Supercharge Your Innovation With Domain-Expert AI Agents!

Method for identifying DDoS (Distributed Denial of Service) reflection amplification attack

An amplifier and message technology, applied in electrical components, transmission systems, etc., can solve the problems of inaccurate identification, high defense cost, inability to distinguish normal requests and illegal requests, etc., to achieve the effect of low impact

Inactive Publication Date: 2018-04-20
成都知道创宇信息技术有限公司
View PDF5 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Existing technologies for reflection attacks are mainly limited by the request threshold per unit time
It has the following deficiencies: 1. The identification is not accurate, and it is impossible to distinguish between normal requests and illegal requests
2. The defense cost is high. When the victim is identified, the traffic has already reached the victim, which has already caused the impact of the attack. Sufficient bandwidth resources are needed to fight against it.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] The present invention will be further described in detail through specific embodiments below. The present invention judges whether the request message is a forged illegal message by verifying the TTL of the request message at an amplifier (Amplifier), and discards the request message if it is, and no longer sends a response message to the victim. The details are as follows:

[0022] 1. After receiving the request message, the amplifier extracts the source IP address and TTL value in the IP header of the message.

[0023] 2. Judging the IP address extracted in step 1, if the IP address is in the blacklist, discard the request directly.

[0024] 3. If the IP address in step 1 is not in the blacklist, then use the IP address as the key (keyword) to save the TTL and request content in the cache in the form of HASH;

[0025] 4. Use the IP address extracted in step 1 as the destination address, and send a TCP connection request message to any port of the address;

[0026] ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for identifying a DDoS (Distributed Denial of Service) reflection amplification attack. The method comprises the steps of extracting a source IP address and a TTL value in an IP head of a message after an amplifier receives a request message; judging extracted IP address, and directly discarding the request if the IP address is in a blacklist; storing the TTL and request content to a cache in an HASH mode by taking the IP address as a keyword if the extracted IP address is not in the blacklist; sending a TCP connection request message to any port of the addressby taking the extracted IP address as a destination address; and waiting for a response message, carrying out processing and comparison according to the response message, and identifying the DDoS reflection amplification attack. According to the method, the request message is verified through the amplifier and an abnormal request is identified and filtered, so a victim is protected.

Description

technical field [0001] The invention relates to the field of DDoS attack protection, in particular to a method for identifying DDoS reflection amplification attacks. Background technique [0002] Reflection attack is a DDoS attack. The attacker (broiler) does not directly attack the victim (target host), but sends a request message with a forged source IP (forged as the victim’s IP) to an open server (amplifier), and then reflected back to the victim through the amplifier. Generally speaking, the amount of data requested is much smaller than the amount of data that the amplifier responds to, resulting in an amplification effect. [0003] Existing technologies for reflection attacks are mainly limited by the request threshold per unit time. It has the following deficiencies: 1. The identification is inaccurate, and it is impossible to distinguish between normal requests and illegal requests. 2. The defense cost is high. When the victim is identified, the traffic has alread...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0236H04L63/1416H04L63/1458
Inventor 陈海洋叶兴张文宇郑斌王猛刘东凯
Owner 成都知道创宇信息技术有限公司
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com