Unlock instant, AI-driven research and patent intelligence for your innovation.

A denial of service attack filtering method, device and equipment based on ip whitelist

A technology of denial of service attack and filtering method, applied in the field of network security, can solve the problems of occupying server performance, high maintenance cost of session flow table, and high design requirements, and achieve the effect of improving reliability and powerful large-scale network traffic processing capacity

Active Publication Date: 2022-03-04
INST OF ACOUSTICS CHINESE ACAD OF SCI +1
View PDF10 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The traditional method of learning and acquiring IP members of the three types of whitelists and their TTL values ​​has major flaws: the first method of counting packets based on the frequency of appearance of IP addresses and the number of days, the principle of this method is too simple, and the whitelist is easily polluted by infiltration; Two kinds of session monitoring methods to screen successfully established connection IPs. This method needs to monitor the interaction status of each session. The maintenance cost of the session flow table is high, and the number of connections per second becomes a performance bottleneck. The third mining classification method based on traffic characteristics, the The method has high requirements for the design of traffic characteristic rules, the time and space cost of model training is high, and it contradicts the suddenness and variability of network traffic
This method must rewrite the server kernel, frequently requests server TCP session table information, occupies server performance, and has a narrow application range. Even if it is changed to an off-machine deployment method of monitoring server traffic, a network session flow table needs to be established, and the processing performance is weak.
In addition, the information such as IP address and TTL value in the whitelist is static, and there is no dynamic update and maintenance mechanism, and there is no monitoring mechanism for whitelist members.
[0006] The aforementioned methods and patents have large loopholes and deficiencies in the acquisition and update of whitelist IP members and their TTL values, and whitelist member monitoring issues, and are difficult to be widely applied to real-time production applications

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A denial of service attack filtering method, device and equipment based on ip whitelist
  • A denial of service attack filtering method, device and equipment based on ip whitelist
  • A denial of service attack filtering method, device and equipment based on ip whitelist

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 2

[0064] Embodiment 2 of the present invention proposes a kind of denial of service attack filtering device based on IP white list, and described device comprises:

[0065] A state judging module, used to judge the state of the current protected network;

[0066] The IP whitelist learning module is used to monitor network traffic when the state is not under attack, and update the IP whitelist based on the effective return message; update the TTL value of the IP whitelist based on updating the active bit and changing the stable bit;

[0067] The IP whitelist filtering module is used to filter the attack traffic whose IP address or TTL value does not match according to the IP whitelist when the state is under attack, and release legal traffic. At the same time, based on the balance of the number of packets, the IP whitelist members Monitor the traffic status and delete malicious members in the IP whitelist who launch flooding attacks.

Embodiment 3

[0069] Embodiment 3 of the present invention provides a computer device, including a memory, a processor, and a computer program stored on the memory and operable on the processor. When the processor executes the computer program, the computer program is implemented. Example 1 method.

Embodiment 4

[0071] Embodiment 4 of the present invention provides a computer-readable storage medium, the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the processor executes the method described in Embodiment 1. method.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a denial of service attack filtering method, device and equipment based on an IP whitelist. The method includes: judging the status of the current protected network; Packets update the IP whitelist; update the TTL value of the IP whitelist based on updating the active bit and changing the stable bit; when the status is under attack, filter the attack traffic whose IP address or TTL value does not match according to the IP whitelist, and let the legal traffic , at the same time, based on the balance of the number of packets, the traffic status of the members of the IP whitelist is monitored, and the malicious members in the IP whitelist that launch flood attacks are deleted. The method of the invention has a white list member monitoring mechanism, can quickly find and eliminate malicious members in the white list who launch flood attacks, and improves the reliability of the filtering method.

Description

technical field [0001] The invention relates to the field of network security, in particular to a filtering method for denial of service attacks, in particular to a method, device and equipment for filtering denial of service attacks based on an IP whitelist. Background technique [0002] Denial of service attack (DoS) refers to a network attack method that makes the attack target unable to provide services, and flooding attacks are mostly used. To this day, denial-of-service attacks are still common forms of network attacks that are simple to launch and cause great harm. The identification and filtering of attack traffic is one of the important topics in the field of network security. [0003] The traditional method of learning and acquiring IP members of the three types of whitelists and their TTL values ​​has major flaws: the first method of counting packets based on the frequency of appearance of IP addresses and the number of days, the principle of this method is too si...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40
CPCH04L63/1408H04L63/1458H04L63/101H04L63/0227
Inventor 宋磊马建东
Owner INST OF ACOUSTICS CHINESE ACAD OF SCI