A subnet deception ddos attack monitoring and early warning method
A monitoring and early warning, seed network technology, applied in digital transmission systems, security communication devices, electrical components, etc., can solve problems such as difficulty in defending against such attacks, speed up the identification and judgment process, simple and convenient configuration operations, and reduce the complexity of rules. The effect of degree and computation
Active Publication Date: 2022-04-19
广州广电研究院有限公司
View PDF0 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
Combining IP spoofing makes defending against such attacks much more difficult
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreExamples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0018] The present invention will be further described in detail below in conjunction with specific examples.
[0019] A subnet deception DDoS attack monitoring and early warning method specifically includes the following steps: Step S1: First capture network flow data from the switch image through the bypass monitoring device, then separate the TCP flow from it, and then press the source address, destination address, destination Port and TCP end state are classified and aggregated; step S2: the data aggregated in the step S1 is cleaned, and the source address (sip), destination address (dip), end state (timeout_state) and TCP flow of the current TCP connection are collected and extracted The number (flow) has four characteristics in total; step S3: collect the four characteristic values of the step S2 of the communication data of each device, and then judge whether the source address belongs to the address that initiates a DDoS attack according to the trigger condition set, ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention relates to a subnet deception DDoS attack monitoring and early warning method, which includes accepting user network traffic through a switch bypass mirror, and separating out TCP traffic; performing aggregation according to source address, destination address, destination port, and TCP end state; extracting from alarm information The number of alarm source addresses in the same subnet. If the number of alarm source addresses in a certain subnet exceeds the threshold, an alarm will be issued. Otherwise, the number of source addresses in which the TCP three-way handshake fails for this subnet is retrieved from the TCP aggregation data. And the total number of corresponding unsuccessful connections, if the source address and the total number of connections exceed the threshold, an alarm will be issued. The present invention uses multi-level rules for pipeline combination, extracts subnet numbers from low-level alarm information, retrieves DDoS attack traffic from TCP full flow data with the extracted subnet numbers, and generates higher-level subnets Spoofing DDoS alarms greatly reduces the amount of computation and complexity of rules, and improves the accuracy of identification.
Description
technical field [0001] The invention relates to the technical field of network equipment security management, in particular to a method for monitoring and early warning of subnet deception DDoS attacks. Background technique [0002] Distributed denial-of-service attack (DDoS) attack is one of the most important threats to the Internet today. DDoS attack means that the attacker consumes the computing resources of the target through massive requests from the puppet host, preventing the target from providing services to legitimate users. Web servers and DNS servers are the most common attack targets, and the computing resources that can be consumed can be CPU, memory, bandwidth, etc.; Amazon, eBay, Yahoo, Sina, Baidu and other domestic and foreign websites have all been attacked by DDoS. DDoS attack can not only realize a specific target, such as the attack on WEB server or DNS server, but also can realize the attack on the network infrastructure, such as router and so on. Th...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L41/0631
CPCH04L63/1416H04L63/1458H04L41/0631
Inventor 冯钊曹立高才郭晓冬唐锡南
Owner 广州广电研究院有限公司