Unlock instant, AI-driven research and patent intelligence for your innovation.

DDOS attack defense security system and method based on SDN architecture

An SDN architecture and DDOS technology, applied in the field of network security, can solve the problems of ineffective defense against DDOS, processing resources unable to respond to legitimate users normally, server network paralysis, etc., to reduce pressure, protect against DDOS attacks, and improve efficiency.

Active Publication Date: 2017-08-04
深圳市丰源芯科技产业控股有限公司
View PDF5 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the end, the victim host or server consumes a large amount of processing resources to process these sudden requests and cannot respond to legitimate user requests normally, resulting in the paralysis of the server and even the entire network.
[0007] Up to now, experts in the industry at home and abroad and major Internet companies have conducted a lot of in-depth research on DDOS attack detection in the network, and have also proposed solutions to deal with DDOS, but these solutions are still not very effective in defending against DDOS. The number, size, and type of DDOS attacks have continued to surge over the past few years

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDOS attack defense security system and method based on SDN architecture
  • DDOS attack defense security system and method based on SDN architecture
  • DDOS attack defense security system and method based on SDN architecture

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] In order to deepen the understanding of the present invention, the present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments, which are only used to explain the present invention and do not limit the protection scope of the present invention.

[0027] like figure 2 and Figure 5A DDOS attack defense network security system based on SDN architecture, comprising an SDN switch and a cleaning server, wherein the SDN switch includes a data packet information extraction module, a decision processing module, a message forwarding module, a packet information database, a legal IP address database, An illegal IP address database, the cleaning server includes a data packet unpacking module, a feature matching module, a similarity coefficient detection module, a global traffic statistics module, and a data packet packet processing module.

[0028] like image 3 , Figure 4 and Image 6 As shown, the terminal compu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a DDOS attack defense security system based on a SDN architecture. The system comprises the a SDN switch for receiving a resource request from a client, the first-layer DDOS detection processing is performed on the received request data packet so as to deliver the data packet which cannot be confirmed as legal to a cleaning server to process; the cleaning server performs fine grain processing on the data packet forwarded from the SDN switch, analyzes the data packet through an algorithm, and forwards the processed data to the SDN switch once again; the SDN switch performs the second processing on the data packet according to a detection result of the cleaning server; a Web server is a target server of the request resource of the client, when the data packet forwarded by the switch is processed by the cleaning server, the cleaned data packet can be forwarded to the Web server accessed by the user request resource through the SDN switch, the Web server receives the data packet and performs the corresponding processing.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a network security system and method for DDOS attack defense based on SDN architecture. Background technique [0002] DOS (Denial of Service, denial of service) attack means that the attacker uses a large amount of data to "flood" the target host, exhaust the available resources of the target host until the host system crashes, and finally cause the target host to be unable to provide services for normal users (such as WEB pages Serve). Early denial-of-service attacks were mainly aimed at stand-alone machines with relatively weak processing capabilities, such as personal PCs, or websites with narrow bandwidth connections. It has little impact on servers with high-bandwidth connections and high-performance equipment. This is mainly because early DOS attackers often fought alone, and it was difficult to create a "large amount" of attack data alone in a short period of tim...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/801H04L12/823H04L29/06H04L47/32
CPCH04L47/12H04L47/32H04L63/0236H04L63/1458
Inventor 毛其林周陆宁徐相娟
Owner 深圳市丰源芯科技产业控股有限公司