Unlock instant, AI-driven research and patent intelligence for your innovation.

Distributed denial of service attack detection method, device and equipment and storage medium

A distributed rejection and detection method technology, applied in the Internet field, can solve the problems of low detection efficiency and detection accuracy, large traffic, and the inability to effectively distinguish whether the burst traffic is normal burst traffic or DDoS attack traffic, so as to improve detection efficiency and detection accuracy, avoiding the effect of misjudgment

Active Publication Date: 2020-08-28
EVERSEC BEIJING TECH +1
View PDF8 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Distributed denial of service (distributed denial of service, DDoS) attack has been one of the important threats to global Internet network security since its appearance. It mainly targets Web servers and DNS servers, and initiates bursts of large traffic through controlled puppet hosts. Cause excessive consumption of computing resources of the target system, making the target system unable to provide normal services for legitimate users
[0004] In the prior art, the detection of DDoS attacks is usually detected by the entropy value of the destination IP address. However, such a detection method cannot effectively distinguish whether the burst traffic is normal burst traffic or DDoS attack traffic, and the detection efficiency and detection accuracy are relatively low. Low

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Distributed denial of service attack detection method, device and equipment and storage medium
  • Distributed denial of service attack detection method, device and equipment and storage medium
  • Distributed denial of service attack detection method, device and equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0028] figure 1 This is a flowchart of a method for detecting a distributed denial of service attack according to Embodiment 1 of the present invention. This embodiment is applicable to detecting whether there is a distributed denial of service attack in network traffic. A distributed denial-of-service attack detection device can be implemented by software and / or hardware and integrated in a server, typically a Web (World Wide Web, global wide area network) server or a DNS (Domain Name System, Domain Name System Protocol) server, the method specifically includes the following steps:

[0029] S110. Monitor network traffic in real time, and collect target network traffic according to a preset sampling period.

[0030] In order to improve the security performance of the server, the sampling period can be set to a small value, so that the server can detect as many distributed denial-of-service attacks as possible to ensure the security of network communication; to reduce the proc...

Embodiment 2

[0076] figure 2 A flowchart of a method for detecting a DDoS attack provided in Embodiment 2 of the present invention. In this embodiment, the method for detecting a DDoS attack is embodied, and the detection features of a DDoS attack are Input into the pre-trained detection model, and determine whether there is a distributed denial of service attack in the target network traffic according to the output result. Specifically, the method includes the following steps:

[0077] S201, obtaining an initial GHSOM neural network detection model; and performing S202.

[0078] Specifically, the acquisition of the initial growing hierarchical self-organizing mapping neural network model mainly includes the following steps:

[0079] First, initialize the neurons in layer 0; since there is only one neuron in layer 0, the initial weight of the neuron is the average value of all training samples, and the average quantization error of this layer is calculated based on this; among them, the ...

Embodiment 3

[0102] image 3 It is a structural block diagram of a distributed denial-of-service attack detection device provided in Embodiment 3 of the present invention. The device is applied to a server and specifically includes: a target network traffic acquisition module 310, an original traffic feature extraction module 320, and a detection feature acquisition module. module 330 and an attack detection execution module 340 .

[0103] A target network traffic acquisition module 310, configured to monitor network traffic in real time, and collect target network traffic according to a preset sampling period;

[0104] An original traffic feature extraction module 320, configured to extract original traffic features according to the target network traffic;

[0105] A detection feature acquisition module 330, configured to construct a detection feature of a distributed denial-of-service attack through the original traffic feature;

[0106] The attack detection execution module 340 is con...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

An embodiment of the invention discloses a distributed denial of service attack detection method, a device, equipment and a storage medium. The distributed denial of service attack detection method comprises the steps of: monitoring network traffic in real time, and collecting target network traffic according to a preset sampling period; extracting original traffic characteristics according to thetarget network traffic; constructing detection features of distributed denial of service attack through the original traffic features; and determining whether the distributed denial of service attackexists in the target network traffic according to the detection characteristics of the distributed denial of service attack. According to the distributed denial of service attack detection method provided by the embodiment of the invention, the normal burst traffic and the distributed denial of service attack traffic are effectively distinguished while the distributed denial of service attack inthe network traffic is detected, the misjudgment of the normal burst traffic is avoided, and the detection efficiency and the detection precision of the distributed denial of service attack are improved.

Description

technical field [0001] The embodiments of the present invention relate to the field of Internet technologies, and in particular, to a method, apparatus, device, and storage medium for detecting distributed denial-of-service attacks. Background technique [0002] With the continuous advancement of science and technology, great progress has been made in Internet technology. With the rapid development of the Internet industry, Internet network security has become particularly important. [0003] Distributed denial of service (DDoS) attacks have been one of the important threats to global Internet network security since their emergence. They mainly target web servers and DNS servers, and initiate large bursts of traffic through controlled puppet hosts. Causes excessive consumption of computing resources of the target system, so that the target system cannot provide normal services for legitimate users. [0004] For the detection of DDoS attacks in the prior art, detection is us...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1458H04L63/1416
Inventor 刘纪伟梁彧李睿楠陈洪伟赖秋楠胡付博
Owner EVERSEC BEIJING TECH