Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

DDoS attack detection method oriented to high-speed network packet sampling data acquisition scene

A high-speed network and sampling data technology, applied in the field of network security, can solve problems such as reduced resource stability and complex calculations in memory space, achieving low time complexity, low space complexity, and strong practicability

Active Publication Date: 2021-07-13
SOUTHEAST UNIV
View PDF1 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In 2019, CNCERT conducted continuous analysis on the attack resources used to launch DDoS every month, and the stability of exploitable resources decreased
Nevertheless, the method still requires sufficient memory space and complex calculations

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDoS attack detection method oriented to high-speed network packet sampling data acquisition scene
  • DDoS attack detection method oriented to high-speed network packet sampling data acquisition scene
  • DDoS attack detection method oriented to high-speed network packet sampling data acquisition scene

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment

[0069] Specific embodiments: the DDoS detection method based on the improved Count-Min Sketch provided by the present invention can detect common DDoS attacks UDP Flood and SYN Flood in a high-speed network environment, and its process framework is as attached figure 1 As shown, the following will introduce the detection steps of UDP Flood and SYN Flood respectively.

[0070] The detection of UDP Flood includes the following steps:

[0071] (1) Obtain a public traffic data set containing UDP Flood traffic, including traffic collected in two different time periods. The first part of the traffic collection time is earlier than the second part of the traffic. Both parts of the traffic contain common DDoS attack UDPFlood traffic and normal traffic;

[0072] In one embodiment of the present invention, the public data set CIC-DDoS2019 containing UDP Flood traffic collected by UIB University on January 12, 2018 and March 11, 2018 is obtained, and the data collected on January 12, 2...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a DDoS attack detection method for a high-speed network packet sampling data acquisition scene, and the method comprises the following steps: sampling network packets by using an equidistant sampling technology, and then quickly extracting effective characteristics of UDP traffic and TCP traffic by using two improved Call-Min Sketch structures comprising a plurality of counters and hash tables respectively; constructing UDP Flood and SYN Flood traffic classifiers for the UDP traffic and the TCP traffic in an off-line mode through a decision tree method of machine learning; utilizing the constructed classifiers, employing a Sketch structure for recording feature vectors of sampling packet flows online, and achieving the online detection of UDP Flood and SYN Flood of common DDoS attacks in a high-speed network packet sampling data collection scene. According to the method, DDoS attack can be accurately recognized in a high-speed network environment with low time complexity and space complexity, the UDP Flood detection method can well distinguish UDP Flood attack flow and DNS one-way request flow, the misjudgment rate is reduced, and the method can be used for safety monitoring of a high-speed network.

Description

technical field [0001] The invention relates to a DDoS attack detection method for high-speed network packet sampling data collection scenarios, belonging to the technical field of network security. Background technique [0002] Distributed Denial of Service (Distributed Denial of Service, referred to as DDoS) attack means that the attacker sends a large number of invalid requests to the target host by controlling a large number of zombie hosts in the network, so that the system or network resources of the target host are exhausted, and eventually it cannot serve Attack methods for legitimate users to provide effective services. [0003] In recent years, DDoS attacks have emerged one after another, and various related reports are also common. In 2019, CNCERT conducted continuous analysis on the attack resources used to launch DDoS every month, and the stability of the resources that can be exploited decreased. Compared with 2018, the number of domestically active control-e...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1425H04L63/1458H04L61/4511
Inventor 吴桦陈廷政程光邵梓菱
Owner SOUTHEAST UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products