DDoS attack judgment and flow cleaning method and device and electronic equipment

A technology of traffic cleaning and traffic differentiation, applied in the field of network security, it can solve the problems of network service crash, inability to respond to data packets, exhaustion of target resources, etc.

Active Publication Date: 2019-11-29
GUANGTONGTIANXIA NETWORK TECH CO LTD
View PDF9 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0016] SYN Flood: SYN Flood is an attack method that utilizes TCP’s own protocol flaws to exhaust target resources by sending a large number of TCP connection requests, thus failing to provide normal services
The attacker sends a large number of SYN r

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDoS attack judgment and flow cleaning method and device and electronic equipment
  • DDoS attack judgment and flow cleaning method and device and electronic equipment
  • DDoS attack judgment and flow cleaning method and device and electronic equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0162] In this embodiment, the following scenario is set: there is server A, and the maximum load connection number is 5000 (S limit =5000), S v =0.9*S limit = 4500;

[0163] After accessing the protection of the device of the present invention, under normal circumstances (assuming 10 seconds, from 0 to 5000, then the increase per second is 500, then with 500 as the initial judgment of the IP just accessed, no more than 500, Then it is judged as a normal scene. When the value is learned later, the policy is discarded. This policy is only for the IP that has just been connected for 1 hour), study for 1 hour, and get the average number of SYN packets sent by all IPs SYN_Mode= 50, get Smax=2500, Umax=400; Smax is the maximum value of the server connection during the learning period. Umax is the maximum value of the number of new connections during the learning period;

[0164] When attacking the scene:

[0165] The number of session connections in the second second S2=4000, ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a DDoS attack judgment and flow cleaning method and device and electronic equipment, and the method comprises the steps: judging the start time of a DDoS attack; and when the DDoS attack is judged, carrying out flow distinguishing processing and flow cleaning. According to the technical scheme, the DDoS attack traffic is detected by taking the newly added session connectionnumber threshold value per second of the server and the session connection threshold value as judgment points, and when the value exceeds a set value, the point is judged as an attack starting point,and a defense strategy is triggered. Compared with a traditional threshold detection method, the detection method has the advantages that the DDoS attack starting time can be judged more accurately, the cleaning strategy is continuous and coherent, continuous availability of the server is guaranteed by controlling the connection curve, and the server is not completely discarded and newly built atthe maximum connection position.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method, device and electronic equipment for DDoS attack determination and flow cleaning. Background technique [0002] DDoS attack is a special form of denial-of-service attack based on DoS attack. It is a distributed and large-scale attack method. It sends a large number of network requests to the server to consume its network bandwidth and system resources, thereby causing server Stop providing normal network services, or even downtime. Nowadays, most detection methods for DDoS attacks are based on threshold detection. [0003] Existing methods for judging the start time of a DDoS attack are often based solely on the threshold of the number of session connections. When the number of session connections reaches the threshold, the attack is judged to start and defense rules are triggered. This method has a certain lag in judging the start time of the attack. Usually, the defen...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1458
Inventor 段吉瑞徐文强吴沛钊
Owner GUANGTONGTIANXIA NETWORK TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap