Traffic attack protection method and system, traffic attack protection control device and traffic attack protection processing device

一种流量攻击、处理系统的技术,应用在网络安全领域,能够解决降低DDoS防护系统可靠性和稳定性、CPU冲击、降低封堵流量时效性等问题,达到提升稳定性和可维护性、减少需求、提升时效性和可靠性的效果

Active Publication Date: 2018-02-27
TENCENT TECH (SHENZHEN) CO LTD
View PDF5 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the additional intermediate module for blocking, the timeliness of the current DDoS protection system to block traffic is reduced; and in the scenario of frequent DDoS attacks in a short period of time, since a large number of blackhole routes need to be frequently configured on the device for blocking, therefore It will have a great impact on the CPU of some devices, reducing the reliability and stability of the DDoS protection system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Traffic attack protection method and system, traffic attack protection control device and traffic attack protection processing device
  • Traffic attack protection method and system, traffic attack protection control device and traffic attack protection processing device
  • Traffic attack protection method and system, traffic attack protection control device and traffic attack protection processing device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0053] This embodiment describes the perspective of the traffic attack protection device. The protection device can protect and control the traffic attack, so it can also be called the traffic attack protection control device. The protection control device may be integrated in a controller, such as an SDN controller.

[0054] A traffic attack protection method, comprising: establishing a neighbor relationship with a border router at a traffic entrance, and then receiving a traffic attack protection request sent by an intrusion detection system at the traffic entrance, the traffic attack protection request carrying a traffic attacked target Network address, generate corresponding routing information according to the traffic attack protection request, the routing information includes the target network address and routing address information, send the routing information to the border router based on the neighbor relationship, so that the border router The traffic corresponding ...

Embodiment 2

[0094] This embodiment will describe another traffic attack protection method from the perspective of another traffic attack protection device. The protection device can protect traffic attacks, so it can also be called a traffic attack protection processing device. The protective processing device may be integrated in a border router, or other border routing devices located at the traffic ingress.

[0095] A method for defending against traffic attacks, comprising: establishing a neighbor relationship with a controller, and then receiving routing information sent by the controller based on the neighbor relationship, the routing information including routing address information and a target network address where traffic is attacked, according to the The routing information performs protective processing on the traffic corresponding to the target network address.

[0096] Such as image 3 As shown, a traffic attack protection method, the specific process is as follows:

[009...

Embodiment 3

[0127] According to the methods described in Embodiments 1 and 2, examples will be given below for further detailed description.

[0128] In this embodiment, description will be made by taking the traffic attack protection control device integrated in the controller and the traffic attack protection processing device integrated in the border router as an example.

[0129] Such as Figure 4a As shown, the protection system of a kind of traffic attack comprises: optical splitter, intrusion detection system IDS, controller, DDoS cleaning system and border router at the entrance of network flow; Wherein, optical splitter and ISP (Internet ServiceProvider, Internet Service Provider) Connection, the border router is connected with IDC (Internet Data Center, Internet Data Center).

[0130] The following will be based on Figure 4a The system shown is used to introduce the protection method provided by the embodiment of the present invention, such as Figure 4b As shown, a traffic ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses a traffic attack protection method and system, a traffic attack protection control device and a traffic attack protection processing device. According to theembodiment of the invention, a neighbourship is established with a border router at a traffic entrance; a traffic attack protection request sent by an intrusion detection system at the traffic entrance is received, wherein the traffic attack protection request carries a target network address of which traffic is attacked; corresponding routing information is generated according to the traffic attack protection request, wherein the routing information comprises the target network address and routing address information; and the routing information is sent to the border router based on the neighbourship, so the border router carries out protection processing on the traffic corresponding to the target network address according to the routing information. According to the scheme, the reliability, stability, maintainability and protection timeliness of the traffic attack protection system can be improved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a traffic attack protection method, control device, processing device and system. Background technique [0002] With the development of Internet technology and popularization of applications, multi-service systems on the network are facing more and more complex network attacks. Among them, DDoS (Distributed Denial of Service) is a more serious network attack. Attack behavior, which uses a large number of puppet machines to launch attacks on a system at the same time, making the attacked system unable to support normal business access due to bandwidth congestion or server resource exhaustion. [0003] At present, in order to protect against DDoS attacks, service providers usually deploy a set of DDoS protection systems at each network traffic entrance in a distributed manner, and implement DDoS protection through DDoS monitoring, cleaning and blocking. [0004] refer to ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L45/02
CPCH04L63/1416H04L63/1425H04L63/1458H04L45/04H04L45/02H04L63/1408H04L63/0236H04L45/036H04L63/1441H04L63/0227H04L43/04H04L43/106H04L41/142
Inventor 米鹏辉陆素建
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap