Flood attack detection method capable of accurately determining attack features

A flood attack and attack feature technology, applied to electrical components, transmission systems, etc., can solve problems such as normal business impact and high misjudgment rate, and achieve the effects of ensuring stability, reducing misjudgment, and improving performance

Inactive Publication Date: 2018-03-06
台山市金讯互联网络科技有限公司
View PDF5 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This kind of monitoring method that only counts the number of SYNs has a high misjudgment rate, and it often counts normal business data packets, which has a certain impact on normal business

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Flood attack detection method capable of accurately determining attack features
  • Flood attack detection method capable of accurately determining attack features
  • Flood attack detection method capable of accurately determining attack features

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] Please also see Figure 1 to Figure 3 , figure 1 is a schematic diagram of the network topology deployed by the monitoring device in the present invention, figure 2 is a flowchart of the present invention, image 3 yes figure 2 The flowchart of step S2 in.

[0021] See figure 1 and figure 2 , a flood attack detection method for accurately determining attack characteristics, comprising the following steps:

[0022] S1: Set up a monitoring device at the entrance of the network. The monitoring device includes a forwarding module, a blocking module, and a statistical module for IP data packets. The data packet blocking and statistics module at the terminal monitors and counts various data packets entering the monitoring device;

[0023] S2: the monitoring device monitors the data message of the unidirectional flow into the monitoring device, and forwards or blocks the IP packet according to the monitoring result, and this step S2 includes the following steps (see ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention discloses a flood attack detection method capable of accurately determining attack features. The method comprises the steps that: S1: a monitoring device is arranged at a networkaccess; and S2: the monitoring device monitors a data message and forwards or blocks an IP data packet according to a monitoring result. The S2 further comprises the steps that: S21: the monitoring device creates a first Hash array, a first counter, a second Hash array and a second counter; S22: the monitoring device collects information of an SYN (Synchronize) data packet as a first Hash value,and stores the first Hash value, a counting value of the first counter and a source address into the first Hash array; S23: the monitoring device collects information of an ACK (Acknowledgment) data packet as a second Hash value, and stores the second Hash value, a counting value of the second counter and the source address into the second Hash array; and S24: the monitoring device performs retrieval and comparison to obtain an attach source. The flood attack detection method capable of accurately determining attack features performs comparison of the first Hash value, the second Hash value and the counters to determine and obtain an attack source address, and therefore, network safety and stability of a server can be effectively guaranteed.

Description

technical field [0001] The invention relates to the field of flood attack detection, in particular to a flood attack detection method for accurately determining attack characteristics. Background technique [0002] SYN flood attack (SYN_FLOOD) is one of the well-known denial-of-service attacks (DOS) and distributed denial-of-service attacks (DDos), which utilizes the defects of the TCP / IP v4 protocol to send a large number of forged TCP connection requests, Force the server to send a large number of SYN+ACK response packets in a short period of time, thus exhausting server resources (full CPU or insufficient memory). The establishment of a TCP connection starts with a three-way handshake. 1) The client will send a TCP message containing the Synchronize (SYN) flag. The synchronization message will include the source address, source port, destination address, and destination port. , initial serial number and other information; 2) After receiving the synchronization message fr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/1458
Inventor 袁兴飚
Owner 台山市金讯互联网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap