Detection defense method for distributed reject service and network appliance

A distributed denial and service detection technology, applied in data exchange networks, error prevention, digital transmission systems, etc. Effect

Inactive Publication Date: 2009-03-04
HUAWEI DIGITAL TECH (CHENGDU) CO LTD
View PDF0 Cites 39 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] In the process of realizing the present invention, the inventor found that the prior art has at least the following disadvantages: because the information entropy is the probability that a single source Internet protocol address field or hop value is used to obtain the attribute, the probability is relatively large, so the attacker is very likely to It is easy to simulate the probability distribution of normal data packet attributes by tampering with the source IP address field value of the data packet network layer or transport layer, so that the detection accuracy rate of the detection method based on single attribute information entropy is very low and the false negative rate is high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection defense method for distributed reject service and network appliance
  • Detection defense method for distributed reject service and network appliance
  • Detection defense method for distributed reject service and network appliance

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 2

[0047] Embodiment 2, counting the number N of arriving data packets per unit time, and comparing the number N of arriving data packets per unit time with the preset threshold Then collect the source IP address of data packet, the number of hops of data packet, the size of data packet, calculate the joint entropy of these N data packets according to the size of source IP address, the number of hops of data packet, data packet, this moment joint Entropy is: H ( X , Y , Z ) = - Σ i = 1 n P ( x i , y i , z i ) log P ( ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention relates to the communication field, and provides a distributed service-refusal detection defense method and network equipment thereof. The method comprises the following steps: the number N of reached data packages in unit time is counted and compared with a threshold value; when N is not lager than the threshold value, a combination entropy of the reached N data packages in unit time, the mean value of the combination entropy and the fluctuation range of the combination entropy of the reached data packages in unit time are acquired; when N is larger than the preset threshold value, the combination entropy of the reached N data packages in unit time is acquired, and whether the offset of the combination entropy of the reached N data packages in unit time to the mean value of the combination entropy is larger than the fluctuation range of the combination entropy is judged, if so, attack occurrence is determined. The distributed service-refusal DDos attack is detected by using the combination entropy of different parameters of the data packages so as to avoid the shortcoming of high rate of missing report caused by single-character faked by the attackers, thus improving the accuracy in detecting the DDoS attack.

Description

technical field [0001] The invention relates to the communication field, in particular to a distributed denial of service detection and defense method and network equipment. Background technique [0002] Denial of Service (Denial of Service: DoS) attack has been a main attack method in the field of computer security for a long time. In the presence of such an attack, victims in the network, such as hosts, servers, routers and other devices, will not be able to provide or accept normal services, and in a distributed denial of service (Distributed Denial of Service: DDoS) attack, The attacker controls a large number of hosts distributed across the network, and at the same time launches a denial of service attack on the target. [0003] At present, the most common attack methods in DDoS attacks are transmission control protocol flood attack (TCPFlood), user datagram protocol flood attack (UDP Flood), and Internet control message protocol flood attack (ICMP Flood) attack. For t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/26H04L12/56H04L1/00H04L29/08
Inventor 谷勇浩张烜杨莉杨亚涛辛阳
Owner HUAWEI DIGITAL TECH (CHENGDU) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap