Method and device for realizing DDOS user matching based on Trie tree

A user and user information technology, applied in the field of network security, to achieve high query efficiency, improve overall response time, and reduce unnecessary comparisons
CN114465757APending Publication Date: 2022-05-10CHINA UNITECHS
0 Cites 0 Cited by

Patent Information

Authority / Receiving Office
CN · China
Current Assignee / Owner
CHINA UNITECHS
Publication Date
2022-05-10

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention discloses a method and a device for realizing DDOS (Distributed Denial of Service) user matching based on a Trie tree, and the method comprises the following steps: a management system manually inputs user information and IP (Internet Protocol) address information corresponding to a user through a web interface; the management system synchronously issues the information to downstream detection equipment, after the detection system receives the information, an IP address is converted into binary data, an IP node is generated through a Trie tree algorithm, and meanwhile a binary Trie tree corresponding to id information is generated; the router sends the Netflow message to the DDOS detection system, decodes the data message and obtains destination IP address information; the DDOS detection system carries out matching according to the generated Trie tree, and after an address is matched, user information of a CIDR network segment to which the current message IP belongs is obtained; and the detection system sends the user information obtained through the Trie data algorithm to the downstream in a matching manner, and discards unmatched message data. According to the method and the device, user IP matching is carried out on a message with a large data volume based on a Trie tree technology, high-performance user data matching is realized, and the data processing performance is improved.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the field of network security, in particular to a method and device for realizing DDOS user matching based on a Trie tree. Background technique

[0002] At present, the matching of ddos ​​attack target users is based on the matching of the destination IP. If the user contains many IPs, it is based on the form of CIDR. At this stage, the matching is based on the splitting of the IP and storing it with the data in the database. In comparison, the matching efficiency gradually decreases with the increase of data, and the service performance is severely degraded.

[0003] In the existing ddos ​​attack detection, it is necessary to prefabricate the user’s IP in CIDR format and synchronize it to the detection system. Most of the user’s IP is based on the mask form. After receiving the user’s IP, the detection system will analyze the user’s IP segment , store the split IP in the database, analyze the destination IP after the system r...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More