Supercharge Your Innovation With Domain-Expert AI Agents!

Attack detection method and device, equipment and storage medium

A technology of attack detection and attack messages, applied in the network field, can solve problems such as abnormal computer processing, computer blue screen of death, etc.

Pending Publication Date: 2022-02-11
CHINA UNIONPAY
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Malicious fragmentation attack is caused by triggering recursive reassembly of data packets. Malicious fragmentation attack will cause abnormal computer processing and cause computer blue screen of death

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack detection method and device, equipment and storage medium
  • Attack detection method and device, equipment and storage medium
  • Attack detection method and device, equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach 1

[0092] Embodiment 1. If the fragmentation end flag in the second header of a fragmented message is 1, and the number of bytes corresponding to a fragmented message is less than the maximum transmission unit of the first link, discard the fragmented message .

[0093] Specifically, the first link maximum transmission unit is the lower limit value of the link maximum transmission unit. Different links correspond to different link maximum transmission units. Each link MTU corresponds to an upper limit and a lower limit.

[0094] For example, in Ethernet, the upper limit value of the link maximum transmission unit is 1500 bytes, and the lower limit value of the link maximum transmission unit is 1280 bytes.

[0095] In each fragmented message, except for the last fragmented message, the number of bytes corresponding to each fragmented message is greater than or equal to the lower limit of the maximum transmission unit of the link, and less than or equal to the upper limit of the ...

Embodiment approach 2

[0098] Embodiment 2, if the fragmentation end flag in the second header of a fragmented message is 1, and the number of bytes corresponding to a fragmented message is not an integer multiple of 8, or the number of bytes corresponding to a fragmented message If the difference between the number of sections and the maximum transmission unit of the second link is greater than 4 bytes, the fragmented message is discarded.

[0099] Specifically, the second link maximum transmission unit is an upper limit value of the link maximum transmission unit. When a fragmented message is not the last fragmented message, the number of bytes corresponding to the fragmented message is an integer multiple of 8, and at the same time, the number of bytes corresponding to the fragmented message is close to the maximum transmission unit of the link upper limit value.

[0100] For example, in Ethernet, the upper limit of the maximum transmission unit of a link is 1500 bytes. For a normal fragmented m...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides an attack detection method and device, equipment and a storage medium, and relates to the technical field of networks, and the method comprises the steps: sequentially receiving a plurality of fragmented messages in a target data message, and sequentially carrying out the compliance detection of the plurality of fragmented messages; if the plurality of fragmented messages pass the detection, recombining the plurality of fragmented messages to obtain a recombined message; verifying the first header contained in the recombined message and the byte number corresponding to the recombined message, if the verification is not passed, determining that the recombined message is an attack message, and discarding the recombined message. The malicious fragmentation attack is caused by triggering a recursive recombined fragmentation message, and the number of first headers and corresponding bytes contained in the recombined recombined message is different from that of normal data messages. By verifying the first header of the recombined message and the corresponding byte number, malicious attacks can be effectively detected.

Description

technical field [0001] The embodiments of the present invention relate to the field of network technology, and in particular, to an attack detection method, device, equipment, and storage medium. Background technique [0002] With the development of network technology, the limited address space defined by IPv4 is gradually exhausted. In order to expand the address space and redefine the address space through IPv6, IPv6 is gradually replacing IPv4. Compared with IPv4, IPv6 has greatly improved security. However, the original attack methods in IPv4 still continue to IPv6, for example, fragmentation attacks in IPv4 are still valid in IPv6. [0003] Malicious fragmentation attacks are currently included in IPv6. Malicious fragmentation attack is caused by triggering recursive reassembly of data packets. Malicious fragmentation attack will cause abnormal computer processing and cause computer blue screen of death. Contents of the invention [0004] Embodiments of the presen...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L9/40
CPCH04L63/1441H04L63/1408H04L63/12
Inventor 熊璐杨阳陈舟黄自力邱震尧张叶
Owner CHINA UNIONPAY
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com