A method, apparatus, storage medium and electronic device for detecting slow attack

A slow attack and to-be-detected technology, applied in the field of network security, can solve the problem of inflexible methods for detecting slow attacks, and achieve the effect of precise protection

Active Publication Date: 2022-07-12
BEIJING TOPSEC NETWORK SECURITY TECH +2
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the embodiments of the present application is to provide a method, device, storage medium and electronic equipment for detecting slow attacks, so as to solve the problem that existing methods for detecting slow attacks are not flexible enough

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method, apparatus, storage medium and electronic device for detecting slow attack
  • A method, apparatus, storage medium and electronic device for detecting slow attack
  • A method, apparatus, storage medium and electronic device for detecting slow attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The technical solutions in the embodiments of the present application will be described below with reference to the accompanying drawings in the embodiments of the present application.

[0030] It should be noted that like numerals and letters refer to like items in the following figures, so once an item is defined in one figure, it does not require further definition and explanation in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", etc. are only used to distinguish the description, and cannot be understood as indicating or implying relative importance.

[0031] Existing methods for detecting slow attacks mainly include the following two methods: one is to establish a behavior signature database, and then match the extracted packet features with the behavior signature database. The packet is a slow attack packet, and the packet is discarded; the other is to periodically obtain the number of empty connections on...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Embodiments of the present application provide a method, device, storage medium, and electronic device for detecting slow attacks. The method includes: receiving a message to be detected; after determining that a target connection for sending the message to be detected to a target server has been established In this case, obtain the total number of connections between all clients and the target server recorded by itself; when the total number of connections is greater than or equal to the connection threshold, obtain the establishment duration of the target connection; when the establishment duration is greater than or equal to the preset establishment duration Then, the total size of the packets corresponding to the target connection within the first preset time period is detected; if the total size is less than or equal to the preset size, it is determined that the packet to be detected is a slow attack packet. With the help of the above technical solutions, the embodiments of the present application solve the problem of inflexibility in the prior art, and even if the characteristics of the packets change, the slow attack packets can still be detected.

Description

technical field [0001] The present application relates to the technical field of network security, and in particular, to a method, apparatus, storage medium and electronic device for detecting slow attacks. Background technique [0002] With the rapid development of the network, network security problems are also increasing. Distributed Denial of Service (DDoS) attack is currently one of the most powerful and difficult to defend attacks, and its main purpose is to make the designated target unable to provide normal services. In the past, DDoS attacks were mainly based on large-traffic attacks of a single packet. In recent years, they have evolved into slow attacks. This slow attack is more stealthy and is a deformation of the normal network protocol, which fully meets the requirements of the protocol. Therefore, protection against slow attacks is more difficult. [0003] The existing method for detecting slow attacks is to establish a behavior signature database, and then ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40
CPCH04L63/1416
Inventor 徐兰兰
Owner BEIJING TOPSEC NETWORK SECURITY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap