A real-time ddos ​​defense system based on dpdk

A defense system and rule technology, applied in the transmission system, electrical components, etc., can solve the problems that the cleaning service cannot identify the attack, cannot implement the target traffic priority strategy, and enterprise threats, etc., to improve the forwarding rate of benign traffic, low overhead, and high efficiency The effect of forwarding in the network

Active Publication Date: 2021-12-07
ZHEJIANG UNIV
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, since defenses focus on dealing with large but well-characterized attacks, when faced with unknown and complex attacks that have no precedent or have not been fully exposed, the cleanup services deployed by cloud security service providers cannot identify the attacks, which poses a serious threat to enterprises. threaten
Existing target-driven policy-based methods can only simply share by flow or by source, and cannot implement complex target traffic priority policies

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A real-time ddos ​​defense system based on dpdk
  • A real-time ddos ​​defense system based on dpdk
  • A real-time ddos ​​defense system based on dpdk

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] The present invention will be described in detail below according to the accompanying drawings.

[0023] figure 1 It is the flow chart of the DDoS real-time defense system based on DPDK in the present invention, figure 2 It is an architecture diagram of the present invention based on the DPDK system, including a fast forwarding table module, a traffic monitoring module, a machine learning rule table module, an intermediate bucket module and a priority queue scheduling module.

[0024] The fast forwarding table module uses the fast forwarding table to match the network traffic, and the fast forwarding table includes a source address list not controlled by the attacker, and the network traffic first matches the IP with the fast forwarding table to obtain a priority label; If the match is successful, it will bypass the machine learning rule table module and directly enter the priority queue scheduling module, and mark it with a high priority label; if the match is unsucc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a DDoS real-time defense system based on DPDK. The system includes modules such as fast forwarding path, machine learning rule table, fast forwarding table, priority queue scheduling, flow monitoring and the like. The present invention targets unknown complex attacks through the DPDK-based data forwarding plane, provides priority to the victim with mission-critical preferred traffic, and efficiently forwards data packets; secondly, the present invention implements machine learning matching rules and uses flexible scheduling methods for traffic management to offset machine attacks. Negative effects caused by learning model defects. The system has the advantages of deployability, high efficiency, and fault tolerance. It can realize data-driven traffic classification based on machine learning rules, thereby defending against DDoS attacks in real time, achieving efficient intra-network forwarding, and improving the benign traffic forwarding rate. .

Description

technical field [0001] The invention relates to the technical field of computer network security, belongs to the defense of distributed denial of service attack (DDoS), in particular to a DPDK-based real-time DDoS defense system. Background technique [0002] Distributed denial of service attacks have become one of the main threats facing the Internet. DDoS defense has always been a topic of great research value, which has attracted extensive attention from both academia and industry. A common challenge faced by current approaches to DDoS defense is deployability and efficiency against attacks of previously unknown complexity. [0003] Due to the heterogeneity of autonomous systems, methods that require deployment in a large number of autonomous systems are severely limited in their deployment in real environments. Therefore, cloud security service providers play a vital role in today's DDoS protection. They first redirect the DDoS victim's traffic to a data center that i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1458
Inventor 张帆陈欢赵子鸣宋卓学李亮汤尧
Owner ZHEJIANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap