Defense method, system, node and storage medium of ddos ​​attack

A forwarding node and control node technology, applied in the field of network security, can solve problems such as difficult to deal with DDoS attacks, achieve the effect of improving accuracy, solving difficult to deal with DDoS attacks, and defending against DDoS attacks

Active Publication Date: 2022-02-01
TSINGHUA UNIV
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] It can be seen that at present, the SDN control entity has technical problems that are difficult to deal with DDoS attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Defense method, system, node and storage medium of ddos ​​attack
  • Defense method, system, node and storage medium of ddos ​​attack
  • Defense method, system, node and storage medium of ddos ​​attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0049] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0050] figure 1 A flowchart of a DDoS attack defense method provided by an embodiment of the present invention, such as figure 1 As shown, the method includes:

[0051] S1. Obtain a first data packet whose destination IP field is the first destination IP.

[0052] It should be understood that the execution subject of the embodiment of the prese...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention relates to the technical field of network security, and discloses a DDoS attack defense method, system, node and storage medium. The embodiment of the present invention first obtains the first data packet whose destination IP field is the first destination IP; obtains the packet loss action probability corresponding to the first destination IP; determines the data packet processing operation corresponding to the first data packet through the packet loss action probability ; sending the data packet processing operation to the forwarding node connected to the control node, so that the forwarding node uses the data packet processing operation to process the first data packet to defend against DDoS attacks. Obviously, the embodiment of the present invention realizes the traffic restriction behavior based on the destination IP by limiting the number of data packets sent to a specific destination IP, and can perform dynamic real-time traffic restriction on suspicious traffic, thereby improving the DDoS defense behavior The accuracy solves the technical problem that the SDN control entity is difficult to deal with DDoS attacks.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a DDoS attack defense method, system, node and storage medium. Background technique [0002] Software Defined Network (SDN, Software Defined Network), as an emerging network architecture, has attracted more and more attention because of its many excellent characteristics. [0003] For example, SDN has programmable network management, and is also easy to reconfigure and allocate resource locations on demand, which can significantly improve network performance. [0004] If you compare SDN with traditional networks, you can find that the fundamental difference between the two is that the data plane and control plane are separated in the SDN architecture. Specifically, for a typical SDN architecture, all network decisions are made in the control plane in a centralized manner by the control entity. [0005] Wherein, the control entity may be represented as an SDN controller...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L43/0829
CPCH04L63/1458H04L43/0829
Inventor 李丹桂飞
Owner TSINGHUA UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap