DDoS attack detection method oriented to high-speed network packet sampling data acquisition scene

A high-speed network and sampling data technology, applied in the field of network security, can solve problems such as reduced resource stability and complex calculations in memory space, achieving low time complexity, low space complexity, and strong practicability
CN113114694AActive Publication Date: 2021-07-13SOUTHEAST UNIV
1 Cites 0 Cited by

Patent Information

Authority / Receiving Office
CN · China
Current Assignee / Owner
SOUTHEAST UNIV
Publication Date
2021-07-13

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention discloses a DDoS attack detection method for a high-speed network packet sampling data acquisition scene, and the method comprises the following steps: sampling network packets by using an equidistant sampling technology, and then quickly extracting effective characteristics of UDP traffic and TCP traffic by using two improved Call-Min Sketch structures comprising a plurality of counters and hash tables respectively; constructing UDP Flood and SYN Flood traffic classifiers for the UDP traffic and the TCP traffic in an off-line mode through a decision tree method of machine learning; utilizing the constructed classifiers, employing a Sketch structure for recording feature vectors of sampling packet flows online, and achieving the online detection of UDP Flood and SYN Flood of common DDoS attacks in a high-speed network packet sampling data collection scene. According to the method, DDoS attack can be accurately recognized in a high-speed network environment with low time complexity and space complexity, the UDP Flood detection method can well distinguish UDP Flood attack flow and DNS one-way request flow, the misjudgment rate is reduced, and the method can be used for safety monitoring of a high-speed network.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to a DDoS attack detection method for high-speed network packet sampling data collection scenarios, belonging to the technical field of network security. Background technique

[0002] Distributed Denial of Service (Distributed Denial of Service, referred to as DDoS) attack means that the attacker sends a large number of invalid requests to the target host by controlling a large number of zombie hosts in the network, so that the system or network resources of the target host are exhausted, and eventually it cannot serve Attack methods for legitimate users to provide effective services.

[0003] In recent years, DDoS attacks have emerged one after another, and various related reports are also common. In 2019, CNCERT conducted continuous analysis on the attack resources used to launch DDoS every month, and the stability of the resources that can be exploited decreased. Compared with 2018, the number of domestically active control-e...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More