Large-scale DDoS attack detection and defense system based on cloud + end device on-demand linkage mode, and defense method

Abstract

The invention relates to the technical field of network cloud security protection, and specifically relates to a large-scale DDoS attack detection and defense system based on a cloud + end device on-demand linkage mode. The system comprises a cloud platform defense system and a local end defense system, the cloud defense system comprises a cloud scheduling center, a cloud cleaning node device anda DNS near-source resolution server, and the local end defense system is used for performing fine-granularity cleaning protection for access service server traffic, performing cooperative processing with the cloud cleaning node device and performing message forwarding. Relative to single local end defense system protection, the large-scale DDoS attack detection and defense system provided by the invention can take advantages of high-capacity cleaning capability of cloud distributed cleaning nodes, and can break anti-D defense bottleneck of local bandwidth limit; and relatively to single continuous access cloud protection, the large-scale DDoS attack detection and defense system provided by the invention can realize more comprehensive defense to DDoS attacks and better cleaning effects through cloud node distributed cleaning and secondary fine filtering of the local end defense system.

Description

technical field [0001] The invention relates to the technical field of network cloud security protection, in particular to a large-scale DDoS attack detection and defense system and defense method based on the on-demand linkage mode of cloud + terminal equipment. Background technique [0002] With the continuous expansion of Internet bandwidth, the rapid development of the Internet of Things and the rapid popularization of IOT (Internet of Things) devices, the Internet of Everything era brings convenience to everyone and creates extremely favorable conditions for DDoS attacks. Recently, incidents of using Memcached servers to implement reflective DDOS attacks have shown a sharp increase. According to the latest findings from CNCERT, as of Q1 2018, the recorded real attack traffic has reached 1.98Tb. Frequent DDoS attacks of several gigabytes can cause most government The network bandwidth of enterprise users is congested and services are paralyzed. At the same time, various...

AI Technical Summary

Problems solved by technology

[0004] 1. Single local protection: Due to the limitation of user access bandwidth and protection cost, when attacked by hundreds of megabytes, the network bandwidth of most users can be unbearable, and hackers can easily launch attacks and fill up customer exits in a short time 2. Single cloud service provider protection: cloud cleaning service solves the problem of large-traffic DDoS attack users, but cloud cleaning service is essentially due to the provision of cleaning The service providers of the service use a set of protection equipment to provide general DDoS protection services for all users, and cannot tailor strategies and protection mechanisms for each user's business type, characteristics, attack type, etc. Unopened or semi-paralyzed business conditions will eventually lead to either a large number of false seals or no protection at all; 3. Single IDC protection: The IDC computer room provides infrastructure for users, and solves some large-traffic DDoS attacks on the egress border. However, due to IDC's own export restrictions, and in order to ensure the stability of the large network environment, IDC usually adopts linkage with the operation end to block IP when the user's attack reaches a certain amount. At the same time, IDC uses a set of protection equipment to provide common DDoS for all users For protection services, the joint impact of policies among users may lead to a large number of blocking, regardless of IP blocking or sharing policies, it will eventually lead to abnormal user services.

[0005] Almost all financial companies, online games, Internet / Internet+, government online business platforms, etc., even the websites of schools and public welfare organizations are not immune to the threat of DDOS attacks, followed by complaints, legal disputes, business A series of problems, such as losses, have greatly affected the normal business activities of the company, and the inability to carry out business has brought a huge impact on the brand, not to mention, and even caused the company to close down.

Due to the obvious shortcomings of traditional solutions, it is difficult to provide users with a perfect anti-D solution. Therefore, solving the problem of DDoS attacks has become a top priority for online business service providers

Images