Device of using intelligent switching of multiple domain names for DDoS (Distributed Denial of Service) attack defence

Abstract

The invention discloses a device of using intelligent switching of multiple domain names for DDoS (Distributed Denial of Service) attack defence. The device includes a domain name acquisition module and a timeout monitoring module disposed at a client, and also includes an attack monitoring device and an intelligent scheduling device disposed at a service end. The domain name acquisition module acquires the at least two available domain names from an available domain name pool of a service end intelligent scheduling device at an interval of time T, one thereof is used as a currently used domain name, and the rest is used as an alternate domain name. The timeout monitoring module monitors time when the client issues a request to the service end. The attack monitoring device carries out real-time monitoring, and determines a domain name under an attack. The intelligent scheduling device schedules the domain name under the attack if the attack monitoring device detects the domain name under the attack. The device of using intelligent switching of the multiple domain names for DDoS (Distributed Denial of Service) attack defence can paralyze an attacker in certain time, prolong time after which an attack is initiated thereby again, increase attack resource and cost consumption of the attacker, increase attack difficulty, reduce impacts caused by the attack, and thus achieve the purpose of defence against the DDoS attack.

Description

technical field [0001] The invention provides a device for preventing DDoS attack, in particular to a device for preventing DDoS attack by intelligently switching multiple domain names. Background technique [0002] The essence of network attack and defense lies in the asymmetry of information and resources between the attacking and defending parties; as a large number of Internet services are accessed using specific clients such as mobile APPs, it is very important to deploy defenses on the client; when attacking a target business system, the attacker will first Stepping on the site is to detect the bearer domain name of the target business to obtain the server IP address, and then launch a DDoS attack on it; for a business system that only provides client access, netizens cannot directly see which domain name the business system uses like accessing through a browser , the attacker must capture and analyze the communication between the client and the server in order to find...

AI Technical Summary

Problems solved by technology

[0002] The essence of network attack and defense lies in the asymmetry of information and resources between the attacking and defending parties; as a large number of Internet services are accessed using specific clients such as mobile APPs, it is very important to deploy defenses on the client; when attacking a target business system, the attacker will first Stepping on the site is to detect the bearer domain name of the target business to obtain the server IP address, and then launch a DDoS attack on it; for a business system that only provides client access, netizens cannot directly see which domain name the business system uses like accessing through a browser , the attacker must capture and analyze the communication between the client and the server in order to find the business bearer domain name; currently, the clients of mainstream Internet services generally only use an official default domain name to provide access, which is easy to be captured and sniffed by Tracking, targeting persistent attacks, disrupting their business

[0003] For example, the anti-DDoS method provided by some defense vendors at the client level is to embed the SDK on the client side, call HTTPDNS, and use a large number of high-defense IPs to quickly switch to mitigate the impact of the attack; however, embedding the SDK requires a lot of manpower in the early stage. Development joint debugging, once the defense vendor is replaced, it needs to be redeveloped, which is costly; and HTTPDNS is used to quickly schedule and switch, the DNS of HTTPDNS has become the scheduling center of the business system, and it is easy to become the target of DDoS concentrated fire "beheading" attacks; use a Once the domain name and the centralized system using HTTPDNS are attacked, the business will be completely interrupted

Images