Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

DDoS Attack Identification Method Based on Access Rhythm Matrix in Application Layer

An attack identification and application layer technology, applied in electrical components, transmission systems, etc., can solve the problems of difficult detection and connection of application layer DDoS attacks, and achieve the effect of high identification rate and high accuracy rate of attacking host IP

Active Publication Date: 2019-01-22
济南百纳瑞信息技术有限公司
View PDF5 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In previous studies, packet length or packet arrival time interval were also used as features for DDoS attack detection, such as [L.Zhou, M.Liao, C.Yuan, and H.Zhang, "Low-rate ddos ​​attack detection using expectation of packet size,” Security and Communication Networks, vol.2017, 2017.] and [S.N.Shiaeles, V.Katos, A.S.Karakos, and B.K.Papadopoulos, “Real time DDoSdetection using fuzzy estimators,” Computers&Security, vol.31, no.6 , pp.782–790, Sep 2012], but in these studies, the packet length and packet arrival time interval are not linked to the application layer, making it difficult to detect application layer DDoS attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDoS Attack Identification Method Based on Access Rhythm Matrix in Application Layer
  • DDoS Attack Identification Method Based on Access Rhythm Matrix in Application Layer
  • DDoS Attack Identification Method Based on Access Rhythm Matrix in Application Layer

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0063] It should be pointed out that the following detailed description is exemplary and intended to provide further explanation to the present application. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs.

[0064] It should be noted that the terminology used here is only for describing specific implementations, and is not intended to limit the exemplary implementations according to the present application. As used herein, unless the context clearly dictates otherwise, the singular is intended to include the plural, and it should also be understood that when the terms "comprising" and / or "comprising" are used in this specification, they mean There are features, steps, operations, means, components and / or combinations thereof.

[0065] figure 1 In the application layer DDoS attack detection and attacking host IP identification system, the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an application layer DDoS attack identification method based on an access rhythm matrix, which is based on a data structure of the access rhythm matrix, uses a variation anomaly degree to carry out attack detection, and uses an outlier point to identify an attack host IP. The time complexity and space complexity of the method are low, and the actual network condition will not be affected. The detection system integrated with the algorithm can be deployed between the nearest routing and the host. The inbound traffic packets can be obtained by port mirroring technology, and the access rhythm matrix can be constructed to detect DDoS attacks at the application layer and identify the attacking host IP.

Description

technical field [0001] The present disclosure relates to the technical field of computer network security, in particular to an application layer DDoS attack identification method based on an access rhythm matrix. Background technique [0002] DDoS attacks cause great harm to the network, especially DDoS flood attacks against application layer protocols, which may directly cause users to be unable to access normally. Compared with other low-level attack modes, this type of attack is more destructive, and it is difficult to be detected by traditional DDoS detection systems. [0003] Current systems for detecting application-layer DDoS attacks can be roughly divided into two categories: one is misuse detection, and the other is anomaly detection. The former detects attacks by matching input data with pre-defined attack signatures, while the latter uses normal behaviors to build a model of legitimate behavior, and if it deviates from this model, it is judged as anomalous behavi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1458
Inventor 王风宇林欢孔健
Owner 济南百纳瑞信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products