Detection and protection method and system for application layer DDOS attack based on IP credibility

Abstract

The embodiment of the invention provides an application layer DDOS attack detection and protection method and system based on IP credibility and electronic equipment, and the method comprises the steps: obtaining the IP credibility through combining an IP access log and a DDOS attack event record, carrying out the shunting of an access request according to the IP credibility, redirecting a high-risk access request to a corresponding high-protection server. Therefore, requests of different security threat levels are shunted and isolated, and detection and protection of application layer DDoS attacks are further realized. By utilizing the method disclosed by the invention, the abnormal traffic can be effectively distinguished, the accuracy of preventing and detecting the DDoS attack is improved, and meanwhile, when the service is attacked, the access quality of a normal user can be effectively ensured and the user experience is improved, so that the method disclosed by the invention hasobvious beneficial effects.

Description

technical field [0001] The present application relates to the field of CDN network security, in particular to a method and system for detecting and protecting application layer DDOS attacks based on IP reputation. Background technique [0002] With the rapid development of mobile Internet, cloud computing, 5G, AI, Internet of Things and other technologies and industries, the digital transformation of society and enterprises has entered a critical stage. More and more enterprises have accelerated their service migration to the public cloud. While technology upgrades, attacks against sensitive cloud workloads and data have also followed. In particular, games, live broadcasts, finance, and government websites are faced with a large number of black products crowding out network bandwidth through malicious traffic, and services cannot operate normally. In recent years, with the continuous development and improvement of hardware devices and underlying detection technologies for D...

AI Technical Summary

Problems solved by technology

[0005] 1) The first technical solution cannot effectively detect DDoS and CC attacks, because when there are enough attackers, especially when a URL is frequently requested, the detection method can be easily bypassed;

[0006] 2) The second technical solution has relatively large limitations and is not suitable for application to CDN platforms, because CDN platforms, as the infrastructure of cloud services, can access a variety of services in different forms, and cannot analyze most user behavior data. Perform HsMM modeling;

[0007] 3) The third technical solution only considers the session parameters, and does not consider other request characteristics, such as the requested User-Agent, the request header of the specific attack software, the frequency of the requested access, etc. In particular, there is no comparison with historical Linkage of DDoS attack incidents, lack of analysis accuracy and effectiveness

Images