Subnet deception DDoS attack monitoring and early warning method
A monitoring and early warning, seed network technology, applied in the direction of data exchange network, digital transmission system, electrical components, etc., can solve the difficulty of defending against such attacks, speed up the identification and judgment process, reduce the complexity of rules and the amount of calculation, The effect of improving the recognition accuracy
Active Publication Date: 2020-09-08
南京云利来软件科技有限公司
View PDF4 Cites 4 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
Combining IP spoofing makes defending against such attacks much more difficult
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreExamples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0018] The present invention will be further described in detail below in conjunction with specific embodiments.
[0019] A subnet deception DDoS attack monitoring and early warning method specifically includes the following steps: Step S1: First capture network flow data from the switch image through the bypass monitoring device, then separate the TCP flow from it, and then press the source address, destination address, destination Port and TCP end state are classified and aggregated; step S2: the data aggregated in the step S1 is cleaned, and the source address (sip), destination address (dip), end state (timeout_state) and TCP flow of the current TCP connection are collected and extracted The number (flow) has four characteristics in total; step S3: collect the four characteristic values of the step S2 of the communication data of each device, and then judge whether the source address belongs to the address that initiates a DDoS attack according to the trigger condition se...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention relates to a subnet spoofing DDoS attack monitoring and early warning method, which comprises the following steps: receiving user network flow through a switch bypass mirror image, and separating TCP flow; aggregating according to a source address, a destination address, a destination port and a TCP end state; extracting the number of alarm source addresses of the same subnet from the alarm information; and if the number of the alarm source addresses of a certain subnet exceeds a threshold value, giving an alarm, otherwise, retrieving the number of the source addresses which arenot successfully handshaken for three times by the TCP of the subnet and the total number of the corresponding unsuccessful connections in the TCP aggregation data, and if the number of the source addresses and the total number of the connections exceed the threshold value, giving the alarm. According to the invention, pipeline type combination is carried out by using multi-level rules; the subnetnumber is extracted from the low-level alarm information, the extracted subnet number is used for retrieving the DDoS attack flow in the TCP full-flow data, then the subnet deception DDoS alarm withthe higher level is generated, the operand and the rule complexity are greatly reduced, and the recognition accuracy is improved.
Description
technical field [0001] The invention relates to the technical field of network equipment security management, in particular to a method for monitoring and early warning of subnet deception DDoS attacks. Background technique [0002] Distributed denial-of-service attack (DDoS) attack is one of the most important threats to the Internet today. DDoS attack means that the attacker consumes the computing resources of the target through massive requests from the puppet host, preventing the target from providing services to legitimate users. Web servers and DNS servers are the most common attack targets, and the computing resources that can be consumed can be CPU, memory, bandwidth, etc.; Amazon, eBay, Yahoo, Sina, Baidu and other domestic and foreign websites have all been attacked by DDoS. DDoS attack can not only realize a specific target, such as the attack on WEB server or DNS server, but also can realize the attack on the network infrastructure, such as router and so on. Th...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More IPC IPC(8): H04L29/06H04L12/24
CPCH04L63/1416H04L63/1458H04L41/0631
Inventor 冯钊曹立高才郭晓冬唐锡南
Owner 南京云利来软件科技有限公司