Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Protecting method, device and system of DDOS (Distributed Denial of Service) attack based on SDN (Software Defined Network)

A protection strategy and attack path technology, applied in the field of communications, can solve the problems of reducing network security, occupying network resources, and expanding the scope of DDoS attacks on the backbone network.

Active Publication Date: 2016-11-23
HUAWEI TECH CO LTD
View PDF7 Cites 40 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] For the above-mentioned backbone network scenario without obvious aggregation nodes, although the method of deploying cleaning devices targeting specific IP addresses is adopted, when a DDoS attack occurs, regardless of whether the IP address of the victim host is a specific IP address, the DDoS attack against the victim host needs to be The attack traffic is diverted to the cleaning device, and the traffic of the victim host whose IP address is not a specific IP address needs to go through multiple routing and forwarding nodes in the network before being diverted to the cleaning device
As a result, the network resources of these routing and forwarding nodes are occupied, and the influence range of DDoS attacks on the backbone network is expanded, thereby reducing the security of the network.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Protecting method, device and system of DDOS (Distributed Denial of Service) attack based on SDN (Software Defined Network)
  • Protecting method, device and system of DDOS (Distributed Denial of Service) attack based on SDN (Software Defined Network)
  • Protecting method, device and system of DDOS (Distributed Denial of Service) attack based on SDN (Software Defined Network)

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0293] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0294] The invention provides a technical proposal for SDN-based DDoS attack protection. The controller in the SDN instructs the message forwarding device to perform traffic statistics based on the destination IP, collects the statistical data of the message forwarding device through the controller, and determines whether a network attack has...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

This invention provides a protecting method, device and system of DDOS attack based on SDN. The method comprises the following steps: a traffic statistics instruction is sent to a first message transmitting device by a controller; the traffic statistics instruction indicates the first message transmitting device to perform traffic statistics and carry a destination IP (Internet Protocol) address; the controller collects statistics data reported by the first message transmitting device; the statistics data includes traffic statistics information which flows to the destination IP address; the controller acquires a global traffic statistic which flows to the destination IP address according to the statistics data; the controller judges whether the global traffic statistic exceeds a predefined threshold or not, and sends a DDos protection strategy to a second message transmitting device based on a judging result that the global traffic statistic exceeds the predefined threshold; correspondingly, the second message transmitting device receives the DDos protection strategy sent by the controller; and according to the DDos protection strategy, the traffic which flows to the destination IP address is protected. The method reduces the influence range of the DDos attack to the network, and improves the security of the network.

Description

technical field [0001] The present invention relates to communication technology, and in particular to a software-defined network (Software Defined Network, abbreviated: SDN)-based distributed denial of service (Distributed Denial of Service, abbreviated: DDOS) attack protection method, device and system. Background technique [0002] figure 1 A schematic diagram of a DDoS attack. refer to figure 1 , the main implementation principle of DDoS is that the attacker uses one or more levels of master control hosts as a springboard to control a large number of infected controlled hosts to form an attack network to implement large-scale denial of service attacks on victim hosts. This kind of attack can often amplify the attack effect of a single attacker in a series form, thus causing a significant impact on the victim host and causing serious congestion to the network. DDoS uses the attacking network to launch an Internet Control Message Protocol (ICMP) flood attack, a Synchron...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L45/60
CPCH04L63/1458H04L9/40H04L43/0876H04L43/16H04L45/56H04L45/64H04L63/0254H04L63/1425H04L63/20
Inventor 蒋武
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com