Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for detecting network flood attack behaviors

A detection method and behavioral technology, applied to electrical components, transmission systems, etc., can solve problems such as high misrecognition rate, increased method cost overhead, and reduced real-time efficiency of the method, so as to reduce detection cost, improve detection sensitivity, and improve The effect of applicable space

Inactive Publication Date: 2019-11-22
GUIZHOU POWER GRID CO LTD
View PDF2 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The technical problem to be solved by the present invention is to provide a method for detecting network flooding attack behaviors to solve the basic characteristics of the existing communication network in which the scale continues to increase and the amount of data is extremely large, which will cause the running time of the traditional detection method to be reduced. doubled, the cost of the method is increased and the real-time efficiency of the method is reduced; the recognition effect of the existing abnormal behavior recognition method has technical problems such as high false detection rate and false recognition rate

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for detecting network flood attack behaviors
  • Method for detecting network flood attack behaviors
  • Method for detecting network flood attack behaviors

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0058] Packet Statistics Based on Counting Bloom Filter

[0059] When analyzing various network problems, a network stream connection is generally marked with a standard quintuple (source IP address, source port, destination IP address, destination port, transport protocol). According to the statistics of the DDoS attacks that have occurred, more than 90% of them are TCP floods, and among the TCP floods, SYN floods are the most common. When a SYN flood attack occurs, the number of SYN request connection packets in the network will increase rapidly, and the distribution of IP addresses and ports of the packets will also change. In order to make the attack easy to control, attack packets are generally forged by attack software. Due to software settings and other related problems, source IP addresses will be reused in large quantities, and the distribution is relatively concentrated, and there are certain rules to follow. In order to cover up their location and increase the diff...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for detecting network flood attack behaviors. The method comprises the following steps of 1, counting a difference value between SYN + ACK and ACK messages received ina certain time period by adopting a counting type Bloom Filter-based message counting method; 2, judging whether an abnormal behavior occurs or not by adopting a non-parameter-based CUSUM algorithm;3, adjusting the sampling window by adopting a self-adaptive adjustment method; 4, determining an attacked target according to address division. The problems that in the prior art, due to the basic characteristics that the scale of a communication network is continuously increased and the data size is overlarge, the running time of a traditional detection method is multiplied, the cost expenditureof the method is increased, and the real-time efficiency of the method is reduced are solved; an existing abnormal behavior recognition method is large in recognition effect false detection rate andfalse recognition rate.

Description

technical field [0001] The invention belongs to network anomaly detection technology, and in particular relates to a network flood attack behavior detection method. Background technique [0002] With the rapid development of information technology, the frequency of abnormal network incidents on the Internet is getting higher and higher, and the negative impact on people's daily Internet activities is also becoming more and more significant. With the continuous emergence of abnormal network events, abnormal network behaviors such as distributed denial of service attacks, worm propagation, and port scanning are particularly prominent. While the Internet is developing at a high speed, it is also suffering from the impact of abnormal network events. With the continuous updating of network technology and applications, the development direction of communication networks is becoming more and more multidirectional, and the types of services carried are becoming more and more compreh...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425
Inventor 张娟娟王颖舒刘晴左宇袁舒黄韬徐拓之李易韦倩
Owner GUIZHOU POWER GRID CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products