DDoS attack defense system and method based on dynamic transformation

An attack defense system and dynamic transformation technology, applied in the field of network security, can solve problems such as massive hardware and bandwidth investment, cost increase, TCP sliding window reduction, etc.

Active Publication Date: 2020-07-07
北京卫达信息技术有限公司
View PDF8 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] 2. Slow DDoS attack defense effect is poor
Pulse DDoS attacks use the protocol defect of the TCP congestion control mechanism to cause instantaneous network congestion, so that the TCP sliding window is rapidly reduced
Slow DDoS attacks are highly concealed, and the existing detection and defense methods have poor defense effects
[0012] 3. The cost of DDoS attack defense is high
[0013] Since most of the DDoS attack defense measures and methods currently used require a large amount of hardware and bandwidth investment, whether users build their own DDoS attack defense systems or rent DDoS attack defense services, resources will be wasted under normal traffic and costs will be increased.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDoS attack defense system and method based on dynamic transformation
  • DDoS attack defense system and method based on dynamic transformation
  • DDoS attack defense system and method based on dynamic transformation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach

[0078] The first preferred embodiment mainly defends against DDoS traffic attacks, and this embodiment mainly defends against CC (Challenge Collapsar) attacks in DDoS. CC attack is a type of DDoS attack, which means that the attacker combines multiple "broilers" to send a large number of operations that consume more system resources of the application server to the application server, such as some complex database queries, etc. A large number of calculations and system resources are exhausted, and normal services cannot be provided externally. Different from the first embodiment, in this embodiment, the proxy node needs to cache the content on the application server and synchronize it regularly, so that when the user's access request reaches the proxy node, the proxy node will directly respond to the user, only when there is no When the resource requested by the user is found, the access request is sent to the application server.

[0079] In this embodiment, the proxy node de...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a DDoS attack defense system and method based on dynamic transformation, which break through the characteristics of traditional passive defense and static defense. The method has the basic thought that: under normal flow, a small number of proxy nodes are adopted to transmit communication between a user and an application server, so that normal communication requirements aremet, and resources are saved; and when a DDoS attack is received, a large number of dynamic proxy nodes are started to transmit communication between the user and the application server, the standbyproxy node is continuously used for replacing the attacked proxy node, the user flow is migrated to the new proxy node, and the attacked proxy node is closed, so that the DDoS attack strength is rapidly reduced, and the purpose of defending against large-flow attacks with small bandwidth is achieved. In addition, the dynamic change of the proxy node enables the attacker not to obtain the internalnetwork topology structure of the system, so that the scanning detection of the attacker on the system can be effectively blocked. The system does not increase user load, is transparent to users, andprovides continuous and stable service for the users.

Description

technical field [0001] The invention relates to the field of network security, in particular to a DDoS attack defense system and method based on dynamic transformation. Background technique [0002] Distributed Denial of Service (Distributed Denial of Service, DDoS) attack refers to the use of client / server technology, by controlling multiple hosts as an attack platform, sending a large number of data packets to one or more victim hosts, so that the resources of the victim host are excessively consumed services cannot be provided normally. With the increase of Internet bandwidth and the continuous release of various DDoS hacking tools, the implementation of DDoS attacks is becoming easier and easier. DDoS attack incidents are on the rise and become an important source of threats to network security. Due to various factors such as business competition, retaliation, and network extortion, many network service providers such as IDC hosting rooms, commercial sites, game servers...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08H04L29/12
CPCH04L63/1458H04L63/0281H04L67/1004H04L67/1036H04L61/4511
Inventor 张长河
Owner 北京卫达信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap