DDoS attack detection method based on single packet traceability
A technology of attack detection and inter-domain path identification, applied in the field of DDoS attack detection based on single packet traceability, can solve the lack of attack detection and other problems, and achieve the effect of fine-grained attack detection
Active Publication Date: 2021-05-28
BEIHANG UNIV
View PDF7 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
However, the current "CoLoR network architecture" lacks a security mechanism for attack detection using traceability information, and it is difficult to detect small-scale DDoS attacks that may exist in the CoLoR network
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0118] see image 3 As shown, a kind of DDoS attack detection method based on single packet tracing of the present invention, its attack detection steps are:
[0119] The first part is to obtain the autonomous domain nodes and inter-domain path identification sequences in the network logical topology as an observer;
[0120] Step A, extracting autonomous domain nodes in the network logical topology;
[0121] see Figure 4 The network logical topology of the tree structure shown, all autonomous domain nodes in the network form a set of autonomous domain nodes, denoted as S 总 , and S 总 ={N 1 ,N 2 ,N 3 ,N 4 ,N 5 ,N 6 ,N 7 ,N 8 ,N 9}. Among them, autonomous domain node N 9 The identity is replaced by the observer node O, which is also the root node of the tree structure.
[0122] N 1 It is the first autonomous domain node in the logical topology of the network; autonomous domain node N 1 own traffic of initial time The assignment value is 0; autonomous domain ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a DDoS (Distributed Denial of Service) attack detection method based on single packet traceability, which is based on a logical topology in a CoLoR network architecture, in which inter-domain path identifier prefix information is recorded, and an inter-domain path identifier sequence contained in a request packet is matched with the logical topology hop by hop, so that a sender of the request packet is positioned; by repeating the above operations, statistics can be performed on the self flow and the aggregation flow of each autonomous domain node in the network logic topology, and the autonomous domain of which the flow exceeds a threshold value can be judged as an attacker according to the change condition of the flow, so that fine-grained DDoS attack detection is realized. According to the method, the problem of how to realize fine-grained DDoS attack detection by utilizing the network logic topology and the inter-domain path identification sequence in the request packet is solved, and the accuracy of attack detection is improved by adopting a mode of firstly tracing and then detecting.
Description
technical field [0001] The present invention relates to the technical field of computer network security, and more specifically, the present invention relates to a DDoS attack detection method based on single packet traceability. Background technique [0002] In today's Internet environment, there are various security problems, such as Trojan horse implantation, virus attack, etc., among which the damage caused by the distributed denial of service (DDoS) attack is particularly serious. Trends in scale and diversification. see figure 1 As shown, the attacker sends a large number of packets to the attack target by controlling the zombie host, consuming its computing, storage, and network resources, so that legitimate users cannot obtain the services provided by the attack target. The existing TCP / IP network architecture did not consider security issues at the beginning of the design. Malicious network attackers can launch attacks by forging source addresses, which affects th...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 罗洪斌刘洲彪张珊
Owner BEIHANG UNIV