DoS(denial of service)/DDoS(distributed denial of service) attack detection method and device
By calculating the overall traffic thresholds in different time intervals based on the historical traffic data of the business, accurate DoS/DDoS attack detection is performed, which solves the problem of missed and wrong detection of attacks in traditional methods, and improves the accuracy of detection and business stability.
Active Publication Date: 2017-02-15
PING AN TECH (SHENZHEN) CO LTD
View PDF7 Cites 23 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
The above-mentioned simple attack detection through a fixed traffic threshold is likely to cause missed attack detection and attack false detection, that is, the business platform service instability caused by unnecessary cleaning of normal traffic, and the malicious consumption of resources caused by missed attack detection even system crashes
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreExamples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0053] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.
[0054] Such as figure 1 As shown, in one embodiment, an application environment diagram of a DoS / DDoS attack detection method is provided, the application environment diagram includes a terminal 110 and a server 120, wherein the terminal 110 can be a smart phone, a tablet computer, a notebook computer, At least one type of desktop computer, but not limited to. The server 120 may be an independent physical server, or may be a server cluster composed of multiple physical servers. The terminal acquires the operation events that the user acts on the business terminal page, that is, user behavior inform...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The present invention relates to a DoS(denial of service) / DDoS(distributed denial of service) attack detection method. The method includes the following steps that: the flow data of preset services during a set time period are acquired, wherein the flow data are corresponding relation data of the overall flow data of the services during the set time period and time; corresponding overall flow threshold value data of the services during different time intervals are calculated according to the historical flow data of the services, the larger the historical flow data of the time intervals are, the larger corresponding service overall flow threshold values are; time intervals corresponding to the obtained flow data are determined, overall flow threshold value data corresponding to the time intervals are searched according to the determined time intervals; and the overall flow data of the services, which are contained in the flow data, are compared with the found overall flow threshold value data, if a time period when the overall flow data exceed the overall flow threshold value data is larger than a set value, and attack detection is performed on the services. With the above method adopted, attack detection can be more accurate.
Description
technical field [0001] The invention relates to the technical field of computer network security, in particular to a DoS / DDoS attack detection method and device. Background technique [0002] Denial of Service (DoS) attack and distributed denial of service (Distributed Denial of Service, DDoS) attack are both a network attack that prevents legitimate users from accessing services normally. The essence of a DoS / DDoS attack is to continuously send a large number of useless A malicious attack in which packets occupy the bandwidth and host resources of the target and generate huge attack traffic. Accurate and timely attack detection is crucial to ensure network security and ensure the normal operation of services. [0003] The traditional method for DoS / DDoS attack detection is generally to set a fixed traffic threshold based on experience, and when it is detected that the traffic of the business exceeds the set traffic threshold, the traffic is cleaned. The above-mentioned si...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/1458H04L43/0876H04L43/16
Owner PING AN TECH (SHENZHEN) CO LTD