Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and device for detecting flood attacks

A flood attack and attack source technology, applied in transmission systems, electrical components, etc., can solve problems such as increasing the cost of LAN and failing to detect attack packets.

Active Publication Date: 2020-07-07
HANGZHOU DPTECH TECH
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, when the attack packets are only forwarded in the Layer 2 network, the network devices at the aggregation layer or the core layer cannot detect the attack packets
In order to solve the above problems, it is usually possible to deploy a security device connected to the access switch, and the security device detects the packets forwarded by the access switch to determine the source of the attack, which will increase the cost of the LAN

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for detecting flood attacks
  • A method and device for detecting flood attacks
  • A method and device for detecting flood attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0067] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the embodiments of the present invention more obvious and understandable, the following describes the existing technical solutions and the present invention in conjunction with the accompanying drawings. The technical solutions in the embodiments of the invention are described in further detail.

[0068] In the prior art, the network equipment at the aggregation layer or the core layer usually detects the attack source of the flood attack in the local area network. see figure 1 , is a network architecture diagram of a local area network shown in this application, such as figure 1 As shown in the figure, when a computer in the local area network has a virus, it becomes the source of the attack and sends a large number of attack packets to other computers or servers. In ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The application provides a method and device for detecting flood attack. The method and device are applied to an access witch of a local area network (LAN), and the method comprises the following steps: updating initiated session number in a user entry of a user table according to a source IP of a session entry in a session table; updating abnormal session number in the user entry of the user table according to a session state of the session entry in the session table and the session establishing time; periodically traversing the user table, determining whether the initiated session number ofeach user entry achieves a preset first threshold, and determining whether the abnormal session number of each user entry achieves a preset second threshold; if the initiated session number of each user entry achieves the first threshold or the abnormal session number of each user entry achieves the second threshold, determining the IP address in the user entry as the IP address of an attack source. Through the method provided by the application, the access switch troubleshoots the attack source of the flood attack, the security and the reliability of the network are improved under the condition of not increasing the cost of the LAN.

Description

technical field [0001] The present application relates to the field of security protection, in particular to a method and device for detecting flood attacks. Background technique [0002] After a computer or server in the LAN is infected with a virus, it will often become an attack source in the LAN, sending a large number of attack packets to other computers or servers in the LAN, causing a flood attack. The common one is TCP SYN Flood (Transmission Control Protocol Synchronize Flood, Transmission Control Protocol synchronous flood attack) message, UDP Flood (User Datagram Protocol Flood, user data packet protocol flood attack) message and ICMPFlood (Internet Control Message Protocol Flood, control message protocol flood attack) message, etc. These attack packets will reduce the communication efficiency in the LAN, or even disconnect the network, and may also paralyze the server facing the external network in the LAN, unable to provide services. Therefore, after a flood at...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 杜剑锋
Owner HANGZHOU DPTECH TECH