HTTP flood attack defense method and system

A flood attack and defense system technology, applied in transmission systems, electrical components, etc., can solve problems such as inability to effectively defend against flood attacks

Inactive Publication Date: 2019-07-09
西安交大捷普网络科技有限公司
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] In order to overcome the problem that the above-mentioned existing defense methods cannot effectively defend against HTTP flood attacks,

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • HTTP flood attack defense method and system
  • HTTP flood attack defense method and system
  • HTTP flood attack defense method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0049] Such as figure 2 As shown, the verification process for normal users,

[0050] First, the defense device intercepts the first HTTP request of a normal user (request to visit "www.xxx.com"), records the original URL and discards the message.

[0051] Second, the verification process includes:

[0052] After a normal user re-initiates a request, the defense device transforms the retransmitted message, adds a random verification code, and redirects the request to the verification interface;

[0053] Normal users enter the correct verification code in their browser and submit it to the defense device for verification. If the verification passes, the normal user (device) information will be added to the dynamic white list;

[0054] The defense device redirects the saved original URL (initial target URL) of the normal user to the user.

[0055] Finally, normal access is realized between the user and the server, because the user (device) has been added to the whitelist, an...

Embodiment 2

[0057] Such as image 3 As shown, the defense process against attackers.

[0058] First, the defense device intercepts the attacker's first HTTP request (request to visit "www.xxx.com"), records the original URL and discards the message.

[0059] Second, the defense process includes:

[0060] After the attacker re-initiates the request, the defense device transforms the retransmitted message, adds a random verification code, and redirects the request to the verification interface;

[0061] Because the HTTP flood message sent by the attacker does not have the function of viewing the corresponding verification code or returning the correct random verification code, but repeatedly initiates requests to access "www.xxx.com";

[0062] Because the correct verification code was not sent back, the attacker (device) could never pass the verification of the defense device, and the defense device discarded the request packets initiated by it;

[0063] If the attacker (device) still fa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention aims to provide an HTTP flood attack defense method and system. An HTTP 302 redirection principle is used, the attack and the normal request are identified by verifying the legality of the returned message of the client; a normal user can receive and return a correct verification code to the defense equipment for verification, and the attack tool does not have the function of responding to a redirection message or returning the correct verification code, so that the HTTP Flood flow in the mixed flow can be completely filtered, and the use of the normal user is not hindered.

Description

technical field [0001] The invention belongs to the technical field of computer network security, in particular to a method and system for defending against HTTP-type distributed denial-of-service attacks. Background technique [0002] The development of the Internet has brought about the acceleration of the informatization process of all walks of life, and has also brought earth-shaking changes to people's lives, but it is accompanied by security problems caused by various network attacks. Distributed denial of service attack (DDos: Distributed Deny of Service) is a common and highly destructive attack that is difficult to prevent and trace. Simply put, attackers generate large-scale illegal Requests or junk data with the intention of flooding the target server or network. [0003] HTTP service (Hyper Text Transfer Protocol, Hyper Text Transfer Protocol, referred to as "HTTP") is one of the most basic and main service types. Attacks on HTTP services will cause users to fai...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/101H04L63/1441H04L67/02H04L67/146H04L69/16
Inventor 刘彦伯何建锋
Owner 西安交大捷普网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap