Method and device for determining DDoS attack devices

A technology of attacking equipment and scheduling time, which is applied in the computer field, can solve problems such as poor user experience and failure to identify equipment equipped with DDoS attacks, and achieve the effect of improving user experience

Active Publication Date: 2018-09-28
NSFOCUS INFORMATION TECHNOLOGY CO LTD +1
View PDF6 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The embodiment of the present invention provides a method and device for determining a DDoS attack device, which is used to solve the technical problem that the

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for determining DDoS attack devices
  • Method and device for determining DDoS attack devices
  • Method and device for determining DDoS attack devices

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0043] Embodiment 1 of the present invention provides a method for determining a DDoS attack device, which is used to solve the technical problems that the method for determining a DDoS attack device in the prior art cannot identify a DDoS attack device with a complete protocol stack behavior and has poor user experience. This method can be applied to the attacked device (such as the server) itself, and can also be applied to the protection device specially set at the front end of the attacked device, which is not specifically limited in the embodiment of the present invention.

[0044] refer to figure 2 , the method for determining the DDoS attack device includes:

[0045] Step 101: When receiving HTTP requests sent by N clients, acquire the feature value of each of the N clients.

[0046] Specifically, each client has only one eigenvalue, and the eigenvalue of the client represents the characteristics of the application that the client initiates the HTTP request and / or the...

Embodiment 2

[0063] Embodiment 2 of the present invention provides a method for determining a DDoS attacking device, and the overall inventive concept of the method is the same as that of Embodiment 1. The difference is that the characteristic value of the client in the second embodiment refers to the characteristic information of the client, and there can be multiple characteristic values ​​(i.e. characteristic information) of each client; while the characteristic value in the above-mentioned embodiment 1 is based on the multiple items of the client A value calculated from characteristic information, and a client has only one characteristic value. The complete implementation process of Embodiment 2 of the present invention is introduced below:

[0064] Step 1: Obtain at least one feature value of each of the N clients when receiving the HTTP requests sent by the N clients.

[0065] Among them, a characteristic value of the client is a characteristic information of the client, including b...

Embodiment 3

[0072] Embodiment 3 of the present invention provides a device for determining a DDoS attack device, refer to image 3 , the device consists of:

[0073] A receiving unit 201, configured to receive HTTP requests sent by N clients;

[0074] The processing unit 202 is configured to obtain a characteristic value of each client among the N clients, the characteristic value characterizing the characteristics of the application that the client initiates the HTTP request and / or the operating environment of the application and / or the hardware of the client ;Dividing each client with the same characteristic value into the same category, counting the traffic of each individual client within a predetermined time range; when determining that the traffic of any type of client within a predetermined time range exceeds the first threshold, Determining any type of client as a DDoS attack device.

[0075] Optionally, the device further includes a first sending unit 203;

[0076] The first s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiments of the present invention provide a method and device for determining DDoS attack devices. The invention aims to solve the technical problem of the failure of a method for determining DDoS attack devices in the prior art to identify a DDoS attack device having a complete protocol stack behavior and the technical problem of poor user experience. The method of the prevent invention includes the following steps that: when HTTP requests sent by N clients are received, the feature values of each of the N clients are obtained, wherein the feature values characterize applications requested by the HTTP requests initiated by the clients and/or the operating environments of the applications and/or the features of the hardware of the clients; clients with the same feature values are grouped into the same category, and the traffic of each category of clients within a predetermined time range is put into statistics; and when it is determined that the traffic of any one category of clients within the predetermined time range exceeds a first threshold, the clients of the corresponding category are determined as DDoS attack devices.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a method and device for determining DDoS attack equipment. Background technique [0002] Distributed Denial of Service (Distributed Denial of Service, DDoS) attack refers to the use of client / server technology to combine multiple computers as an attack platform to launch a DDoS attack on one or more targets, thereby multiplying the denial of service attack. power. [0003] In the prior art, the technical solution adopted to protect against DDoS attacks is generally to check whether the browser capabilities of the client are complete, such as using JavaScript, cookie and other verification methods to verify whether the client has normal JavaScript computing capabilities and normal hypertext transmission. Protocol (HyperText Transfer Protocol, HTTP) response behavior, etc. However, these existing methods can only detect DDoS attack devices with incomplete protocol stack behavio...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCG06F21/56H04L63/1425H04L63/1458
Inventor 张磊叶晓虎何坤
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap