Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for detecting DOS/DDOS (denial of service/distributed denial of service) attack

A technology for attack detection and purpose, applied in the network field to prevent harm and meet real-time requirements

Inactive Publication Date: 2015-07-15
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF1 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The purpose of the invention is to propose a DOS / DDOS attack detection method in order to solve the problems existing in the existing DoS / DDOS attack detection method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for detecting DOS/DDOS (denial of service/distributed denial of service) attack
  • Method for detecting DOS/DDOS (denial of service/distributed denial of service) attack
  • Method for detecting DOS/DDOS (denial of service/distributed denial of service) attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0017] The present invention will be further elaborated below in conjunction with specific embodiments.

[0018] The DOS / DDOS attack detection method of the present invention first extracts the required traffic characteristic parameters, calculates the information entropy, extracts the traffic characteristic parameters—determines the abnormal time point—determines the abnormal destination IP—identifies the abnormal flow and determines the attack type. The detection of DoS / DDoS attacks and the identification of abnormal flows are completed in sequence. The specific flow chart is as follows figure 1 shown.

[0019] Specifically include the following steps:

[0020] S1. Obtain the flow data in the network from the network device, and extract the flow characteristic parameters from the flow data;

[0021] S2. Process the traffic characteristic parameters extracted in step S1, determine an abnormal time point, and expand according to the abnormal time point to form a historical t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a DOS / DDOS attack detection method. The method of the present invention firstly extracts the required traffic characteristic parameters from the network flow data, determines the abnormal time point and constructs the historical time window by analyzing the traffic characteristic parameters, and then finds out the top N destination IPs with the largest traffic at the abnormal time point, and analyzes the history The sub-flow containing each selected destination IP in the time window determines the abnormal destination IP, and finally confirms the attack and identifies the abnormal flow. The method of the present invention is different from the traditional packet-by-packet analysis method, adapts to the characteristics of huge backbone network traffic, can meet the real-time requirements of backbone network anomaly detection, and can more accurately detect DoS / DDoS attacks in the backbone network, It can identify the attack flow in the backbone network, so that the network administrator can set up the router in time to filter out the flow sent by the attacker and prevent it from causing harm to the destination host.

Description

technical field [0001] The invention belongs to the field of network technology, and in particular relates to a DOS / DDOS attack detection method. Background technique [0002] A denial of service (DoS) attack is a form of attack that makes a computer or network unable to provide normal services by sending a large number of data packets. It may exhaust all available network resources or the system resources of the attacked object in a short period of time, making legitimate user requests unable to pass or be processed, thus hindering normal communication in the network and bringing huge losses to the attacked person and even the network. harm. [0003] A Distributed Denial of Service (DDoS) attack is a covert denial of service attack in which data packets come from different attack sources. Compared with DoS attacks, DDoS attacks have smaller traffic on a single link and are difficult to be detected by network devices, so they are easier to form. On the other hand, the abn...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/26H04L29/06H04L12/70
Inventor 周颖杰马力胡光岷陈慧楠刘岩
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com