A dynamic defense system and method for cc attack

Abstract

The invention discloses a CC attack dynamic defense system, which belongs to the technical field of CC attack defense methods and includes a request receiving module whose output terminal is connected to a request statistics module; the white list of the present invention is divided into a first-level white list module, the second-level whitelist module and the third-level whitelist module, the number of IP detections in the first-level whitelist module as non-attacks is more than 1 and less than 3 times, and the number of IP detections in the second-level whitelist module as non-attacks is greater than 3 The number of times is less than 5, the number of times the IP in the third-level whitelist module is detected as non-attack is more than 5 times, and only the requested IP is in the third-level whitelist module. When the request IP is requested again, it can be directly judged that the request is not offensive. Process the request normally and send a response without detection by the detection module. This method makes the establishment of the whitelist more secure, and can better resist CC attacks while reducing the detection intensity of the detection module.

Description

technical field [0001] The invention belongs to the technical field of CC attack defense methods, and in particular relates to a CC attack dynamic defense system and a method thereof. Background technique [0002] The principle of CC attack is that the attacker controls some hosts to send a large number of data packets to the opponent's server continuously, causing the server resources to be exhausted until it crashes. CC is mainly used to consume server resources. Everyone has such an experience : When the number of people visiting a webpage is very large, it will be slow to open the webpage. CC is to simulate multiple users (as many threads as there are users) to continuously visit those pages that require a lot of data operations (that is, a lot of CPU time) , resulting in a waste of server resources, the CPU is at 100% for a long time, there will always be unfinished connections until the network is congested, and normal access is suspended. Although the existing dynamic...

AI Technical Summary

Problems solved by technology

[0002] The principle of CC attack is that the attacker controls some hosts to send a large number of data packets to the opponent's server continuously, causing the server resources to be exhausted until it crashes. CC is mainly used to consume server resources. Everyone has such an experience : When the number of people visiting a webpage is very large, it will be slow to open the webpage. CC is to simulate multiple users (as many threads as there are users) to continuously visit those pages that require a lot of data operations (that is, a lot of CPU time) , resulting in a waste of server resources, the CPU is at 100% for a long time, there will always be unfinished connections until the network is congested, and normal access is suspended. Although the existing dynamic defense system for CC attacks has been increasingly perfect, there are still some Insufficient to be improved

[0003] The existing technology has the following problems: once the existing CC attack dynamic defense system detects that the requested IP is not under attack, it classifies the requested IP into a white list series, which reduces the security of establishing the white list

Images