A CC protection method based on CDN node logs
A log and node technology, applied in the field of CC protection, can solve problems such as real-time adjustment of defense strength, failure to refer to the performance status of the source server, and failure of the source server to operate normally, so as to reduce the probability and risk of false interception and avoid performance overload Effect
Active Publication Date: 2021-03-19
成都知道创宇信息技术有限公司
View PDF8 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
However, this protection method only considers the defense end (i.e., the performance status of the cloud server) during site use, and does not refer to the performance status of the origin server and adjust the defense in real time; assuming that the cloud load status is normal, but business requests make the origin server load abnormal, then the origin station will still fail to operate normally, so that it will not be able to provide usable services as a whole
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0026] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.
[0027] like figure 1 As shown, a CC protection method based on CDN node logs includes the following steps:
[0028] Step 1: Obtain the IP request information in the CDN node log, and analyze and judge whether it is an attack according to the IP request information;
[0029] Based on the list and attack signature database, the IP request information is analyzed as follows:
[0030] Match the source IP in the IP request information with the blacklist, if the source IP matches any source IP in the blacklist, the output analysis result is "match";
[0031] If the source IP does not match any source IP in the blacklist, the latest access frequency of the source IP will be counted and compared with the source IP access frequency threshold. If it exceeds the source IP access frequency threshold, the output analysis result will be " threshold exceed...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a CC protection method based on a CDN node log, and the method comprises the following steps: 1, obtaining the IP request information in the CDN node log, and carrying out theanalysis and judgment of whether the attack exists or not according to the IP request information; 2, if the request is judged to be normal, and if the request is judged to be attack, extracting features from the IP request information and adding the features into an attack feature library, and then obtaining a cloud performance load and a source station server performance load; 3, comparing the cloud load performance and the source station server load performance extracted in the step 2 with a preset threshold value, and if the cloud performance load and the source station server performanceload are both lower than the preset threshold value, judging that the cloud load and the source station server performance load are normal and not intercepting the cloud load and the source station server performance load; if any load of the cloud performance load and the source station server performance load is judged to be abnormal, intercepting the abnormal IP; interception of different forcesis carried out by combining the cloud end performance state and the source station performance state in the interception process, and the probability and risk of mistaken interception are reduced.
Description
technical field [0001] The invention relates to a CC protection method, in particular to a CC protection method based on a CDN node log. Background technique [0002] CC attack is a common denial-of-service attack technology, which can greatly affect the availability and stability of site services. At present, the main protection strategy of CC is to block cloud vendors after unilateral judgment, without combining the performance load of the origin server; it cannot fully Using resources on the source site or making too many requests arrive at the source site will cause performance overload on the source site; in some special environments (interface requests with high-frequency call characteristics will be judged as attacks with a high probability by CC engine analysis, But for the actual production environment of the origin site, it is the expected normal situation) will lead to false interception. [0003] The existing CC protection is generally based on the IP request in...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/26
CPCH04L43/16H04L63/0236H04L63/1458H04L63/1466
Inventor 王海吉罗立詹科王彦夫徐开红陆永林
Owner 成都知道创宇信息技术有限公司