Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

DDoS attack identification method and device and storage medium

A technology for attack identification and storage media, applied in the field of computer network security, can solve problems such as very high hardware performance requirements, high false alarm rate, and unsuitable deployment

Active Publication Date: 2021-05-11
合肥浩瀚深度信息技术有限公司
View PDF18 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] Distributed Denial of Service (Distributed Denial of Service, referred to as DDoS) attack refers to the use of client / server technology, using a large number of computers as an attack platform, launching traffic attacks on one or more target hosts, occupying host resources, and making the target of the attack unable to operate normally. It is characterized by the fact that the origin of the attack is distributed in different places. Therefore, for DDoS attacks, the detection party usually has problems such as difficult identification and source tracing.
The current identification method for DDoS attacks is to use access to NetFlow / sFlow / cFlow and other device flow records or original business traffic, and judge whether a host has a DDoS attack according to whether the inbound traffic of the protected object exceeds the set threshold per unit time. However, based on the detection technology of NetFlow / sFlow / cFlow and other device flow records, because the device flow records themselves only contain quintuples and flow statistics, and lack the flow characteristics in the original flow, the detection accuracy will be relatively low. The false alarm rate is relatively high, and the detection method based on raw traffic needs to process the raw traffic in real time, so the performance requirements of the hardware are very high, and it is not suitable for deployment on large-bandwidth networks such as the backbone network of operators.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDoS attack identification method and device and storage medium
  • DDoS attack identification method and device and storage medium
  • DDoS attack identification method and device and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0048] Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. The implementations described in the following exemplary examples do not represent all implementations consistent with the present invention. Rather, they are merely examples of apparatuses and methods consistent with aspects of the invention as recited in the appended claims.

[0049]The terminology used in the present invention is for the purpose of describing particular embodiments only and is not intended to limit the invention. As used herein and in the appended claims, the singular forms "a", "the", and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise. It should also be understood that the term "and / or" as used herein refers to and includes any and all possible combinations of one or more of the associated listed items.

[0050] The present invention will be described in detail bel...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a DDoS attack identification method and device with higher accuracy and a storage medium. The DDoS attack identification method comprises the following steps: receiving original data; analyzing the original data to obtain first processing data; grouping: grouping and converging the received data according to the first processing data; analyzing the data to obtain second processing data; pre-judgment: judging whether an attack occurs or not according to the second processing data; pre-result: generating the pre-result according to the pre-judgment result; and secondary judgment: judging whether the attack occurs or not according to the zombie, trojan and worm module and the pre-result. According to the invention, the accuracy of DDoS attack detection is improved, the false alarm rate is reduced, the performance requirement of a detection system is reduced, the problem that in a traditional detection method based on original flow, the performance requirement for hardware is too high is effectively solved, and therefore, the DDoS detection system is suitable for being deployed on various backbone large-bandwidth networks.

Description

Technical field: [0001] The invention relates to the technical field of computer network security, in particular to a DDoS attack identification method, device and storage medium. Background technique: [0002] Distributed Denial of Service (Distributed Denial of Service, referred to as DDoS) attack refers to the use of client / server technology, using a large number of computers as an attack platform, launching traffic attacks on one or more target hosts, occupying host resources, and making the target of the attack unable to operate normally. It is characterized by the fact that the origin of the attack is distributed in different places. Therefore, for DDoS attacks, the detection party usually has problems such as difficult identification and source tracing. The current identification method for DDoS attacks is to use access to NetFlow / sFlow / cFlow and other device flow records or original business traffic, and judge whether a host has a DDoS attack according to whether the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1458Y02D30/50
Inventor 许焱程伟方忠祥姜宁宁
Owner 合肥浩瀚深度信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com