Method for detecting and filtering application layer DDoS (Distributed Denial of Service) attack on basis of access marking

A technology of access marking and filtering method, which is applied in the direction of electrical components, transmission systems, etc., can solve the problems of low transparency of detection algorithms, servers falling into attacks, and large limitations, so as to improve the ability to resist DDoS attacks at the application layer and achieve good detection performance effect

Inactive Publication Date: 2013-05-01
大连环宇移动科技有限公司 +1
View PDF7 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Analyzing the above detection methods, it can be found that: 1) The differences in application layer services and protocols enable application layer DDoS attacks to have many different forms, while most of the above detection methods only consider the detection of Web serve

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for detecting and filtering application layer DDoS (Distributed Denial of Service) attack on basis of access marking
  • Method for detecting and filtering application layer DDoS (Distributed Denial of Service) attack on basis of access marking
  • Method for detecting and filtering application layer DDoS (Distributed Denial of Service) attack on basis of access marking

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] The present invention provides a method for detecting and filtering DDoS attacks at the application layer based on access marks. The method realizes transparent detection and synchronous filtering of DDoS attacks at the application layer for various servers. The technical solution of the present invention will be described in detail below in conjunction with the accompanying drawings .

[0046] figure 1 It is a method flowchart of an embodiment of the method for detecting and filtering an application layer DDoS attack based on an access token in the present invention, as shown in the figure. The method includes the following steps:

[0047] Steps to build the training database, that is, the steps in the training phase:

[0048] 1) Mark the normal user i's access behavior without policy, do not process the normal user i's access time and page, and obtain the original marking result;

[0049] 2) Set the access mark statistics time period t s , set the average interval...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for detecting and filtering an application layer DDoS (Distributed Denial of Service) attack on the basis of access marking. The method comprises the following steps of: on the training phase, carrying out non-strategy marking on access behaviors of normal users; carrying out marking processing by adopting a marking strategy; extracting detection features by adopting a feature extraction strategy and representing access users as feature vectors; acquiring SVDD (Support Vector Data Description) supraspheres of the normal users and storing the SVDD supraspheres into a training database; carrying out marking on the basis of the marking strategy on access behaviors of users who enter a server and are to be detected; extracting effective detection features and expressing the access users into a feature vector form; and according to the SVDD supraspheres, carrying out detection classification and abnormity judgment on the feature vectors and when the access users are abnormal users, carrying out synchronous filtering. Implementation of the technical scheme adopted by the invention has the following beneficial effects that access marking and extraction of abnormal features are not limited to the specific server; synchronous filtering on attacking users can be implemented in the detecting process; and capability that the server resists to application layer DDoS attack is improved.

Description

technical field [0001] The invention relates to the field of computer network security, in particular to a method for detecting and filtering DDoS attacks at the application layer based on access marks. Background technique [0002] As the Internet is widely used in all aspects of work and life, such as business, government, enterprise, entertainment, etc., the corresponding network security becomes more and more important. Among many network attacks, distributed denial-of-service attacks, since their first occurrence in August 1999, have become a hidden danger factor that cannot be ignored affecting network security due to their simple launch and powerful destructive attack characteristics. In recent years, with the continuous improvement of low-level detection and defense methods, an application-layer DDoS attack that combines with high-level services and uses normal protocols and server connections to transmit data has emerged as the times require. Since it is different ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/08
Inventor 张建辉李锦铃卜佑军于婧申涓袁林
Owner 大连环宇移动科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap