Anti-large-scale DDoS attack defense system and defense method based on cloud + end device continuous linkage mode

Abstract

The invention relates to the technical field of network cloud safety protection and specifically relates to an anti-large-scale DDoS attack defense system based on cloud + end device continuous linkage mode, which comprises a cloud platform defense system and a local end defense system. The cloud platform defense system comprises a cloud scheduling center, a cloud cleaning node, a DNS near-sourceresolution server. Compared with the single local hardware end device defense, the system in the invention can use the advantages of large-capacity cleaning capability of the cloud distributed cleaning nodes and break through the anti-D defense bottle neck of local bandwidth limit; compared with the single continuous access cloud defense, cloud node distributed cleaning and secondary fine filtering of the local end defense system can be used to achieve more comprehensive DDoS attack defense and better cleaning effect; compared with the single continuous access cloud defense, the system and themethod in the invention convert the data between the cloud cleaning node device and the local end defense system based on four-layer protocol port processing and based on a seven-layer protocol proxyprocessing mode, which is more rapid.

Description

technical field [0001] The invention relates to the technical field of network cloud security protection, in particular to a large-scale DDoS attack defense system and defense method based on a continuous linkage mode of cloud + terminal equipment. Background technique [0002] With the continuous expansion of Internet bandwidth, the rapid development of the Internet of Things and the rapid popularization of IOT (Internet of Things) devices, the Internet of Everything era brings convenience to everyone and creates extremely favorable conditions for DDoS attacks. Recently, incidents of using Memcached servers to implement reflective DDOS attacks have shown a sharp increase. According to the latest findings from CNCERT, as of Q1 2018, the recorded real attack traffic has reached 1.98Tb. Frequent DDoS attacks of several gigabytes can cause most government The network bandwidth of enterprise users is congested and services are paralyzed. At the same time, various DDoS attack to...

AI Technical Summary

Problems solved by technology

[0004] 1. Single local defense: Due to the limitation of user access bandwidth and defense cost, when attacked by hundreds of megabytes, the network bandwidth of most users can be unbearable, and hackers can easily launch attacks to fill up user exits in a short time Bandwidth, resulting in network exit or local network congestion, online business can not carry out normal services;

[0005] 2. Defense against a single cloud service provider: cloud cleaning service solves the problem of heavy traffic DDoS attack users, but cloud cleaning service is essentially due to the fact that service providers providing cleaning services use a set of defense equipment to provide common DDoS defense services for all users , it is impossible to tailor strategies and defense mechanisms for each user's business type, characteristics, attack type, etc., and there will still be situations where the service is often unavailable or the business is half-paralyzed, eventually resulting in either a large number of false seals or fundamental indefensible effect;

[0006] 3. Single IDC defense: The IDC computer room provides infrastructure for users,

Images