Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

DDoS attack defense method and device

A DNS server and IP address technology, applied in the field of network security, can solve the problems of expensive bandwidth, high cost, lack of user interaction and scheduling, etc.

Active Publication Date: 2017-08-29
ALIBABA GRP HLDG LTD
View PDF2 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, there are the following two problems, one is that business users need to purchase high-bandwidth IP, and the bandwidth is expensive and the cost is too high
The second is that the current DDoS uses cleaning as the basic means of DDoS protection, lacking user interaction and scheduling, and is in a passive protection situation in DDoS protection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDoS attack defense method and device
  • DDoS attack defense method and device
  • DDoS attack defense method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] Before discussing the exemplary embodiments in more detail, it should be mentioned that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although the flowcharts describe operations as sequential processing, many of the operations may be performed in parallel, concurrently, or simultaneously. In addition, the order of operations can be rearranged. The process may be terminated when its operations are complete, but may also have additional steps not included in the figure. The processing may correspond to a method, function, procedure, subroutine, subroutine, or the like.

[0029] The term "computer equipment" in this context, also referred to as "computer", refers to an intelligent electronic device that can perform predetermined processing procedures such as numerical calculations and / or logic calculations by running predetermined programs or instructions, which may include a processor and The memory is realized by the processor...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a DDoS attack defense method and device. The method comprises the steps that a scheduling system maps multiple IP addresses of the business objective to multiple network areas or network lines, and the mapping relation of the multiple IP addresses and the multiple network areas or the network lines is saved in a DNS server so that the DNS server is enabled to return the IP address which is mapped to the network area or the network line to which the network of the client side belongs of the business objective to the client side according to the mapping relation when the DNS server receives the DNS analysis request of the client side for the business objective; if DDoS attack to the IP address returned to the client side by the DNS server is monitored, blackhole routing is configured for the IP address; and the mapping relation of the IP address and the mapped network area or the network line saved in the DNS server is deleted. According to the technical scheme, the DDoS attack initiating difficulty of the hacker can be increased and switching of the IP addresses can be realized.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a DDoS attack defense method and device. Background technique [0002] Distributed Denial of Service (DDoS, Distributed Denial of Service) attack refers to the use of client / server technology to combine multiple computers as an attack platform to launch a DDoS attack on one or more targets, thereby multiplying the probability of denial of service attacks. power. The principle of a DDoS attack is to find the resource bottleneck of the victim and consume resources to make the service of the victim unavailable. In current Internet business, server CPU, memory, bandwidth, database, etc. may all become resource bottlenecks. [0003] The current DDoS defense solution is mainly based on DDoS traffic cleaning, which mainly uses DDoS detection equipment to detect DDoS attacks. When a DDoS attack is detected, the bypass traffic cleaning equipment is notified to pull th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1458H04L61/4511
Inventor 宣伟乔会来种鑫
Owner ALIBABA GRP HLDG LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products