 1 As shown, the backbone network is connected to the metropolitan area network 1 and the metropolitan area network 2, wherein the metropolitan area network 1 includes th...

Embodiment 2

[0129] According to an embodiment of the present invention, a protection device for a distributed denial-of-service DDoS attack is provided. In this embodiment, the above-mentioned protection device for a distributed denial-of-service DDoS attack can be applied to such as figure 1 In the shown network, wherein, the above-mentioned network includes but not limited to: a backbone network, a metropolitan area network under the backbone network, an Internet Data Center (IDC) under the metropolitan area network, and a service under the Internet Data Center (IDC) Servers and clients connected to the backbone network. Optionally, in this embodiment, the MAN under the backbone network may also be regarded as the backbone network in the above-mentioned network, but not limited to.

[0130] For example, if figure 1 As shown, the backbone network is connected to the metropolitan area network 1 and the metropolitan area network 2, wherein the metropolitan area network 1 includes the Inte...

Embodiment 3

[0224] According to an embodiment of the present invention, a distributed denial of service DDoS attack protection system is provided. In this embodiment, the above-mentioned distributed denial of service DDoS attack protection system can be applied to such as figure 1 In the shown network, wherein, the above-mentioned network includes but not limited to: a backbone network, a metropolitan area network under the backbone network, an Internet Data Center (IDC) under the metropolitan area network, and a service under the Internet Data Center (IDC) Servers and clients connected to the backbone network. Optionally, in this embodiment, the MAN under the backbone network may also be regarded as the backbone network in the above-mentioned network, but not limited to.

[0225] For example, if figure 1As shown, the backbone network is connected to the metropolitan area network 1 and the metropolitan area network 2, wherein the metropolitan area network 1 includes the Internet data cen...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention discloses a protection method, apparatus and system for distributed denial of service DDoS (distributed denial of service) attack. The method includes receiving DDoS attack alarm messages, wherein the DDoS attack alarm messages are used for indicating that DDoS attack appears on a business server; acquiring protection configuration parameters in response to DDoS attack alarm messages, wherein the protection configuration parameters are used for filtering a data packet which is sent to the business server; and sending the protection configuration parameters to a multi-level flow cleaning system so as to indicate the multi-level flow cleaning system to filter the data packet sent to the business server according to the received protection configuration parameters, wherein the multi-level flow cleaning system comprises a first flow cleaning system at a backbone network node and a second flow cleaning system at an IDC (Internet data center) entry. The present invention solves the technical problem that flow cleaning is performed only based on cleaning equipment adjacent to a business server so that the protection capability is lower in the prior art.

Description

technical field [0001] The present invention relates to the field of computers, in particular to a method for protecting against DDoS attacks of distributed denial of service and its device and system. Background technique [0002] Distributed Denial of Service (DDoS, Distributed Denial of Service) attack refers to the use of client / server technology to combine multiple computers as an attack platform to launch a DDoS attack on one or more targets, thereby multiplying the denial of service attack power. Usually, the attacker uses a stolen account to install the DDoS master control program on a computer. At a set time, the master control program will communicate with a large number of agent programs. Among them, the agent programs have been installed on many computers on the Internet. The agent launches an attack when instructed to do so. Using client / server technology, the main control program can activate hundreds of agent programs in a few seconds, because during the att...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
Inventor 陈勇闫帅帅
Owner TENCENT CLOUD COMPUTING BEIJING CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap