Dynamic defense system and method for CC attacks

Abstract

The invention discloses a dynamic defense system for CC attacks, and belongs to the technical field of CC attack defense methods. The system comprises a request receiving module, wherein the output end of the request receiving module is connected with a request statistics module. According to the invention, a white list is divided into a first-level white list module, a second-level white list module and a third-level white list module. IP detection in the first-level white list module is that the number of non-attack times is greater than 1 and less than 3; IP detection in the second-level white list module is that the number of non-attack times is greater than 3 and less than 5; IP detection in the third-level white list module is that the non-attack frequency is greater than 5 times; only the request IP is in the three-level white list module; and when the request IP requests again, the request can be directly judged to be non-aggressive, the request is normally processed and the response is sent without detection of a detection module, so the establishment of the white list is safer, and the CC attack can be better resisted while the detection intensity of the detection moduleis reduced.

Description

technical field [0001] The invention belongs to the technical field of CC attack defense methods, and in particular relates to a CC attack dynamic defense system and a method thereof. Background technique [0002] The principle of CC attack is that the attacker controls some hosts to send a large number of data packets to the opponent's server continuously, causing the server resources to be exhausted until it crashes. CC is mainly used to consume server resources. Everyone has such an experience : When the number of people visiting a webpage is very large, it will be slow to open the webpage. CC is to simulate multiple users (as many threads as there are users) to continuously visit those pages that require a lot of data operations (that is, a lot of CPU time) , resulting in a waste of server resources, the CPU is at 100% for a long time, there will always be unfinished connections until the network is congested, and normal access is suspended. Although the existing dynamic...

AI Technical Summary

Problems solved by technology

[0002] The principle of CC attack is that the attacker controls some hosts to send a large number of data packets to the opponent's server continuously, causing the server resources to be exhausted until it crashes. CC is mainly used to consume server resources. Everyone has such an experience : When the number of people visiting a webpage is very large, it will be slow to open the webpage. CC is to simulate multiple users (as many threads as there are users) to continuously visit those pages that require a lot of data operations (that is, a lot of CPU time) , resulting in a waste of server resources, the CPU is at 100% for a long time, there will always be unfinished connections until the network is congested, and normal access is suspended. Although the existing dynamic defense system for CC attacks has been increasingly perfect, there are still some Insufficient to be improved

[0003] The existing technology has the following problems: once the existing CC attack dynamic defense system detects that the requested IP is not under attack, it classifies the requested IP into a white list series, which reduces the security of establishing the white list

Images