CN103166932A - System and method for identifying and managing large amount of short messages to implement distributed denial of service (DDoS) - Google Patents
System and method for identifying and managing large amount of short messages to implement distributed denial of service (DDoS) Download PDFInfo
- Publication number
- CN103166932A CN103166932A CN2011104217911A CN201110421791A CN103166932A CN 103166932 A CN103166932 A CN 103166932A CN 2011104217911 A CN2011104217911 A CN 2011104217911A CN 201110421791 A CN201110421791 A CN 201110421791A CN 103166932 A CN103166932 A CN 103166932A
- Authority
- CN
- China
- Prior art keywords
- mobile terminal
- service server
- message
- management server
- message processor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a system and a method for identifying and managing the phenomenon that after contracting virus, a mobile terminal sends a large number of junk short messages and conducts distributed-type denial of service attack on a specific service platform. The system comprises at least one message processor in a series connection with a signaling link, a service server and a management server, wherein the service server and the management server are respectively connected with each message processor and are connected. The method comprises that a filter rule and an identification rule are placed and loaded; message processors filter signaling messages and send the signaling messages to the service server; the service server generates suspicious mobile terminal numbers and reports the suspicious mobile terminal numbers to the management server; the management server is in charge of the filter rule management of the each message processor, identification rule management of the service server, and systematic equipment management of the each message processor and the service server. The system and the method for identifying and managing the phenomenon that after contracting virus, the mobile terminal sends a large number of the junk short messages and conduct the distributed-type denial of service attack on the specific service platform can effectively identify the suspicious mobile terminal numbers, take management means and therefore the system and the method achieve the purpose of guaranteeing service quality of a service platform.
Description
Technical field
The present invention relates to a kind of system and method that utilizes a large amount of notes to implement DDoS of identifying and administer.
Background technology
Intelligent along with mobile terminal system and use diversified direction development, it is important that the fail safe of mobile terminal becomes day by day.The mobile terminal of a large amount of infection specific virus continues to send a large amount of refuse messages to the specific transactions platform of opening SMS simultaneously, cause the service quality for the regular traffic user of business platform to descend, even can not provide normal service, this kind attack pattern is called as distributed denial of service attack (DDoS).
Therefore, to this distributed denial of service attack, the means that can restrain to be arranged, just can reduce even to avoid loss.Yet, lacking at present the effective means to this attack pattern identification, can not effectively administer it.
Summary of the invention
The object of the invention is to overcome the defective of prior art and a kind of system that utilizes a large amount of notes to implement DDoS that identifies and administer is provided; can be when business platform access signaling net transparently provide protection; avoid business platform to suffer note to implement ddos attack, reach the purpose of the service quality that ensures business platform.
The technical scheme that realizes above-mentioned purpose is:
One of the present invention a kind of identifies and administers the system that utilizes a large amount of notes to implement DDoS, this system is based on the signaling network and the business platform that are connected by signaling link, described system comprises at least one message processor, a service server and a management server, wherein:
Described message processor is to be serially connected with without the signaling point code mode in the signaling link that need to filter signaling message, and according to the filtering rule that is received from described management server, the signaling message of flowing through is filtered, and with the signaling message report service server; Described message processor is carried out the system management command from management server;
Described service server is connected with management server and each message processor respectively, receive signaling message that each message processor reports and from the recognition rule of management server, generate suspicious mobile terminal number and it is reported described management server according to recognition rule; Described service server is carried out the system management directive from management server;
Described management server is connected with each message processor and service server respectively, is responsible for the filtering rule management of each message processor, the recognition rule management of service server, and the management of the system equipment of each message processor and service server.
Above-mentioned identification and improvement utilize a large amount of notes to implement the system of DDoS, wherein, the signaling link of described message processor access comprises the IP data link of 64Kb/s ordinary signaling link, 2Mb/s high speed signaling link, carrying transmission signaling message, and three's mixing is used.
Above-mentioned identification and improvement utilize a large amount of notes to implement the system of DDoS, wherein, manually change filtering rule and recognition rule in described management server, and it is loaded into respectively in described message processor and service server.
Above-mentioned identification and improvement utilize a large amount of notes to implement the system of DDoS, wherein, described management server basis is received from the suspicious mobile terminal number real-time update filtering rule of described service server, and the filtering rule that upgrades is loaded into each message processor.
Above-mentioned identification and improvement utilize a large amount of notes to implement the system of DDoS, wherein, described filtering rule movement-based termination number, the short message content that mobile terminal sends, perhaps mobile terminal number is united the content of its transmission.
Above-mentioned identification and improvement utilize a large amount of notes to implement the system of DDoS, wherein, the note frequency that sends in described recognition rule movement-based terminal special time, the short message content rule that mobile terminal sends, the note frequency that perhaps sends in the mobile terminal special time is united the short message content of its transmission.
The present invention two utilize a large amount of notes to implement the method for DDoS based on the identification of said system and improvement, comprise the following steps:
(a) leading subscriber arranges filtering rule and recognition rule by described management server, and filtering rule is loaded into each message processor, and recognition rule is loaded into service server;
(b) the described message processor signaling message that will meet filtering rule is put logically, and the reporting service server is for the record; With the described service server of the signaling message report that does not meet filtering rule;
(c) described service server from the signaling message that does not meet filtering rule that receives, extracts the suspicious mobile terminal number with attack suspicion, and should report management server with its transmission content by suspicious mobile terminal number;
(d) the suspicious mobile terminal number of the doubtful attack that reports according to service server of described management server and its send content, form new filtering rule real-time loading in each message processor; Simultaneously, described management server arranges notification means, and suspicious mobile terminal number is reported to leading subscriber.
Above-mentioned identification and improvement utilize a large amount of notes to implement the method for DDoS, wherein, the described filtering rule movement-based termination number in step (a), the short message content that mobile terminal sends, perhaps mobile terminal number is united the content of its transmission; The note frequency that sends in described recognition rule movement-based terminal special time, the short message content rule that mobile terminal sends, the note frequency that perhaps sends in the mobile terminal special time is united the short message content of its transmission.
Beneficial effect of the present invention: the present invention is can be when business platform access signaling net transparent provides protection; effectively identify and administer mobile terminal a large amount of refuse messages of transmission after infecting virus and the specific transactions platform is carried out the situation of distributed denial of service attack; avoid business platform to suffer note to implement ddos attack, reach the purpose of the service quality that ensures business platform.
Description of drawings
Fig. 1 is that one of the present invention's identification and improvement utilizes a large amount of notes to implement the networking schematic diagram of the system of DDoS;
Fig. 2 is that the present invention's two identification and improvement utilizes a large amount of notes to implement the workflow diagram of message processor in the method for DDoS;
Fig. 3 is that the present invention's two identification and improvement utilizes a large amount of notes to implement the workflow diagram of service server in the method for DDoS.
Embodiment
The invention will be further described below in conjunction with accompanying drawing.
See also Fig. 1, one of the present invention's identification and improvement utilize a large amount of notes to implement the system of DDoS, this system is based on the signaling network 11 and the business platform 12 that are connected by signaling link, described system comprises at least one message processor 21, a service server 22 and a management server 23, wherein:
The signaling link of message processor 21 accesses comprises the IP data link of 64Kb/s ordinary signaling link, 2Mb/s high speed signaling link, carrying transmission signaling message, and link mode is used in three's mixing.
The filtering rule and the recognition rule that are loaded into respectively message processor 21 and service server 22 in management server 23 can manually be changed; Management server 23 bases are received from the suspicious mobile terminal number real-time update filtering rule of service server 21, and the filtering rule that upgrades is loaded into each message processor 21.
Filtering rule movement-based termination number, the short message content that mobile terminal sends, perhaps mobile terminal number is united this three classes condition of content of its transmission; The note frequency that sends in recognition rule movement-based terminal special time, the short message content rule that mobile terminal sends, the note frequency that perhaps sends in the mobile terminal special time is united this three classes condition of short message content of its transmission.
The present invention's two identification and improvement utilize a large amount of notes to implement the method for DDoS, comprise the following steps:
(a) leading subscriber arranges filtering rule and recognition rule by management server 23, and filtering rule is loaded into each message processor 21, and recognition rule is loaded into service server 22;
(b) message processor 21 signaling message that will meet filtering rule is put logically, and reporting service server 22 is for the record; The signaling message report service server 22 of filtering rule will do not met;
(c) service server 22 from the signaling message that does not meet filtering rule that receives, extracts the suspicious mobile terminal number with attack suspicion, and should report management server 23 with its transmission content by suspicious mobile terminal number;
(d) the suspicious mobile terminal number of the doubtful attack that reports according to service server 22 of management server 23 and its send content, form new filtering rule real-time loading in each message processor 21; Simultaneously, management server 23 arranges notification means, and suspicious mobile terminal number is reported to leading subscriber.
See also Fig. 2, the present invention's two identification and improvement utilize a large amount of notes to implement the workflow of message processor 21 in the method for DDoS, comprise the following steps:
Step S1. management server 23 is loaded into each message processor 21 with filtering rule;
21 pairs of signaling messages of flowing through of step S2. message processor carry out analyzing and processing according to the filtering rule that management server 23 loads;
Step S3. such as signaling message do not meet filtering rule, turn step S4 and process; Meet filtering rule as this signaling message, forward step S5 to and process;
Step S4. is put communication and is made message, turns step S6;
Step S5. processes signaling message according to filtering rule, turns step S6;
Step S6. is with signaling message report service server 22.
See also Fig. 3, the present invention's two identification and improvement utilize a large amount of notes to implement the workflow of service server 22 in the method for DDoS, comprise the following steps:
Step S1 '. management server 23 is loaded into service server 22 with recognition rule;
Step S2 '. service server 22 reads the signaling message that message processor 21 reports;
Step S3 '. 22 pairs of signaling messages of service server carry out analyzing and processing according to the recognition rule that management server 23 loads;
Step S4 '. do not meet recognition rule as signaling message, this signaling message is finished dealing with; Meet recognition rule as this signaling message, forward step S5 ' to and process.
Step S5 '. the suspicious mobile terminal number that service server 22 will identify and the short message content of transmission thereof report management server 23.
Above embodiment is only for explanation the present invention's, but not limitation of the present invention, person skilled in the relevant technique, without departing from the spirit and scope of the present invention, can also make various conversion or modification, therefore all technical schemes that are equal to also should belong to category of the present invention, should be limited by each claim.
Claims (8)
1. identify and administer the system that utilizes a large amount of notes to implement DDoS for one kind, this system is based on the signaling network and the business platform that are connected by signaling link, it is characterized in that, described system comprises at least one message processor, a service server and a management server, wherein:
Described message processor is to be serially connected with without the signaling point code mode in the signaling link that need to filter signaling message, and according to the filtering rule that is received from described management server, the signaling message of flowing through is filtered, and with the signaling message report service server; Described message processor is carried out the system management command from management server;
Described service server is connected with management server and each message processor respectively, receive signaling message that each message processor reports and from the recognition rule of management server, generate suspicious mobile terminal number and it is reported described management server according to recognition rule; Described service server is carried out the system management directive from management server;
Described management server is connected with each message processor and service server respectively, is responsible for the filtering rule management of each message processor, the recognition rule management of service server, and the management of the system equipment of each message processor and service server.
2. identification according to claim 1 and improvement utilize a large amount of notes to implement the system of DDoS, it is characterized in that, the signaling link of described message processor access comprises the IP data link of 64Kb/s ordinary signaling link, 2Mb/s high speed signaling link, carrying transmission signaling message, and three's mixing is used.
3. identification according to claim 1 and improvement utilize a large amount of notes to implement the system of DDoS, it is characterized in that, filtering rule and recognition rule in the described management server of artificial change, and it is loaded into respectively in described message processor and service server.
4. identification according to claim 1 and improvement utilize a large amount of notes to implement the system of DDoS, it is characterized in that, described management server basis is received from the suspicious mobile terminal number real-time update filtering rule of described service server, and the filtering rule that upgrades is loaded into each message processor.
5. identification according to claim 4 and improvement utilize a large amount of notes to implement the system of DDoS, it is characterized in that, and described filtering rule movement-based termination number, the short message content that mobile terminal sends, perhaps mobile terminal number is united the content of its transmission.
6. identification according to claim 5 and improvement utilize a large amount of notes to implement the system of DDoS, it is characterized in that, the note frequency that sends in described recognition rule movement-based terminal special time, the short message content rule that mobile terminal sends, the note frequency that perhaps sends in the mobile terminal special time is united the short message content of its transmission.
7. identification and the improvement based on claim 1 described system utilizes a large amount of notes to implement the method for DDoS, it is characterized in that, comprises the following steps:
(a) leading subscriber arranges filtering rule and recognition rule by described management server, and filtering rule is loaded into each message processor, and recognition rule is loaded into service server;
(b) the described message processor signaling message that will meet filtering rule is put logically, and the reporting service server is for the record; With the described service server of the signaling message report that does not meet filtering rule;
(c) described service server from the signaling message that does not meet filtering rule that receives, extracts the suspicious mobile terminal number with attack suspicion, and should report management server with its transmission content by suspicious mobile terminal number;
(d) the suspicious mobile terminal number of the doubtful attack that reports according to service server of described management server and its send content, form new filtering rule real-time loading in each message processor; Simultaneously, described management server arranges notification means, and suspicious mobile terminal number is reported to leading subscriber.
8. identification according to claim 7 and improvement utilize a large amount of notes to implement the method for DDoS, it is characterized in that, described filtering rule movement-based termination number in step (a), the short message content that mobile terminal sends, perhaps mobile terminal number is united the content of its transmission; The note frequency that sends in described recognition rule movement-based terminal special time, the short message content rule that mobile terminal sends, the note frequency that perhaps sends in the mobile terminal special time is united the short message content of its transmission.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011104217911A CN103166932A (en) | 2011-12-15 | 2011-12-15 | System and method for identifying and managing large amount of short messages to implement distributed denial of service (DDoS) |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011104217911A CN103166932A (en) | 2011-12-15 | 2011-12-15 | System and method for identifying and managing large amount of short messages to implement distributed denial of service (DDoS) |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103166932A true CN103166932A (en) | 2013-06-19 |
Family
ID=48589678
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011104217911A Pending CN103166932A (en) | 2011-12-15 | 2011-12-15 | System and method for identifying and managing large amount of short messages to implement distributed denial of service (DDoS) |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103166932A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106376002A (en) * | 2015-07-20 | 2017-02-01 | 中兴通讯股份有限公司 | Management method and device, and junk short message monitoring system |
| CN109729043A (en) * | 2017-10-30 | 2019-05-07 | 华为技术有限公司 | Prevent the methods, devices and systems of attack message |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050259667A1 (en) * | 2004-05-21 | 2005-11-24 | Alcatel | Detection and mitigation of unwanted bulk calls (spam) in VoIP networks |
| CN101257671A (en) * | 2007-07-06 | 2008-09-03 | 浙江大学 | Method for real time filtering large scale rubbish SMS based on content |
| CN101790142A (en) * | 2010-03-11 | 2010-07-28 | 上海粱江通信系统股份有限公司 | Method and system for identifying spam message sources by combining message contents and transmission frequency |
-
2011
- 2011-12-15 CN CN2011104217911A patent/CN103166932A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050259667A1 (en) * | 2004-05-21 | 2005-11-24 | Alcatel | Detection and mitigation of unwanted bulk calls (spam) in VoIP networks |
| CN101257671A (en) * | 2007-07-06 | 2008-09-03 | 浙江大学 | Method for real time filtering large scale rubbish SMS based on content |
| CN101790142A (en) * | 2010-03-11 | 2010-07-28 | 上海粱江通信系统股份有限公司 | Method and system for identifying spam message sources by combining message contents and transmission frequency |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106376002A (en) * | 2015-07-20 | 2017-02-01 | 中兴通讯股份有限公司 | Management method and device, and junk short message monitoring system |
| CN109729043A (en) * | 2017-10-30 | 2019-05-07 | 华为技术有限公司 | Prevent the methods, devices and systems of attack message |
| CN109729043B (en) * | 2017-10-30 | 2020-09-08 | 华为技术有限公司 | Method, device and system for preventing attack message |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101335920B (en) | Rubbish short message recognition system and method based on calling number location and transmitted content | |
| CN102209326B (en) | Malicious behavior detection method and system based on smartphone radio interface layer | |
| CN101137085B (en) | Garbage message and multimedia message blocking method | |
| CN101217820A (en) | An identification system and identification method on disturbance telephone numbers | |
| CN102378151B (en) | Information sharing platform and method thereof | |
| CN104853357B (en) | A kind of method and system of automatic identification and triggering swindle number | |
| CN107196812A (en) | A kind of method and device for the Intelligent treatment that VOLTE business is complained | |
| CN108737622A (en) | Monitoring method of conversing and device | |
| CN101068376A (en) | Short message system, flow control configurating method and flow controlling method | |
| CN101340319A (en) | Method and device for network management alarm | |
| CN101715252A (en) | Cluster short message center and method for shunting disaster recovery therefor | |
| CN103166932A (en) | System and method for identifying and managing large amount of short messages to implement distributed denial of service (DDoS) | |
| CN101232635B (en) | System for purifying short messages based on signaling process technique | |
| CN102638778A (en) | System and method for monitoring internetwork junk short messages | |
| CN101827283A (en) | System and method for realizing signaling firewall based on signaling point-free access technology | |
| CN104168547A (en) | A system and method for processing fraud short messages based on signaling technology | |
| CN103686649B (en) | Area communication managing and control system and method based on wireless network and core network interface signaling | |
| CN101188524A (en) | GPRS service monitoring system | |
| CN102547711B (en) | A kind of system and method detecting and tackle harassing call in IP signaling network | |
| CN105763515A (en) | Signaling point-free access technology-based signaling firewall realization method | |
| CN103188226A (en) | System and method for implementing distributed denial of service (DDoS) based on cloud computing identification and management with short messages | |
| CN101616429A (en) | The optimizing telephone traffic of network element method and system | |
| CN107371141A (en) | A kind of junk information monitoring method, device and communication system | |
| CN101068240A (en) | Short message malicious group transmission controller | |
| CN106470406A (en) | A kind of anti-harassment realization method and system of information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130619 |