Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for defending denial of service attack

A denial of service attack, server technology, applied in the field of communication, can solve the problems of low defense accuracy, difficult TCP/IP protocol stack, accidental injury, etc., to achieve the effect of effective defense

Inactive Publication Date: 2014-03-26
DAWNING CLOUD COMPUTING TECH CO LTD
View PDF5 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] 2. Modify the tcp_max_syn_backlog parameter to use the memory resources of the server in exchange for a larger waiting queue length, so that the attack data packets will not occupy all connections and cause normal users to fail to complete the handshake;
[0010] Although the above-mentioned defense methods have played a defensive role in certain procedures, the traditional defense technology is relatively simple, and the defense ability against various types of combined attacks is relatively low
At the same time, it is difficult to customize the TCP / IP protocol stack, and it is not universal; and the method of using the blacklist to prevent malicious attacks is prone to accidental injury, that is, there may be cases where normal programs or users are pulled into the blacklist. Defense accuracy is not high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for defending denial of service attack
  • Method and device for defending denial of service attack
  • Method and device for defending denial of service attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] In order to make the technical solutions and advantages of the present invention clearer, the exemplary embodiments of the present invention will be described in further detail below in conjunction with the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of the present invention, rather than all implementations. Exhaustive list of examples.

[0029] The present invention sets reasonable strategies to prevent malicious users from accessing from the network access, and uses the agent program in load balancing to achieve further defense, and web resources can be adaptively adjusted in the face of attacks under the load balancing mechanism, Realize effective defense against malicious attacks. The so-called load balancing refers to the use of load balancing strategies to expand the bandwidth of network equipment and servers, increase throughput, strengthen network data processing capabilities, and improve network flexibility and av...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method for defending denial of service attacks. The method for defending denial of service attacks comprises the following steps: intercepting rogue access IP (Internet Protocol) according to a preset intercepting strategy respectively in a network access period and a TCP connection handshake period; shielding the rogue access IP by using the proxy mechanism of a load balancing server arranged between the router and a WEB server; monitoring the load of the WEB server, when the load of the WEB server exceeds a threshold value, applying to a cloud host for virtual resource, and adding into the load balancing server to share flow. The invention further provided a system for defending denial of service attack According to the method for defending denial of service attack, the reasonable strategy is set from the beginning of network access to prevent the access of malicious users, further defense is achieved by the proxy mechanism in the load balancing server, when facing attack, the WEB resource can be self-adaptively adjusted under the load balancing mechanism, and thus effective defense to malicious attacks is achieved.

Description

Technical field [0001] The present invention relates to the field of communication technology, in particular to a method and system for defending against denial of service attacks. Background technique [0002] At present, Denial of Service (DOS, Denial of Service) attack is a simple, effective and highly harmful attack method among many network attack techniques. It consumes network bandwidth and system resources through various means, or attacks system defects. The normal service of the system is paralyzed and cannot provide services to normal users, so that normal users are denied access to services. [0003] With the increasing performance of network equipment and the increasing bandwidth, a special form of DOS-based attack-Distributed Denial of Service (DDOS) attack has emerged. The attacker will control multiple computers. Together to launch DOS attacks on the target computer, the traditional DOS attack prevention can no longer provide users with good security guarantees. D...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/803
Inventor 韩曦
Owner DAWNING CLOUD COMPUTING TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com