Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A slow attack detection method and apparatus

A slow attack and detection method technology, which is applied in the field of network communication, can solve the problems of low speed, difficulty in slow attack protection, consumption of server resources, etc., and achieve the effect of reducing the false alarm rate

Active Publication Date: 2018-12-18
杭州迪普信息技术有限公司
View PDF5 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the past, DDoS attacks were mainly single-packet large-flow attacks. In recent years, they have evolved into slow attacks. This slow attack is more concealed. It is a deformation of the normal network protocol and fully meets the protocol requirements. Therefore, Protection against slow attacks is more difficult
[0003] Slow attacks mainly consume server resources by maintaining a connection with the server with a small amount of data and a low rate
The detection of slow attacks in the existing technology mainly judges whether it is a slow attack by detecting attributes such as the size of the requested data, the time and rate of the server response, so there is a certain false positive rate

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A slow attack detection method and apparatus
  • A slow attack detection method and apparatus
  • A slow attack detection method and apparatus

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] In order for those skilled in the art to better understand the technical solutions in the embodiments of this specification, the technical solutions in the embodiments of this specification will be described in detail below in conjunction with the drawings in the embodiments of this specification. Obviously, the described implementation Examples are only some of the embodiments in this specification, not all of them. All other embodiments obtained by persons of ordinary skill in the art based on the embodiments in this specification shall fall within the scope of protection.

[0026] Slow attacks mainly consume server resources by maintaining a connection with the server with a small amount of data and a low rate. It mainly includes three categories: Slow headers, Slow body and Slow read.

[0027] The principle of the Slow headers attack is that because the HTTP header contains some important information that may be used by the application, the server must receive all ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A slow attack detection method and apparatus are disclosed. The slow attack detection method is characterized in that the method comprises: determining a preset attack characteristic for calculating an attack value according to a preset attack value calculation rule; Determining values of each preset attack characteristic in the received message, and calculating an attack value of the message according to the characteristic value; Comparing whether the calculated attack value is greater than the preset attack threshold; Determining the the message is a slow attack message when the calculated attack value is greater than a preset attack threshold value, and calculating a new attack threshold value; wherein the new attack threshold is used for subsequent slow attack detection, and the new attack threshold is not greater than the old attack threshold.

Description

technical field [0001] The embodiments of this specification relate to the technical field of network communication, and in particular, to a slow attack detection method and device. Background technique [0002] With the rapid development of the network, network security issues are also increasing. DDoS (Distributed Denial of Service, Distributed Denial of Service) attack is one of the most powerful and difficult attacks at present, and its main purpose is to make the designated target unable to provide normal services. In the past, DDoS attacks were mainly single-packet large-flow attacks. In recent years, they have evolved into slow attacks. This slow attack is more concealed. It is a deformation of the normal network protocol and fully meets the protocol requirements. Therefore, Protection against slow attacks is more difficult. [0003] Slow attacks mainly consume server resources by maintaining a connection with the server with a small amount of data and a low rate. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1458
Inventor 许雪峰吴庆王树太
Owner 杭州迪普信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com