Active defense ddos ​​system based on sdwan

An active defense and DDOS technology, applied in transmission systems, digital transmission systems, secure communication devices, etc., can solve the problems of untimely and time-consuming network defense, achieve high response speed and defense efficiency, and achieve fast and accurate defense effects

Active Publication Date: 2022-06-24
浙江德迅网络安全技术有限公司
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, when the current large-scale traffic and large-scale DDOS attacks occur, the network service defense system based on SDN cannot respond quickly to quickly formulate an appropriate defense strategy, resulting in the problem of untimely and time-consuming network defense. , therefore, the SDWAN-based network security system has entered the field of vision of the industry

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Active defense ddos ​​system based on sdwan
  • Active defense ddos ​​system based on sdwan
  • Active defense ddos ​​system based on sdwan

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0016] Example: There are three forms of DDOS attack, specifically SYN / ACKFlood attack, TCP full connection attack, and script brushing attack.

[0017] The SYN / ACKFlood attack is mainly by sending a large number of SYN or ACK packets with forged source IP and source port to the victim host, causing the host's cache resources to be exhausted or busy sending response packets, resulting in denial of service. A large number of SYN / ACKFlood attacks will cause Ping failure, TCP / IP stack failure, and system freezing, that is, not responding to the keyboard and mouse. Most ordinary firewalls cannot resist such attacks.

[0018] The TCP full connection attack is designed to bypass the inspection of conventional firewalls. In general, most conventional firewalls have the ability to filter DOS attacks such as TearDrop and Land. Once there are a large number of TCP connections, even if they are normal, it will cause the website The access is very slow or even inaccessible. The TCP full c...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

This application discloses an active defense DDOS system based on SDWAN, including: cloud service platform; SDWAN controller; attack monitoring module, which obtains attack data in the public network; The defense module uses multiple SDWAN controllers to interact with attack features and match corresponding defense strategies; the attack response defense module is used to pre-determine defense strategies; when the attack monitoring module detects that the user is attacked, the attack data is sent to the attack data analysis The module extracts attack features, and through the data interaction of multiple SDWAN controllers, matches the corresponding defense strategy according to the attack features in the cloud service platform to defend against past attack events; at the same time, calls the attack response and defense module to approximate the attack features The pre-established defense strategy corresponding to the virtual features of the system is actively defended. The SDWAN-based active defense DDOS system of this application has high defense efficiency when a DDOS attack event occurs.

Description

technical field [0001] The present application relates to the technical field of network security defense, in particular to an SDWAN-based active defense DDOS system. Background technique [0002] With the development of network technology and the Internet economy, network services have penetrated into various fields such as social production, life and national security. Therefore, the issue of network security becomes more and more important. The SDN of the prior art has strong perception management and control capabilities and intelligent scheduling capabilities. However, when large-scale and large-scale DDOS attacks occur, the network service defense system based on SDN cannot respond quickly to quickly formulate appropriate defense strategies, resulting in untimely and time-consuming network defense. Therefore, the network security system based on SDWAN has entered the field of vision. SUMMARY OF THE INVENTION [0003] The purpose of this application is to provide a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40
CPCH04L63/1458H04L63/205
Inventor 叶德望林勇郑周行
Owner 浙江德迅网络安全技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap