DDoS attack defense method and system, node and storage medium

A forwarding node and control node technology, applied in the field of network security, can solve problems such as difficult to deal with DDoS attacks, achieve the effect of improving accuracy, solving difficult to deal with DDoS attacks, and defending against DDoS attacks

Active Publication Date: 2020-10-16
TSINGHUA UNIV
View PDF5 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] It can be seen that at present, the SDN control entity has technical problems that are difficult to deal with DDoS attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDoS attack defense method and system, node and storage medium
  • DDoS attack defense method and system, node and storage medium
  • DDoS attack defense method and system, node and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0049] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0050] figure 1 A flowchart of a DDoS attack defense method provided by an embodiment of the present invention, such as figure 1 As shown, the method includes:

[0051] S1. Obtain a first data packet whose destination IP field is the first destination IP.

[0052] It should be understood that the execution subject of the embodiment of the prese...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention relates to the technical field of network security, and discloses a DDoS attack defense method and system, a node and a storage medium. According to the embodiment of the invention, the method comprises the steps: firstly obtaining a first data package with a first destination IP as a destination IP field; obtaining a packet loss action probability corresponding tothe first destination IP; determining a data packet processing operation corresponding to the first data packet through the packet loss action probability; and issuing the data packet processing operation to a forwarding node connected with a control node, so that the forwarding node processes the first data packet by the data packet processing operation to defend a DDoS attack behavior. Obviously, according to the embodiment of the invention, the number of the data packets sent to the specific destination IP is limited; therefore, the traffic restriction behavior based on the destination IPis realized, dynamic real-time traffic restriction can be performed on the suspicious traffic, the accuracy of the DDoS defense behavior is improved, and the technical problem that the SDN control entity is difficult to deal with the DDoS attack is solved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a DDoS attack defense method, system, node and storage medium. Background technique [0002] Software Defined Network (SDN, Software Defined Network), as an emerging network architecture, has attracted more and more attention because of its many excellent characteristics. [0003] For example, SDN has programmable network management, and is also easy to reconfigure and allocate resource locations on demand, which can significantly improve network performance. [0004] If you compare SDN with traditional networks, you can find that the fundamental difference between the two is that the data plane and control plane are separated in the SDN architecture. Specifically, for a typical SDN architecture, all network decisions are made in the control plane in a centralized manner by the control entity. [0005] Wherein, the control entity may be represented as an SDN controller...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/26
CPCH04L63/1458H04L43/0829
Inventor 李丹桂飞
Owner TSINGHUA UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap