DoS/DDoS attack detecting and filtering method based on light-weight intrusion detection

A technology for intrusion detection and attack detection, applied in electrical components, transmission systems, etc., can solve problems such as limited redundant information, excessive consumption of detection resources, and unresolved problems of unknown attack detection, so as to improve the detection effect, The effect of accurate real-time processing

Active Publication Date: 2015-12-30
THE PLA INFORMATION ENG UNIV
View PDF6 Cites 39 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] It can be seen that there are still some deficiencies in the existing schemes. The method based on classification detection is limited by redundant information, which leads to excessive consumption of detection resources and restricts the re

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DoS/DDoS attack detecting and filtering method based on light-weight intrusion detection
  • DoS/DDoS attack detecting and filtering method based on light-weight intrusion detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019] The DoS / DDoS attack detection and filtering method based on lightweight intrusion detection of the present invention will be further explained below with reference to the accompanying drawings and specific embodiments:

[0020] As attached figure 1 As shown, the DoS / DDoS attack detection and filtering process of the present invention is divided into:

[0021] 1. Traffic warning based on time window

[0022] Update and monitor the arrival of traffic in time windows one by one, and define the window length t of the time window according to the defense target processing capability W And flow number threshold Δ 0 , When there is a sudden access or a surge in traffic and reaches the threshold Δ 0 When there is abnormal traffic in this window, the subsequent detection and filtering mechanism is triggered.

[0023] 2. Abnormal flow characteristics processing

[0024] The abnormal traffic in step 1 is processed as a sequence of detection characteristic samples for use in subsequent steps...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a DoS/DDoS attack detecting and filtering method based on light-weight intrusion detection. The problem that intrusion detection accuracy still needs to be improved in the prior art is solved through the method. The method includes the steps of 1, flow early warning based on a time window; 2, abnormal flow characteristic processing; 3, rapid attack detection based on rule matching; 4, excavation and detection of attacks of unknown types; 5, attack filtering based on an IP list. Compared with the prior art, through the combination of the light-weight intrusion detection technology with characteristic selection, the problem that an original DoS/DDoS attack detection method based on classification detection is poor in instantaneity is basically solved; through the combination of online incremental learning and characteristic selection, the problems existing in detection of attacks of unknown types are solved, wherein pre-built attack modes of the attacks are not matched.

Description

Technical field [0001] The invention relates to a data detection method in the field of computer network security, in particular to a DoS / DDoS attack detection and filtering method based on lightweight intrusion detection. Background technique [0002] Denial of Service (DoS) attack is a network attack that prevents legitimate users from accessing the target service normally. It has two forms of attack. One is to use the software vulnerability of the target system to cause the system to send malformed messages to the target host. Crash, etc.; the other is to continuously send a large number of useless messages to the target to occupy the target's bandwidth resources and host resources. At present, the so-called DoS attack refers to the second type, also known as flooding attack. [0003] In recent years, with the development of computer hardware technology, in order to increase the intensity of attacks, attackers control multiple hosts in different locations in the network to simu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1458
Inventor 扈红超姜宏陈庶樵杜飞王雨马海龙张震程国振张明明
Owner THE PLA INFORMATION ENG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap