Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A Method of Detecting UDP Flood Attack and Defense Based on Binary Tree

A binary tree and IP address technology, applied in the field of network security, can solve the problems of helpless defense methods, consumption of attacked network service resources, weak attack immunity, etc., to achieve rapid and efficient detection, excellent defense effect, and high accuracy.

Inactive Publication Date: 2011-12-28
XIANGTAN UNIV
View PDF0 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] Denial of service attack (DoS) and distributed denial of service attack (DDoS) are currently commonly used network attack methods. This attack consumes the bandwidth of the attacked network and the service resources of the attacked host by sending a large number of forged service requests, thus making Normal service requests are unresponsive
Especially the UDP Flood attack, because it utilizes the inherent loopholes in the UDP protocol (abbreviation of User Datagram Protocol, User Datagram Protocol), so the existing protocol system is very weak against this attack.
The current defenses against this attack mainly include disabling or filtering monitoring and response services, disabling or filtering unenabled UDP services, disabling some ports that are vulnerable to UDP Flood attacks, filtering UDP fragments, and refusing to accept all UDP datagrams ( In some extreme cases), the establishment of UDP connection rules requires that all UDP packets going to the port must first establish a TCP connection with the TCP port. If the user must provide some external UDP services, then a proxy mechanism needs to be used to protect these services , so that it will not be abused, monitor the user's network to understand which systems are using these services, and monitor signs of abuse. Under certain circumstances, these measures may have a certain effect, but these methods Most of them are very passive, have a narrow defense area, poor defense effect, and may accidentally damage normal services and reduce network transmission efficiency. For example, disabling certain ports will seriously interfere with certain normal UDP services and can only defend against disabled ports. UDP Flood attack; disabling or filtering the response service sometimes seriously reduces the transmission efficiency of the network
In summary, it can be seen that when a large-scale UDP-type DDoS attack occurs, conventional defense methods are basically helpless

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Method of Detecting UDP Flood Attack and Defense Based on Binary Tree
  • A Method of Detecting UDP Flood Attack and Defense Based on Binary Tree
  • A Method of Detecting UDP Flood Attack and Defense Based on Binary Tree

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0041] Such as Figure 21 Shown is the network topology diagram of this example. In this network, three network hosts can access a Linux server on the Internet through the Internet; A UDP Flood attack is launched, and the host with the source IP address 192.168.1.102 communicates with the Linux server normally; at this time, the Linux server NIC cache stores IP data packets from the Internet, and various system processes read them in a first-in-first-out manner. Take the IP data packet in the cache, that is, which network data packet is stored in the network card cache first, and who will be processed first. In this example, a Linux server is protected, and the traffic sent to the Linux server from the Internet is filtered on the Linux server.

[0042] First, make the following preparations on the Linux server operating system:

[0043]Install the libnids package in the user layer. libnids is a professional programming interface for network intrusion detection development. I...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention relates to the technical field of network security, in particular to a method for judging UDPFlood attack and defense based on binary tree detection, comprising the following steps: 1. Construct a binary tree structure to store and query UDP data packets and related information; 2. UDP Pre-store data packets and related information; 3. Search the binary tree, and compare the information stored in the binary tree with the currently analyzed information to determine whether it is a UDP Flood attack; 4. Call the operating system firewall program to filter and send UDP Flood Host IP, refuses to receive packets. The present invention can achieve the following beneficial effects: the large-scale DDoS-type UDP Flood attack adopts a binary tree-based cycle detection method, pre-stores UDP data packets through the binary tree and searches the binary tree for matching and cycle detection, and the detection is fast, efficient, and highly accurate , has an excellent defensive effect.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method for judging UDP Flood attack and defense based on binary tree detection. Background technique [0002] Denial of service attack (DoS) and distributed denial of service attack (DDoS) are currently commonly used network attack methods. This attack consumes the bandwidth of the attacked network and the service resources of the attacked host by sending a large number of forged service requests, thus making Normal service requests are not responded to. Especially UDP Flood attack, because it has utilized the inherent loophole that UDP protocol (the abbreviation of User Datagram Protocol, User Datagram Protocol) exists, so existing protocol system immunity to this attack is very weak. The current defenses against this attack mainly include disabling or filtering monitoring and response services, disabling or filtering unenabled UDP services, disabling some ports that...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 唐欢容李勇周王辉李宇欧阳建权
Owner XIANGTAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com