Check patentability & draft patents in minutes with Patsnap Eureka AI!

Method, device, client and equipment for defending against distributed denial-of-service attacks

A distributed rejection and client-side technology, applied in the field of network security, can solve the problems of mistakenly discarding regular messages and the complexity of DDOS attack defense methods

Active Publication Date: 2019-07-02
神州绿盟成都科技有限公司
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The present invention provides a method, device, client and equipment for defending against distributed denial-of-service attacks, which are used to solve the problem of using statistics and machine learning methods to automatically analyze the characteristics of various business messages in the prior art, so as to prevent DDOS attacks The defense method is highly complex, which may lead to the problem of discarding frequent packets by mistake

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device, client and equipment for defending against distributed denial-of-service attacks
  • Method, device, client and equipment for defending against distributed denial-of-service attacks
  • Method, device, client and equipment for defending against distributed denial-of-service attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0157] Embodiments of the present invention provide a method for defending against distributed denial of service attacks, such as figure 1 shown, including:

[0158] Step 101, intercepting the service message sent by the client to the server.

[0159] Specifically, the device (defense device) for defending against DDOS attacks intercepts the service message sent by the client to the server, and the service message sent by the client is TCP (Transmission Control Protocol, Transmission Control Protocol) or UDP (User Datagram Protocol, user data message protocol) format, including: TCP request message, UDP request message and other messages for communicating with the server.

[0160] Step 102, according to the rules agreed with the client, obtain the information carried in the first preset field of the service message, the inherent information carried in the inherent field of the service message, and at least one second preset field carried to add information.

[0161] Among t...

Embodiment 2

[0190] figure 1 The provided embodiment is based on the description of the method for defending against distributed denial-of-service attacks provided by the embodiments of the present invention based on the defense device side. The method for defending against distributed denial-of-service attacks provided by the embodiments of the present invention will be described in detail below based on the client side.

[0191] and figure 1 Corresponding to the provided embodiments, the embodiments of the present invention also provide a method for defending against distributed denial of service, such as Figure 5 shown, including:

[0192] Step 401: Perform hash processing on the information carried in the inherent fields of the service message and at least one piece of added information according to the hash algorithm agreed with the defense device to obtain a hash result.

[0193] Step 402: Edit the hash result into the first preset field of the service message according to the rul...

Embodiment 3

[0207] because Figure 5 The service message in the provided embodiment carries the response time of the last response message returned by the server to the client, but in the prior art, when the server returns the response message to the client, it does not carry the response message in the response message. The response time, therefore, the embodiment of the present invention also provides a method for defending against distributed denial of service attacks, such as Figure 7 shown, including:

[0208] Step 601, when the server receives the service message sent by the client, it extracts the local time.

[0209] The local time is: the difference between the number of seconds corresponding to the moment when the server returns the response message and the standard time. The local time in step 601 is the response time of the response packet returned by the server to the client mentioned in the above embodiment.

[0210] Step 602: Carry the local time in a preset field of a ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention provides a method, device, client and equipment for defending against distributed denial-of-service attacks, wherein one method includes: intercepting the service message sent by the client to the server; obtaining the service message according to the rules agreed with the client The information carried in the first preset field of the message, the inherent information carried in the inherent field of the service message, and the added information carried in at least one second preset field; according to the hash algorithm agreed with the client, the Performing hash processing on the inherent information and at least one piece of added information to obtain a hash result; when it is determined that the hash result is different from the information carried in the first preset field, discarding the service packet. Since the present invention pre-agrees with the client on rules and hash algorithms, it does not need to count the characteristics of various service messages, the implementation complexity is relatively low, and the probability of mistakenly discarding non-attack messages is small.

Description

technical field [0001] The present invention relates to the technical field of network security, and in particular, to a method, an apparatus, a client and a device for defending against distributed denial of service attacks. Background technique [0002] DDOS (Distribution Denial of Service) attack is a common means of attacking servers. The attacker controls a large number of puppet machines (attack clients) and sends a large number of business packets to the attacked server, occupying the server. resources, resulting in the server not being able to serve normal clients well. [0003] The currently adopted methods to defend against DDOS attacks are: intercepting the service packets sent by normal clients; using statistics and machine learning methods to automatically analyze the characteristics of the service packets sent by the client; analyzing the characteristics of the service packets Convert it into a keyword; when it is determined that the received service packet ca...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1433H04L63/1458H04L63/0245H04L63/0263H04L69/22H04L2463/121H04L63/0435
Inventor 陈涛何坤
Owner 神州绿盟成都科技有限公司
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com