Method and device for identifying DDOS attack data stream

A DDOS and data flow technology, applied in the field of identifying DDOS attack data flow, can solve the problems of false alarms of detection equipment and inability to parse out detection equipment.

Active Publication Date: 2019-09-20
NEW H3C SECURITY TECH CO LTD
View PDF7 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, based on the above processing methods, the detection device cannot parse out the information that

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for identifying DDOS attack data stream
  • Method and device for identifying DDOS attack data stream
  • Method and device for identifying DDOS attack data stream

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0055] The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0056] The embodiment of the present invention provides a method for identifying DDOS attack data flow, and the method can be executed by network equipment and detection equipment. Such as figure 1 As shown, it is a schematic diagram of a network system provided by the embodiment of the present application, which includes a backbone network and multiple intranets (such as intranets of a metropolitan area network). Each intranet can be equipped with network equipment, and the backbo...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides a method and device for identifying a DDOS attack data stream. The invention relates to the technical field of network security, the method is applied to a detection device, the method comprises the following steps: receiving an sFlow message sent by a network device, the sFlow message carrying data flow statistics information of each data flow, and sampling starting time and sampling ending time of each data flow; for each data stream, determining the time interval between the sampling starting time and the sampling ending time corresponding to the data stream, and determining the transmission rate corresponding to the data stream according to the data stream statistical information of the data stream and the time interval; and if the transmission rate corresponding to the data stream exceeds a preset threshold, determining that the data stream is a DDOS attack data stream. By adopting the method, the false identification rate can be reduced.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a method and device for identifying DDOS attack data flow. Background technique [0002] In a communication network, a Distributed Denial of Service (English: Distributed Denial of Service, DDoS for short) attack is a common attack method. In a DDoS attack, multiple network devices will work together as an attack platform to continuously send a large number of packets to the target device, thus depleting the bandwidth resources or system resources of the target device and causing great harm to the target device. [0003] At present, people usually use sampled flow (English: Sampled flow, sFlow for short), which is a network data flow monitoring technology based on packet sampling, to identify DDoS attacks. The specific process is as follows. A network device with packet sampling function is set in the network, and the network device can collect characteristic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1458
Inventor 岳伟国
Owner NEW H3C SECURITY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products