Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for controlling protocol message attack

A technology for controlling protocols and protocol messages, applied in digital transmission systems, electrical components, transmission systems, etc., can solve problems such as inability to perform attack control processing, inability to respond to abnormal conditions of the main control board, protocol message attacks, etc.

Inactive Publication Date: 2009-08-05
HUAWEI TECH CO LTD
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0019] 1. Neither the main control board nor the service board can judge whether an attack has occurred
[0020] 2. CAR processing is only performed on received protocol packets on the service board side, but no measures are taken to prevent protocol packet attacks on the main control board side, so it cannot respond to abnormal situations that occur on the main control board
[0021] 3. All service boards perform CAR processing on received protocol packets, and cannot control attacks initiated by a single user's service board, thus affecting other users on the service board that have not initiated attacks
[0022] 4. Effective attack control cannot be performed on the service boards that have already attacked

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for controlling protocol message attack
  • Method for controlling protocol message attack
  • Method for controlling protocol message attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0073] In this embodiment, the burst traffic threshold is preset, and the burst traffic threshold is a ratio, which indicates the rate of change of packet traffic that the system can bear when the packet traffic suddenly increases.

[0074] In this embodiment, it is judged whether an attack behavior occurs by comparing the current packet traffic growth rate with the burst traffic threshold.

[0075] image 3 It is a flow chart for realizing Embodiment 1 of the present invention, see image 3 In this embodiment, the specific process for realizing the control protocol message attack includes the following steps:

[0076] Step 301: the main control board receives a protocol message sent by a VLAN of a slot of the service board, and updates the value of the message counter, that is, the current value of the message counter Dyn_Speed=(last message counter value+1) .

[0077] Step 302: Count the number of credit synchronization cycles that arrive at the time interval between the ...

Embodiment 2

[0090] In this embodiment, the queue usage threshold is preset, and the queue usage threshold is an empirical value set according to the usage of each queue on the main control board under normal conditions when no attack occurs.

[0091] In this embodiment, it is judged whether an attack behavior occurs by comparing the queue resource usage rate with the queue usage rate threshold.

[0092] Figure 4 It is a flow chart for realizing Embodiment 2 of the present invention, see Figure 4 , the specific process of realizing the control protocol packet attack in this embodiment is as follows:

[0093] Replace step 307 of the inventive method in Embodiment 1 with step 401 of the inventive method of this embodiment, that is, calculate the queue resource utilization rate of the queue receiving the protocol message, and compare the queue resource utilization rate with the queue utilization rate threshold, if the queue resource Utilization rate is greater than the queue utilization r...

Embodiment 3

[0096] In this embodiment, the time allowed for the upper-layer application to wait for the arrival of the protocol message is set in advance as the time-sensitive response threshold.

[0097] In this embodiment, it is judged whether an attack occurs by comparing the waiting time of the upper-layer application program for the arrival of the message with the time-sensitive response threshold.

[0098] Figure 5 It is a flow chart for realizing Embodiment 3 of the present invention, see Figure 5 , the specific process of realizing the control protocol packet attack in this embodiment is as follows:

[0099] Replace step 307 of the inventive method in Embodiment 1 with step 501 of the inventive method in this embodiment, that is, judge whether the time for the upper-layer application program to receive the reachable protocol message is greater than the time-sensitive response threshold; If an attack has occurred in the VLAN corresponding to the program, then step 310 is perfor...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for controlling protocol message attacks. When the main control board receives the protocol message sent by the current controlled unit of the service board, it judges whether the current message flow growth rate of the controlled unit is greater than the sudden If it is greater than the threshold of sending traffic, attack control will be carried out, and the last message flow parameter will be used as the maximum transmission bandwidth of the controlled unit, and the controlled unit that has attacked the behavior will be prohibited from sending protocol reports to the main control board. Otherwise, update the last packet flow parameter, the last packet flow parameter and the current packet flow parameter of the controlled unit. The method of the present invention can judge whether the attack behavior occurs on the side of the main control board, and can control the attack of the protocol message in time and effectively, and the attack control is only for the controlled unit where the attack behavior has occurred, and will not affect other controlled units, thereby Greatly improved the performance of the system.

Description

technical field [0001] The invention relates to message attack technology, in particular to a method for controlling protocol message attack in a distributed system. Background technique [0002] A distributed system refers to a system in which the main control module and the forwarding module are installed on different physical boards, and generally consists of one main control board and multiple service boards. figure 1 It is a schematic diagram of the connection relationship between the main control board and the service board. see figure 1 , the main control board refers to the single board where the main control module is located, and mainly performs functions such as equipment maintenance, service processing, user management, authentication and billing, and the service board refers to the single board where the forwarding module is located, and mainly performs the packet forwarding function. The main control board and the service board communicate through the backpla...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/24
Inventor 陈刚
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com