A method and device for identifying ddos ​​attack data flow

A DDOS and data flow technology, applied in the field of identifying DDOS attack data flow, can solve the problems of false alarms of detection equipment and the inability to parse out detection equipment, and achieve the effect of avoiding false alarms

Active Publication Date: 2021-07-20
NEW H3C SECURITY TECH CO LTD
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, based on the above processing methods, the detection device cannot parse out the information that can reflect the statistical traffic rate, and in some cases, false alarms will be generated by the detection device

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for identifying ddos ​​attack data flow
  • A method and device for identifying ddos ​​attack data flow
  • A method and device for identifying ddos ​​attack data flow

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0055] The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0056] The embodiment of the present invention provides a method for identifying DDOS attack data flow, and the method can be executed by network equipment and detection equipment. Such as figure 1 As shown, it is a schematic diagram of a network system provided by the embodiment of the present application, which includes a backbone network and multiple intranets (such as intranets of a metropolitan area network). Each intranet can be equipped with network equipment, and the backbo...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the present application provides a method and device for identifying a DDOS attack data flow, which relates to the field of network security technology. The method is applied to a detection device, and the method includes: receiving an sFlow message sent by a network device, and the sFlow message The document carries the data flow statistical information of each data flow, and the sampling start time and sampling end time of each data flow; for each data flow, determine the time between the sampling start time and the sampling end time corresponding to the data flow time interval, and according to the data flow statistical information of the data flow and the time interval, determine the transmission rate corresponding to the data flow; if the transmission rate corresponding to the data flow exceeds the preset threshold, it is determined that the data flow is a DDOS attack data flow. The misidentification rate can be reduced by adopting the application.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a method and device for identifying DDOS attack data flow. Background technique [0002] In a communication network, a Distributed Denial of Service (English: Distributed Denial of Service, DDoS for short) attack is a common attack method. In a DDoS attack, multiple network devices will work together as an attack platform to continuously send a large number of packets to the target device, thus depleting the bandwidth resources or system resources of the target device and causing great harm to the target device. [0003] At present, people usually use sampled flow (English: Sampled flow, sFlow for short), which is a network data flow monitoring technology based on packet sampling, to identify DDoS attacks. The specific process is as follows. A network device with packet sampling function is set in the network, and the network device can collect characteristic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1458
Inventor 岳伟国
Owner NEW H3C SECURITY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products