A detection method and device based on malicious address in ddos ​​attack

An address and malicious technology, applied in the field of network security, can solve the problems of normal user influence, multi-resource consumption, difficulty in making quick responses, etc., to achieve the effect of simple operation and strong versatility

Active Publication Date: 2019-08-30
GUANGZHOU HUADUO NETWORK TECH
View PDF7 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Then, the protocol stack analysis is based on the RFC (Request For Comments, a series of files arranged by number) specification. Since each data packet type basically needs to comply with the RFC specification, the data packets constructed by the attacker through the tool do not conform to the specification. At this time, the attack behavior can be detected through protocol stack analysis, but as the attack escalates, advanced attackers can still construct data packets that conform to the protocol stack specification as much as possible, increasing the difficulty of protocol stack analysis. The analysis tool only It can deal with elementary level attackers, and cannot accurately screen the IP addresses of malicious attacks
Finally, fingerprint recognition has the highest accuracy for identifying DDOS attacks, but requires more resource consumption, and cannot identify new types of attacks that are not included in the fingerprint library, making it difficult to respond quickly when the system host is under attack
[0004] Therefore, although locating the attacker's IP address has practical application value, how to determine malicious IP addresses from a large number of data packet communications and ensure sufficient accuracy, especially to prevent normal access IP addresses from being blacklisted. The influence of normal users is a problem to be solved in the industry

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A detection method and device based on malicious address in ddos ​​attack
  • A detection method and device based on malicious address in ddos ​​attack
  • A detection method and device based on malicious address in ddos ​​attack

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0069] figure 2 It is a flow chart of the first embodiment of a detection method based on a malicious address in a DDOS attack of the present invention, including:

[0070] S101: Obtain a header file of a data packet in a preset time window, and form an N item set from preset N field items in the header file;

[0071] S102: Search for a record containing a subset of the N item set among the candidate sets consisting of the N field items of the header files of several preset data packets;

[0072] S103: Set the minimum support for the number of times or frequencies of the records;

[0073] S104: When the number or frequency of records of any subset of the N-itemset is less than the minimum support, detect the next data packet;

[0074]S105: When the number or frequency of records of the N-itemset and any subset thereof is not less than the minimum support, determine that the current source address of the one data packet is a malicious address.

[0075] image 3 It is a sch...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and device for detecting a malicious address in an attack based on DDOS. The method comprises the steps: obtaining a head file of a data package in a preset time window, and forming an N-item set through N preset field items in the head file; looking up the record comprising the subsets of the N-item set in a candidate set formed by N preset field items in the head files of a plurality of preset data packages; setting the minimum support degree of the number of recording times or the recording frequency; detecting the next data package when the number of recording times or the frequency of any one subset in the N-item set is less than the minimum support degree; and judging that the source address of the current data package is the malicious address when the next data package when the number of recording times or the frequency of any one subset in the N-item set is not less than the minimum support degree. According to the invention, the method can quickly screen out the IP address of a suspected malicious attack, assists a system host to quickly respond to the attack, and protects a network from being palsied.

Description

technical field [0001] The invention relates to the technical field of network security, and more specifically, to a detection method and device based on malicious addresses in DDOS attacks. Background technique [0002] DDOS (Distributed Denial of Service, Distributed Denial of Service) attack refers to the use of client / server technology to combine multiple computers as an attack platform to launch DDOS attacks on one or more targets, thereby multiplying the probability of denial of service attacks. power. Usually, the attacker uses a stolen account to install the DDOS main control program on a computer. At a set time, the main control program will communicate with a large number of agent programs. The agent programs have been installed on many computers on the network. The agent launches an attack when instructed to do so. Using client / server technology, the master control program can activate hundreds of thousands of agent program runs in seconds. [0003] Today's def...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 梁小毅黄斌韩方
Owner GUANGZHOU HUADUO NETWORK TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products