Traffic feature recognition method and device, computer equipment and storage medium

An identification method and a technology of traffic characteristics, applied in the direction of secure communication devices, digital transmission systems, electrical components, etc., can solve problems such as service loss and impact on business services, and achieve the effect of preventing flooding attacks

Active Publication Date: 2022-08-05
GUANGDONG EFLYCLOUD COMPUTING CO LTD
View PDF10 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The purpose of the embodiment of this application is to propose a flow feature identification method, device, computer equipment and storage medium to solve the problem that many people use DNS in the prior art Vulnerabilities are used to attack, so the normal DNS service is often cleaned, which eventually leads to the loss of normal services and eventually affects normal business services

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Traffic feature recognition method and device, computer equipment and storage medium
  • Traffic feature recognition method and device, computer equipment and storage medium
  • Traffic feature recognition method and device, computer equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0052] continue to refer to figure 2 , showing a flow chart of an embodiment of the traffic feature identification method of the present application. The traffic feature identification method includes the following steps:

[0053] In step S201, the inbound and outbound traffic is analyzed by mirroring at the egress, and a database is modeled.

[0054] Mirroring is a form of file storage and a type of redundancy. Data on one disk has an exact copy on another disk, which is mirroring. Many files can be made into a mirror file, which is placed in a disk with programs such as GHOST and opened with software such as GHOST, and then restored into many files. RAID 1 and RAID 10 use mirroring. Common image file formats are ISO, BIN, IMG, TAO, DAO, CIF, FCD. In this embodiment, the purpose of performing egress mirroring is to acquire data packets.

[0055] The purpose of analyzing the resolution of the external DNS request of the computer room is to form a signature database.

[0...

Embodiment 2

[0087] further reference image 3 , as a response to the above figure 2 The implementation of the shown method, the present application provides an embodiment of a traffic feature identification device, the device embodiment is the same as figure 2 Corresponding to the method embodiments shown, the apparatus can be specifically applied to various electronic devices.

[0088] like image 3 As shown, the flow feature identification device 400 in this embodiment includes: a modeling module 401 , a ranking module 402 and a control module 403 . in:

[0089] The modeling module 401 is used to mirror the inflow and outflow traffic at the egress, and model the database;

[0090] a rating module 402, configured to calculate a rating score according to the result of analyzing the external DNS;

[0091] The control module 403 is configured to set the passing principle of score according to the grade score, and let the flow that conforms to the passing principle of score pass throu...

Embodiment 3

[0094] To solve the above technical problems, the embodiments of the present application also provide computer equipment. For details, please refer to Figure 4 , Figure 4 This is a block diagram of the basic structure of the computer equipment in this embodiment.

[0095] The computer device 6 includes a memory 61 , a processor 62 , and a network interface 63 that communicate with each other through a system bus. It should be pointed out that only the computer device 6 with the component memory 61, the processor 62 and the network interface 63 is shown in the figure, but it should be understood that it is not required to implement all the shown components, and more can be implemented instead. or fewer components. Among them, those skilled in the art can understand that the computer device here is a device that can automatically perform numerical calculation and / or information processing according to pre-set or stored instructions, and its hardware includes but is not limi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the field of DNS flooding attacks, and relates to a traffic feature recognition method and device, computer equipment and a storage medium, and the method comprises the steps: carrying out the mirror analysis of inflow and outflow traffic at an exit, and modeling a DNS database; analyzing an external DNS according to the modeled DNS database, and calculating a grade score according to a DNS analysis result; and according to the grade scores, a score passing principle is set, and the traffic conforming to the score passing principle passes. According to the method and the device, the specification is formed according to the legality of the domain name, the database is recorded, and the traffic abnormality cleaning equipment calls, so that the occurrence of DNS UDP flooding attacks is greatly prevented.

Description

technical field [0001] The present application relates to the technical field of DNS flooding attacks, and in particular, to a traffic feature identification method, apparatus, computer equipment and storage medium. Background technique [0002] Domain Name System ( DNS ) servers are the "phone book" of the Internet; they are the paths through which Internet devices can find specific Web servers to access Internet content. DNS flooding is a distributed denial of service attack (DDoS) where an attacker can flood a specific domain's DNS servers in an attempt to disrupt DNS resolution for that domain. If the user can't find the phonebook, they can't call a specific resource by looking up the address. By disrupting DNS resolution, DNS flooding compromises the responsiveness of a website, API, or web application to legitimate traffic. DNS flood attacks can be difficult to distinguish from normal high volume traffic, which often originates from multiple unique locations querying...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L9/40
CPCH04L63/0236H04L63/1416H04L63/1425H04L63/1458
Inventor 曾宪力韩帆梁永堂
Owner GUANGDONG EFLYCLOUD COMPUTING CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap