Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for detecting and disposing abnormal traffic attack

A technology for abnormal traffic and attack detection, applied to electrical components, transmission systems, etc., can solve problems such as low precision, complex implementation, and insufficient real-time, and achieve the effects of low complexity, high recognition accuracy, and fast processing speed

Active Publication Date: 2016-06-29
CHINA INTERNET NETWORK INFORMATION CENTER
View PDF5 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] At present, there are few abnormal traffic detection technologies for application-type DDOS attacks and the implementation is complex, which has one or more shortcomings: the detection and defense attacks based on traffic FLOW statistics are not accurate enough, and cannot penetrate into the application protocol itself ; Only for single IP attack detection and filtering method, it will be seriously ineffective in a large number of new forged visiting IPs; the currently commonly used detection and filtering method for judging abnormal attacks purely for IP traffic area will not work in normal application behaviors with large traffic (such as DNS query, WEB access, etc.) exist, the method of increasing false positives will fail; while the behavior recognition method for DNS server query logs requires additional information exchanged with the DNS server, which is inconvenient to implement and deploy, and is not real-time enough

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting and disposing abnormal traffic attack
  • Method and device for detecting and disposing abnormal traffic attack
  • Method and device for detecting and disposing abnormal traffic attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] In order to make the above-mentioned features and advantages of the present invention more comprehensible, the following specific embodiments are described in detail in conjunction with the accompanying drawings.

[0035] This embodiment provides a method for detecting and handling abnormal traffic attacks, such as figure 1 As shown, the detailed steps are as follows:

[0036] Step S101: Monitor the access request of the incoming IP.

[0037] Step S102: Determine whether the IP address is in the system whitelist, if yes, proceed to step S109 to directly forward the request; if not, proceed to step S103.

[0038] Step S103: Determine whether the IP address is in the system blacklist, if yes, go to step S108 and discard the traffic directly; if not, go to step S104.

[0039] Step S104: Determine whether the source address IP is in the TOPN ranking of the traffic TOPN dynamic filtering table.

[0040] The refinement of this step is as follows:

[0041] Step 1: Obtain ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method for detecting and disposing an abnormal traffic attack, comprising the following steps: 1) filtering known abnormal traffic and normal traffic of a visitor IP address; 2) according to a current traffic numerical value of the traffic passing the filtration of the visitor IP address and a corresponding traffic template numerical value in a TOPN dynamic filtering table, distinguishing the abnormal traffic and the normal traffic passing the filtration in the visitor IP address; 3) discarding the abnormal traffic, and forwarding the normal traffic. The invention also provides a device for detecting and disposing the abnormal traffic attack, comprising a traffic receiving unit, a static filtering unit, a dynamic detection filtering unit and a self-learning unit connected orderly, wherein the dynamic detection filtering unit is connected with an operation and deciding unit and the self-learning unit. The method and the device provided by the invention can improve disposal efficiency and detection accuracy for abnormal behaviors, and can quickly detect and dispose the abnormal attack traffic without influencing normal traffic access.

Description

technical field [0001] The invention relates to a network attack detection and protection technology, in particular to a method and device for detecting and handling abnormal flow attacks of low-flow application-type DDOS. Background technique [0002] With the rapid development of Internet technology, there are more and more attacks using the Internet. Among them, distributed denial of service (DDOS) attack is a common attack method, and its common feature is the use of protocol loopholes, and through many The fake "zombie host" sends a large number of seemingly legitimate network packets to the victimized target host, resulting in network congestion or resource exhaustion of the target server, resulting in service unavailability. There are many means and manifestations of DDOS attacks, which are mainly divided into traffic type and application type. Among them, traffic type DDOS attacks (TCPFlood for transmission control protocol, UDPFlood for user datagram protocol, ICMPF...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1458H04L63/1466
Inventor 李晓东张新跃胡安磊李炬嵘
Owner CHINA INTERNET NETWORK INFORMATION CENTER
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com