DDoS attack detection method, device, equipment and computer program product

A computer program and attack detection technology, applied in the field of network security, can solve the problem of low DDoS attack accuracy, and achieve the effect of improving the accuracy and reducing misjudgment

Pending Publication Date: 2021-11-02
CHINA MOBILEHANGZHOUINFORMATION TECH CO LTD +1
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The main purpose of the present invention is to provide a DDoS attack detection method, device, equipment an

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDoS attack detection method, device, equipment and computer program product
  • DDoS attack detection method, device, equipment and computer program product
  • DDoS attack detection method, device, equipment and computer program product

Examples

Experimental program
Comparison scheme
Effect test

Example

[0067] Based on the first embodiment, a second embodiment of the DDoS attack detection method of the present invention is proposed, in the present embodiment, step S101 includes:

[0068] Step S201, acquire the first number of IP streams in each sampling interval, and the total number of IP streams comprise the IP packet, wherein the IP stream is a collection of packets having the same five-tuple;

[0069] Step S202, based on the first number and the total number, each sampling interval corresponds to the IP flow average length.

[0070] In this embodiment, the first number of IP streams in each sampling interval and the total number of IP streams include IP packets, specifically, for each sampling interval, flow into packets within the sampling interval and outflow Packets, flow into packets and outgoing packets according to five-tuples, to obtain each IP stream, and determine the first quantity of IP streams, and the total number of IP streams include IP packets, the total numbe...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a DDoS attack detection method. The method comprises the following steps: acquiring an IP flow average length corresponding to a plurality of sampling intervals, acquiring an IP packet inflow and outflow ratio growth rate corresponding to each sampling interval, and acquiring a source IP address entropy corresponding to each sampling interval; taking the IP flow average length, the IP packet inflow and outflow ratio increase rate and the source IP address entropy as a sample feature vector to obtain a training sample set; inputting the sample feature vectors into a pre-trained classification model for model training to obtain a classification result; and if the training result comprises the abnormal traffic, determining that the sample feature vector corresponding to the abnormal traffic is the distributed denial of service (DDoS) attack traffic. The invention further discloses a DDoS attack detection device and equipment and a computer program product. According to the DDoS attack detection method and device, the sample feature vectors irrelevant to the flow are adopted as the training data, the influence of the change of the flow on the detection result can be avoided, the misjudgment of the detection result is further reduced, and the accuracy of DDoS attack detection is improved.

Description

technical field [0001] The present invention relates to the technical field of network security, in particular to a DDoS attack detection method, device, equipment and computer program product. Background technique [0002] With the rapid development of computer network technology, network attacks and destructive behaviors are also increasing. Among them, DDoS (Distributed Denial of Service, Distributed Denial of Service) attack has amazing destructive power and huge impact, and is a serious attack method that threatens network security. DDoS attacks usually use botnets to send a large number of service requests to victims, resulting in a large amount of resources consumed by victims, so that they cannot respond to legitimate user requests in a timely manner, or even completely paralyzed. With the development of network technology, the traffic of DDoS attacks is also increasing, making it more and more difficult to detect. [0003] At present, the detection method of DDoS ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/1416H04L63/1458H04L63/1425Y02D30/50
Inventor 李淑贤李金星顾宁伦谢懿魏来李海明师文
Owner CHINA MOBILEHANGZHOUINFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap