A method and device for defending against denial of service attacks

Abstract

The embodiment of the present application provides a method for defending against DoS attacks, which can be applied to terminal devices including trusted execution environment TEE and rich execution environment REE that are isolated from each other, including: acquiring the client application program running in REE to initiate a service or interface An access request, the access request is used to request a service or resource; the access request is passed to the defense module deployed in the TEE; the defense module decides whether to authorize the access based on the control policy determined according to the access behavior model Request, the access behavior model is obtained after training the access behavior data sets of multiple normal CAs accessing the service / interface through statistical methods or machine learning algorithms. The method provided by the present application can accurately identify and block access requests with potential DoS attack threats, thereby improving device security.

Description

technical field [0001] The present application relates to the security field, and more specifically, relates to a method and device for defending against denial of service (Denial of Service, DoS) attacks. Background technique [0002] In recent years, with the development of the mobile Internet, the number of smart terminal devices has increased dramatically. In order to provide rich functions and scalable properties of smart mobile terminals, terminal devices are usually built on the Rich Execution Environment (REE) that provides an open operating environment. REE is also called a general operating environment, mainly including Rich Operating System (Rich OS) running on general-purpose processors, such as An operating system, and a client application (client application, CA) running on the Rich OS. A major advantage of REE is that users can add applications at any time, however, this open environment also provides avenues for information leakage and malware propagatio...

AI Technical Summary

Problems solved by technology

However, due to the limited hardware and software resources of the TEE, when the CA has a vulnerability or the REE side is rooted, malicious applications can easily use the existing interfaces to frequently call services on the TEE side.

In this case, once all the resources of the TEE are occupied and not released for a long time, a Denial of Service (DoS) attack can be caused, resulting in the unavailability of the services on the REE side and the TEE side, and even the restart of the device.

It can be seen that the possibility of DoS attacks on terminal equipment (REE side and TEE side) is relatively high, which seriously threatens the security of terminal equipment.

Images