Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network attack filtering method and device

A network attack and filtering device technology, applied in the field of network security, can solve problems such as untimely detection, increased difficulty in maintenance, and impact of speed limit on normal access users, and achieve remarkable results.

Active Publication Date: 2012-10-17
HANGZHOU DPTECH TECH
View PDF4 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] Mechanism A needs to monitor the number of DNS request packets of each user, that is, it needs to maintain the statistics of the number of request packets of each user, and the difficulty of maintenance increases exponentially when faced with tens of thousands of users
Moreover, a malicious attacker may pretend to be a normal user and send a large number of fake DNS request packets. At this time, the speed limit mechanism may cause the normal user to be unable to use the network normally.
Moreover, if malicious attackers adopt distributed and discrete attack methods, mechanism A cannot distinguish between normal access and malicious access, and can only limit the overall speed through mechanism B. However, the speed limit means of mechanism B will also cause normal access users to be restricted. speed impact
[0008] In addition, no matter whether it is mechanism A or mechanism B, there is the problem that the detection may not be timely. When the attack presents a burst and a large number of characteristics, although it can be detected by the security device, due to the possible lag in detection, a large amount of malicious attack traffic The DNS server may be accessed by bypassing the security device during this period of detection lag, and the DNS server may also be paralyzed due to a large amount of sudden attack traffic in an instant, and the protection of the security device is meaningless

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network attack filtering method and device
  • Network attack filtering method and device
  • Network attack filtering method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019] The present invention provides an accurate network attack filtering method and device for the DNS server, and its design principle is no longer rough protection from the number of packets and rate as in the prior art, but from the user's normal access to the DNS server. Beginning with behavioral characteristics, identify normal user access and malicious attacks. Please refer to figure 1 , Taking computer program implementation as an example (the present invention does not exclude other implementations), a network attack filtering device of the present invention is applied to a security device to provide a network attack filtering service for a DNS server, and the device includes: a message distinguishing unit and Behavior Analysis Unit. The security device can adopt a popular hardware architecture, which mainly includes CPU, memory, storage, and various business hardware (not required) including business cards. In a basic implementation, please refer to figure 2 as ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a network attack filtering method which is applied to a safety device and used for providing a service for filtering network attacks to a domain name server (DNS). The method comprises the following steps: A. judging whether the first sending is conducted when a DNS request message of a user is received, if no, transferring to a step B to process; or, abandoning the message and storing the DNS conversation information and an user behavioral parameter in a DNS conversation table; B. obtaining a user behavioral parameter corresponding to the conversation information brought by a current DNS request message from the DNS conversation table, judging whether the difference between the user behavioral parameter brought by the current message and the user behavioral parameter recorded in the DNS conversation table is in accordance with the standard of normal user behavior; if so, judging the message to be legal; and otherwise, abandoning the message. According to the behavioral characteristics of a user protocol stack, the attack to the DNS server is effectively filtered.

Description

technical field [0001] The invention relates to a network security technology, in particular to a network attack filtering method and device applied to a security device to protect a DNS server. Background technique [0002] People's work and life are benefiting from the continuous advancement of network technology. However, with the rapid expansion of the network scale, network security issues have become increasingly serious. Various attacks on the network emerge in an endless stream, and DoS (Denial of Service) attack is one of the most typical network attacks. Since DDoS (distributed denial of service) attacks first appeared in 2000, DDoS attacks have occurred every day, and they have become more and more serious. Many individual users and various corporate networks are subject to DDoS attacks. DDos attacks can cause network congestion, servers or other hosts to stop processing user requests, corporate websites go down, corporate networks don't work, and more. These p...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
Inventor 李鑫
Owner HANGZHOU DPTECH TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com