DDoS attack detection method based on network traffic application layer

A network traffic and attack detection technology, applied in the Internet field, can solve problems such as the inability of servers to provide normal services, and achieve the effect of facilitating popularization and use, reducing false positive and false negative rates, and low cost

Inactive Publication Date: 2019-11-22
北京云端智度科技有限公司
View PDF1 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In this case, the server will not be able to provide normal

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDoS attack detection method based on network traffic application layer
  • DDoS attack detection method based on network traffic application layer
  • DDoS attack detection method based on network traffic application layer

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018] A specific embodiment of the present invention will be described in detail below in conjunction with the accompanying drawings, but it should be understood that the protection scope of the present invention is not limited by the specific embodiment.

[0019] There are some subtle differences between DDoS and FC, such as access intent, request rate of clients, distribution of source IP addresses, etc. The difference between DDoS and FC is shown in Table 1 below:

[0020]

[0021] Table 1 Comparison of DDoS attack and FC features

[0022] The embodiment of this patent application mainly selects three parameters: the rate of change of traffic, the rate of change of new source IP addresses, and the request allocation rate of source IP addresses to analyze network traffic, thereby distinguishing DDoS attack traffic from FC traffic.

[0023] Application layer DDoS attack detection model

[0024] Application layer DDoS attack detection model such as figure 1 Shown: When ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a DDoS attack detection method based on a network traffic application layer. The method comprises the following steps: selecting three parameters including a flow change rate,a new source IP address change rate and a source IP address request allocation rate to analyze network flow. Therefore, the DDoS attack traffic is distinguished from the FC traffic. The system is provided with a network flow analysis module, a DDoS attack detection module and an attack response module. When network flow changes suddenly, the network flow analysis module sends a warning signal to the DDoS attack detection module. The DDoS attack module is used for judging whether an FC attack or a DDoS attack occurs. When the DDoS attack is detected, the DDoS attack is detected. The attack response module is activated to filter malicious traffic and maintain uninterrupted service for a real user, the similarity between application layer DDoS attack traffic and FC traffic can be effectivelyrecognized, main characteristics of the application layer DDoS attack traffic and FC traffic are selected for distinguishing, the false alarm rate and the missing report rate are reduced, the cost islow, and application and popularization are facilitated.

Description

technical field [0001] The invention relates to the technical field of the Internet, in particular to a DDoS attack detection method based on network traffic application layer. Background technique [0002] The development of network technology has brought great convenience to people's work and life, and the number of users has also increased sharply. Businesses such as e-commerce and online games have put forward higher requirements for network transmission speed. [0003] Denial of Service (DoS) attack means that the attacker sends a large amount of data to the target host to consume the computing resources or network resources of the target host and destroy the target host to provide services to legitimate users. Distributed denial of service DDoS (Distributed Denial of Server) attack is a distributed form of DoS attack. DDoS attacks send a large number of data packets to the victim host at the same time through a large number of hosts distributed throughout the Internet...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1458H04L2463/142H04L2463/143
Inventor 刘晓光赵子毅张晴晴
Owner 北京云端智度科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap