Unlock instant, AI-driven research and patent intelligence for your innovation.

Flow log based DDoS attack event detection method and system

A technology of attack events and detection methods, applied in the fields of big data analysis and network security, can solve the problems of huge storage overhead and loading overhead, and achieve the effects of narrowing the scope, saving storage space, and reducing overhead

Active Publication Date: 2018-10-26
长安通信科技有限责任公司 +1
View PDF7 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, storing the baseline level of all IP addresses will cause huge storage overhead and loading overhead

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Flow log based DDoS attack event detection method and system
  • Flow log based DDoS attack event detection method and system
  • Flow log based DDoS attack event detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] In order to make the above-mentioned features and advantages of the present invention more comprehensible, the following specific embodiments are described in detail in conjunction with the accompanying drawings.

[0033] This embodiment provides a method for detecting DDoS attack events based on traffic logs, such as figure 1 As shown, the steps include:

[0034] 1) Determine the statistical period, select a value between 1 second and 1 hour, determine the traffic threshold 2Mbps≤2T1≤T2≤500Mbps, and determine the ratio value R≤0.5;

[0035] 2) Routinely count the network traffic values ​​received by all IPs in each statistical period;

[0036] 3) Store IPs whose traffic exceeds the threshold T1 and their corresponding traffic values ​​in a single statistical period as traffic records;

[0037] 4) Filter out the IP collection whose current traffic value received in the current statistical period exceeds T2;

[0038] 5) for each IP in the IP set and its corresponding ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a flow log based DDoS attack event detection method and system. The method includes the following steps: determining statistics periods, reading massive network flow logs in each statistics period, and counting network flow values of all concerned IPs received in the statistics periods; storing the IP whose flow received in the single statistics period exceeds a threshold value T1 and a corresponding flow value as a flow record; screening an IP set whose current flow received in the current statistics period exceeds a threshold value T2; and, for each IP in the IP set, reading the historical flow values of the IP in the flow record, judging that the IP suffers DDoS attacks if the historical flow values of the IP do not exist or are R times less than the current flowvalues. A flow log based DDoS attack event detection system is also provided.

Description

technical field [0001] The invention relates to the fields of network security, big data analysis, etc., and in particular to a method and system for discovering DDoS attack events based on massive traffic logs of a large network. Background technique [0002] Distributed Denial of Service (DDoS: Distributed Denial of Service) attack refers to the use of client / server technology to combine multiple computers as an attack platform to launch DDoS attacks on one or more targets, thereby multiplying the probability of denial of service attacks. power. Usually, an attacker uses a stolen account to install a DDoS master program on a computer. At a set time, the master program will communicate with a large number of agents, which have been installed on many computers on the network. The agent launches an attack when instructed to do so. Using client / server technology, the master control program can activate hundreds of thousands of agent program runs in seconds. [0003] DDoS at...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1458
Inventor 李明哲刘丙双涂波张洛什尚秋里苗权康春建刘鑫沛李传海戴帅夫张建宇
Owner 长安通信科技有限责任公司