Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and device for detecting multiple types of application layer DDOS attacks

An application layer and type technology, applied in the Internet field, can solve the problem of inability to detect specific types of application layer DDoS, and achieve the effect of improving detection accuracy, reducing malicious traffic, and improving accuracy.

Active Publication Date: 2022-07-01
BEIJING JIAOTONG UNIV
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The disadvantage of this method is that it can only distinguish between abnormal traffic and normal traffic, and cannot detect application-layer DDoS in abnormal traffic and the specific types of application-layer DDoS

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for detecting multiple types of application layer DDOS attacks
  • A method and device for detecting multiple types of application layer DDOS attacks
  • A method and device for detecting multiple types of application layer DDOS attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0047] A structural diagram of a device that can detect multiple types of application layer DDoS attacks provided by an embodiment of the present invention is as follows: figure 1 As shown, it includes: feature generation module, offline training module and online detection module.

[0048] The feature generation module 10 is configured to generate valid feature information suitable for various types of application layer DDoS attacks, and transmit the valid feature information to the offline training module.

[0049] The offline training module 20 is used to train and obtain various types of application layer DDoS attack detection models according to the effective feature information, and use the detection sample set to train and verify the various types of application layer DDoS attack detection models.

[0050] The online detection module 30 is used for deploying the trained multiple types of application layer DDoS attack detection models, using multiple types of application...

Embodiment 2

[0096] Figure 5 A schematic diagram of the work flow of a device that can detect multiple types of application-layer DDoS attacks online provided by an embodiment of the present invention. The specific processing flow includes: a stage of online capture of traffic at the network entrance, and a real-time traffic capture tool is used to obtain detection at the network traffic entrance. Traffic; in the online feature generation stage, the generated traffic files are read online, and the flow feature extraction tool is used to generate the corresponding detection sample set; in the online prediction stage, the effective feature information screened in the feature analysis stage is selected as input, and the trained application layer The DDoS attack detection model performs online prediction on the experimental traffic to be detected.

[0097] Optionally, use the SHELL script under the system to realize the automated process of online traffic capture, feature generation, and onli...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention provides a method and device capable of detecting various types of application layer DDoS attacks. The device includes: a feature generation module generates valid feature information suitable for various types of application layer DDoS attacks, and transmits the valid feature information to an offline training module; the offline training module trains and obtains various types of application layer DDoS attack detection models according to the valid feature information, and uses the detection The sample set is used to train and verify various types of application-layer DDoS attack detection models; the online detection module deploys various types of application-layer DDoS attack detection models that have been trained, and uses various types of application-layer DDoS attack detection models to detect real-time network traffic and output streams. Application layer DDoS attack detection results via network traffic. The invention can detect various application layer DDoS attacks including HTTP-Flood attack, HTTP-Get attack, HTTP-Post attack and CC attack, can improve the detection accuracy of application layer DDoS attack and reduce malicious traffic.

Description

technical field [0001] The present invention relates to the field of Internet technologies, and in particular, to a method and device capable of detecting various types of application layer DDoS attacks. Background technique [0002] DDoS attack refers to the use of client or server technology to combine multiple computers as an attack platform to launch a distributed denial of service attack on one or more targets. Compared with traditional DDoS attacks based on low-level protocols, application-layer DDoS attacks utilize high-level protocols and have the characteristic features that are difficult to detect. Application-layer DDoS attacks are premised on normal TCP connections, real IP addresses, and IP packets, and the HTTP flow that forms the attack does not have the characteristic features of traditional DDoS attacks. Application-layer DDoS attacks have strong operability and low attack thresholds, which bring a series of major risks to network service providers, such as...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L41/14
CPCH04L63/1416H04L63/1425H04L63/1458H04L41/145
Inventor 周华春李颖之李坤杨天奇李丽娟沈琦
Owner BEIJING JIAOTONG UNIV