Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method of attack defense, network equipment and computer storage medium

A network equipment and equipment technology, applied in the field of network communication, can solve the problems of inability to filter attack packets, maintenance difficulties, network abnormalities, etc., and achieve the effect of improving attack defense capabilities

Active Publication Date: 2020-05-22
RUIJIE NETWORKS CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] For the first method, the source address, destination address, and IP port number of the network attack may be forged, so all attack packets cannot be filtered through the ACL; and maintenance is difficult; and with the increase in the number of ACL increase, the processing performance of the egress gateway device will gradually decrease
[0008] For the second method, the situation of each IP may be different, so how many limit values ​​to set for each IP cannot be determined, and it also brings about abnormal network problems caused by improper configuration
[0009] Obviously, no matter whether the above-mentioned first method or the second method is adopted, due to the performance degradation of the egress gateway device or the problem of network abnormality during the attack defense, the attack defense capability of the egress gateway device will be reduced, or even useless.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method of attack defense, network equipment and computer storage medium
  • A method of attack defense, network equipment and computer storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0055] The invention provides an attack defense method and network equipment, which are used to improve the attack defense capability of the network equipment.

[0056] The technical solution in the embodiment of the present application is to solve the above-mentioned technical problems, and the general idea is as follows:

[0057] An attack defense method is provided, which is applied to network devices, including: the network device obtains the historical actual new rate of IP devices in each specified sampling period according to historical session records; wherein, the historical actual new rate in a sampling period The rate is the number of new sessions between the network device and the IP device within a sampling period; the network device calculates the estimated new rate of the IP device within the specified time range based on all the actual new rates obtained; the network device calculates the estimated new rate of the IP device according to the preset value rules an...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an attack defense method, network equipment and a computer storage medium, which are used for improving attack defense capability of the network equipment. The method comprisesthe steps that the network equipment respectively acquires a historical actual new establishment rate of IP equipment in each specified sampling period according to historical session records, wherein the historical actual new establishment rate in one sampling period is the number of new establishment sessions of the network equipment and the IP equipment in one sampling period; the network equipment computes an estimated new establishment rate of the IP equipment within a specified time range based on all acquired actual new establishment rates; the network equipment selects a target rate threshold of the IP equipment from a preset rate threshold set according to a preset value rule and the estimated new establishment rate, wherein the rate threshold set comprises N rate thresholds; andwhen the network equipment determines that the current actual new establishment rate of the IP equipment exceeds the target rate threshold, the network equipment discards a data packet needing to beforwarded to the IP equipment.

Description

technical field [0001] The invention relates to the technical field of network communication, in particular to an attack defense method, network equipment and computer storage medium. Background technique [0002] With the increasing popularity of the network, the security of the network has become an issue that people are more and more concerned about. This makes the gateway device responsible for data interaction with the external network, sometimes called the egress gateway device, more and more equipped with certain functions in the case of integrated behavior management, flow control, application identification and other functions. Attack defense capabilities to protect devices in the LAN from network threats from the external network as little as possible. [0003] In the prior art, there are two main ways for the egress gateway device to defend against attacks: [0004] The first method is to select packets at the network layer according to an access control list (A...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/26
CPCH04L43/0894H04L43/16H04L63/1416H04L63/1441
Inventor 魏逢一
Owner RUIJIE NETWORKS CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com