CN106034116A - Method and system for reducing malicious network flow - Google Patents
Method and system for reducing malicious network flow Download PDFInfo
- Publication number
- CN106034116A CN106034116A CN201510112440.0A CN201510112440A CN106034116A CN 106034116 A CN106034116 A CN 106034116A CN 201510112440 A CN201510112440 A CN 201510112440A CN 106034116 A CN106034116 A CN 106034116A
- Authority
- CN
- China
- Prior art keywords
- dtaf
- dns server
- fire wall
- network
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a method and system for reducing malicious network flow. The system comprises a protected server positioned in a domain, at least one authoritative domain name system DNS server, at least one DNS flow analyzer, a firewall and a central master DTAF; the network flow has to pass through the DTAF firewall before accessing the authoritative DNS server, and the DTAF firewall analyzes the network flow trying to pass through the DTAF firewall; the DTAF firewall transmits network flow data to the central master DTAF, and the central master DTAF transmits at least one access control list to the DTAF firewall. Through above arrangement, the method and system can reduce the malicious internet flow (like DDOS attack).
Description
Technical field
The present invention relates to a kind of networking technology area, particularly relate to a kind of minimizing hostile network stream
The method and system of amount.
Background technology
The user of one computer just knows that the title of intended destination rather than the IP of destination
Address, by using domain name system (DNS, Domain Name System), this calculates
The user of machine also may have access to destination.In the case of given certain domain name, DNS uses and is claimed
Claim the process resolved to find concrete IP address for dns name.Authoritative DNS server is loud
Ying Yu provides the dns server of answer for the inquiry in specific dns zone territory.If it is specific
Dns server cannot answer inquiry, then can be by performing reversely lookup, and inquiry is in higher
Other dns servers of position.
In prior art, many devices are developed to protect server and network from from mutually
The malicious attack of networking.Generally, these devices classify as fire wall and dedicated router.Interconnection
Net flow by using white list, blacklist and/or gray list, one group can also be allowed to or
Unaccepted user is managed.Fire wall and dedicated router generally may utilize source IP
Detection, packet and content analysis, flow rate mode analysis and array policy and rule filter
Fall malicious traffic stream and content.A kind of attack based on the Internet is distributed denial of service
(DDOS, Distributed Denial of Service) attacks.In general, DDOS attack
It is an attempt to by hindering object-computer or server to work and make object-computer or server
Can not be used by its prospective users.Traditional method (such as fire wall) can be passed through and defend certain
A little DDOS attack.
But, in recent years, some DDOS attack have evolved to the biggest scale and lasting time
Between long, beyond maximum and the strongest fire wall and the ability of system of defense and resource.
Summary of the invention
The technical problem that present invention mainly solves is to provide a kind of side reducing malicious network traffic
Method and system, it is possible to reduce malice internet traffic (such as DDOS attack).
For solving above-mentioned technical problem, the technical scheme that the present invention uses is: provide one
Reducing the system of malicious network traffic, described system includes: protected server, is positioned at territory;
At least one authority's domain name system DNS server;At least one DNS NetStream Data Analyzer is with anti-
Wall with flues DTAF, wherein, network traffics must be worn before accessing described Authoritative DNS server
Cross described DTAF fire wall, and described DTAF fire wall analysis attempts to travel through described DTAF
The network traffics of fire wall;The main DTAF of central authorities, wherein said DTAF fire wall sends network
Data on flows is to the main DTAF of described central authorities, and the main DTAF of described central authorities sends at least one and visits
Ask that control list is to described DTAF fire wall.
Wherein, described network traffics also had to pass through before accessing described shielded server
Described DTAF fire wall.
Wherein, described network traffics also had to pass through institute before accessing public dns server
State DTAF fire wall.
Wherein, described network flow data includes historical data and real time data.
Wherein, described shielded server sends network flow data to described central authorities master
DTAF。
Wherein, described Authoritative DNS server sends network flow data to described central authorities master
DTAF。
Wherein, described access control list includes the information relevant to dns server, and its
Described in DTAF fire wall can control or analyze the flow from described dns server.
Wherein, described system also includes that subsystem, wherein said territory transfer subsystem shape are shifted in territory
The Authoritative DNS server of Cheng Xin to make at least some network traffics be rerouted to described new
Authoritative DNS server.
Wherein, transfer subsystem in described territory rotates described Authoritative DNS server termly.
Wherein, described new Authoritative DNS server processes new network traffics.
For solving above-mentioned technical problem, another technical solution used in the present invention is: provide one
Plant the method reducing malicious network traffic, including: analyze at least one authority's domain name system
The network traffics of dns server;Network flow data is produced according to analysis result;To central authorities it is
System sends described network flow data;Receive the access from described center system and control list;
Described access according to being received controls list update fire wall parameter.
Wherein, described method also comprises determining that the DNS service used by suspicious network traffic
Device;The data of the described dns server used by suspicious network traffic are included in described net
In network data on flows;Information bag by the described dns server used by suspicious network traffic
It is contained in described access to control in list.
Wherein, described method also includes: form at least one new Authoritative DNS server;
At least some in described network traffics is routed to described new Authoritative DNS server.
Wherein, described method also includes: rotate described Authoritative DNS server termly.
The invention has the beneficial effects as follows: be different from the situation of prior art, present system includes:
Shielded server, is positioned at territory;At least one authority's domain name system DNS server;
At least one DNS NetStream Data Analyzer and fire wall DTAF, wherein, network traffics are at access right
DTAF fire wall, and DTAF fire wall analysis examination is had to pass through before prestige dns server
Figure is through the network traffics of DTAF fire wall;The main DTAF of central authorities, wherein DTAF fire wall
Transmission network flow data is to central main DTAF, and central main DTAF sends at least one and visits
Ask that control list is to DTAF fire wall.Owing to DTAF fire wall analysis attempts to travel through DTAF
The network traffics of fire wall, and network flow data is sent to central main DTAF, then in
Entreat main DTAF send at least one access control list to DTAF fire wall so that
DTAF fire wall controls list interception malicious traffic stream, in this way by accessing, it is possible to
Reduce malice internet traffic (such as DDOS attack).
Accompanying drawing explanation
Fig. 1 is the structural representation that the present invention reduces system one embodiment of malicious network traffic
Figure;
Fig. 2 is the flow chart that the present invention reduces method one embodiment of malicious network traffic;
Fig. 3 is the flow chart that the present invention reduces another embodiment of method of malicious network traffic;
Fig. 4 is the flow chart that the present invention reduces the another embodiment of method of malicious network traffic.
Detailed description of the invention
The present invention is described in detail with embodiment below in conjunction with the accompanying drawings.
Fig. 1 is the structural representation that the present invention reduces system one embodiment of malicious network traffic
Figure.This system includes: client 11 (the most legal or malice), shielded
Server 12, the Authoritative DNS server 13 in territory, public dns server 14, DNS flow
Contents analyzer and fire wall DTAF (DNS Traffic Analyzer and Firewall) fire wall
15。
Client 11 accesses shielded server 12 by network (such as public internet).
Shielded server 12 can be web page server, mail server, application server,
Or Tong Guo the public internet of any other type or any other network are accessed for service
Device.
In the embodiment shown in Fig. 1, for shielded server 12, the authority in territory
The flow of dns server 13 or public dns server 14 must first pass through DTAF
Fire wall 15.Contemplated in which DTAF fire wall 15 be only located at these destinatioies subset it
Between other embodiments.
In general, DTAF can analyze from the Internet received data, and based on described
Analyze and optimize fire wall.For example, in some embodiments, DTAF fire wall profit
With DNS and application logfile and the analysis to real-time logs, thus by IP address,
Described visitor is followed the trail of and analyzed to the dns server of sub-network and/or visitor.
The data filed by use and real-time data, DTAF can keep through renewal,
Real-time access controls list (ACL, Access Control Lists), and this ACL realizes will
Load transfer is to fire wall or router.In real time ACL can use white list, blacklist and
The combination of gray list dynamically keeps being accepted and unaccepted client side list.Fire wall and
Dedicated router prevents or to reduce being normally applied of malicious attack ripe for those skilled in the art
Know, do not repeat them here.
In some embodiments, DTAF can use reference material and dns lookup table
Determine the dns server of visitor.Therefore, ACL also can keep being allowed to and unaccepted DNS
The list (or DNS-ACL) of server.Then, described DNS-ACL can be fed back to road
Suspicious DNS source is stopped by device and fire wall.
In some embodiments, DTAF fire wall can allow for, stops or revise DNS
Inquiry and/or reply data.Therefore, by using DNS-ACL, DTAF can to allow or refuse
The most individually IP address or all addresses from specific dns server.It is further envisioned that it is grey
Address in list or dns server can be located in short-list for further analysis, special
It not during abnormal high flow occurs, such as during DDOS attack.
In the embodiment shown in Fig. 1, DTAF fire wall 15 and shielded server
12 send include about including the real time information of IP address or dns server and historical data
Data on flows is to central main DTAF 16.Data on flows can include much information, including but do not limit
In data and temporal information, source IP address, request frequency, request mode and packet content
Data.
The main DTAF of central authorities 16 shown in Fig. 1 is based on including possible legal (non-malicious)
The white list of one group of source IP address (or dns server) is analyzed data on flows and derives
ACL.Additionally, or alternatively, ACL can comprise blacklist and/or gray list.
Owing to central main DTAF 16 is from following multiple sources reception data: such as, shielded server
12, the Authoritative DNS server 13 in territory, public dns server 14 and each of which
DTAF fire wall 15, the most central main DTAF 16 can be better carried out independent DTAF to be prevented
The function of wall with flues 15.
The main DTAF 16 of central authorities sends DTAF-ACL to DTAF fire wall 15.
DTAF-ACL can include about client, their dns server or both letter described
Breath.About the DTAF-ACL for dns server, central main DTAF16 can pass through example
This information is derived, to determine correlator network and the power of client address as performed reversely to search
Prestige ISP (ISP, Internet Service Provider), and finally determine
With the dns server being assigned to described client address issued specified by ISP.Once
Being received by DTAF fire wall 15, DNS DTAF-ACL just can be used for coming in the following manner
Reduce malicious traffic stream: by controlling the public DNS service included in DNS DTAF-ACL
The lookup of the address of shielded server 12 is refused server ip address and is searched by device.
In the embodiment shown in Fig. 1, central main DTAF 16 can form new DNS clothes
Business device is for use as new Authoritative DNS server (or the new dns server) 13b in territory.
In other embodiments, a good appetite suddenly appearing in a serious disease entreat the parts beyond main DTAF 16 to perform this kind of function
With other functions.In the embodiment shown in Fig. 1, central main DTAF 16 is given for having
The shielded territory of TTL (time-to-live) and TTR (refresh time) value produces dns zone
Domain file.Then, described regional document is transmitted to Authoritative DNS server 13 former in territory
Initial set closes.
In general, TTL leads and TTR leads and can about be up to a few hours, but it is contemplated that can profit
Under fierce DDOS attack, the merit of system is optimized with following different survival rate and refresh rate
Can: such as, 1 hour, 45 minutes, 30 minutes, 10 minutes, 5 minutes, 1 minute, 30
Second or less than 30 seconds.
May utilize DNS turn by forming new dns server 13b, central main DTAF16
In-migration reduces the potential damage from malicious client further.This can hold in several ways
OK.For example, before the TTL of new dns zone domain file is expired, central main DTAF
New dns server 13b can be formed, and domain name is appointed the dns server that these are new
13b.Original authority dns server 13 is by (the most straight for the request service continuing as pointing to it
Persistent period to being limited by TTL).New dns server 13b will be from finding domain name
The new dns server refreshed receive DNS request.DNS clothes to the business of bedding and clothing in the near future
Business device, new dns server 13b will continue to the request TTL until them.
Procedure outlined above can be repeated quickly and easily as many times as required, and this will make DNS request flow be scattered in newly
Dns server 13b among.It practice, take by forming new DNS by this way
Business device 13b, just can make DNS request flow be spread in than internet registry or root (Internet
Registry or Root) place more weighs by the Authoritative DNS server defined person of maximum quantity
On prestige dns server.
Can be rotated by DNS and DNS cache promotes flow distribution.In FIG, this by
The main DTAF 16 of central authorities completes, the central main DTAF 16 authoritative DNS service by rotational domain
Device 13,13b update dns zone territory.In certain embodiments, central main DTAF 16 exists
Authority DNS is quickly changed termly after period of time T.DNS record will be maintained also
(T2) changes termly, and wherein TTL and freshness value are less than T.Then, central main DTAF
Authority's DNS list and DNS record will be rotated.
In various embodiments, DNS transfer can use various ACL, white list, blacklist
Operate in a multitude of different ways with gray list.For example, central main DTAF 16 can be to white name
Client or DNS on list issue its new DNS position.Therefore, can stop every other
Client (client etc. in new client, gray list) accesses server.This method exists
(when, compared with being attacked, sacrificing some legitimate client and more may be used with all strength during DDOS attack
When taking) it is particularly useful.In certain embodiments, the client in new client, white list
It is divided into making the preferred flow can with the client (or dns server) in gray list
Normally advance, more suspicious traffic then can be dispersed to multiple new dns server it
Between, attack with diffusion and improve fire wall and the effectiveness of dedicated router or to suspicious client
Carry out emphatically additional analysis.
Present system includes: protected server, is positioned at territory;At least one authority's domain name
System dns server;At least one DNS NetStream Data Analyzer and fire wall DTAF, wherein,
Network traffics had to pass through DTAF fire wall before accessing Authoritative DNS server, and
DTAF fire wall analysis attempts to travel through the network traffics of DTAF fire wall;The main DTAF of central authorities,
Wherein DTAF fire wall transmission network flow data is to central main DTAF, and central main DTAF
Send at least one and access control list to DTAF fire wall.Owing to DTAF fire wall is analyzed
Attempt to travel through the network traffics of DTAF fire wall, and it is main that network flow data is sent to central authorities
DTAF, the most central main DTAF send at least one and access control list to DTAF fire prevention
Wall, so that DTAF fire wall controls list interception malicious traffic stream, by this by accessing
The mode of kind, it is possible to reduce malice internet traffic (such as DDOS attack).
It is method one embodiment that the present invention reduces malicious network traffic refering to Fig. 2, Fig. 2
Flow chart.The system reducing malicious network traffic in above-mentioned Fig. 1 is reducing malicious network traffic
Time use method be the method, the detailed description that relevant system and method combines
Refer to the explanatory note of Fig. 1 and correspondence, no longer go to live in the household of one's in-laws on getting married at this and chat.The method includes: step
S101, step S102, step S103, step S104 and step S105.Particular content
As follows:
Step S101: analyze the network at least one authority's domain name system DNS server
Flow.
Step S102: produce network flow data according to analysis result.
Step S103: send described network flow data to center system.
Step S104: receive the access from described center system and control list.
Step S105: the described access according to being received controls list update fire wall parameter.
Seeing Fig. 3, the method also includes: step S201, step S202 and step S203.
Particular content is as follows:
Step S201: determine the dns server used by suspicious network traffic.
Step S202: by the packet of the described dns server used by suspicious network traffic
It is contained in described network flow data.
Step S203: by the information bag of the described dns server used by suspicious network traffic
It is contained in described access to control in list.
Refering to Fig. 4, the method also includes: step S301, step S302.Particular content is such as
Under:
Step S301: form at least one new Authoritative DNS server.
Step S302: at least some in described network traffics is routed to described new authority
Dns server.
Method can also include: step S303.
Step S303: rotate described Authoritative DNS server termly.
The inventive method includes: analyze at least one authority's domain name system DNS server
Network traffics;Network flow data is produced according to analysis result;Send described to center system
Network flow data;Receive the access from described center system and control list;According to being received
Described access control list update fire wall parameter.Owing to analyzing at least one authority territory
The network traffics of name system dns server, and network flow data is sent to center system,
Then receive at least one access control list that center system sends, thus controlled by access
List update fire wall parameter, intercepts malicious traffic stream, in this way, it is possible to reduce malice
Internet traffic (such as DDOS attack).
The foregoing is only embodiments of the present invention, not thereby limit the patent model of the present invention
Enclosing, every equivalent structure utilizing description of the invention and accompanying drawing content to be made or equivalence flow process become
Change, or be directly or indirectly used in other relevant technical fields, be the most in like manner included in the present invention
Scope of patent protection in.
Claims (14)
1. the system reducing malicious network traffic, it is characterised in that described system includes:
Shielded server, is positioned at territory;
At least one authority's domain name system DNS server;
At least one DNS NetStream Data Analyzer and fire wall DTAF fire wall, wherein, network
Flow had to pass through described DTAF fire wall before accessing described Authoritative DNS server,
And described DTAF fire wall analysis attempts to travel through the network traffics of described DTAF fire wall;
The main DTAF of central authorities, wherein said DTAF fire wall sends network flow data to described
Central authorities main DTAF, and the main DTAF of described central authorities send at least one access control list to institute
State DTAF fire wall.
2. the system as claimed in claim 1, it is characterised in that described network traffics are accessing
Also described DTAF fire wall is had to pass through before described shielded server.
3. the system as claimed in claim 1, it is characterised in that described network traffics are accessing
Also described DTAF fire wall is had to pass through before public dns server.
4. the system as claimed in claim 1, it is characterised in that described network flow data bag
Include historical data and real time data.
5. the system as claimed in claim 1, it is characterised in that described shielded server
Send network flow data to the main DTAF of described central authorities.
6. the system as claimed in claim 1, it is characterised in that described authority's DNS service
Device sends network flow data to the main DTAF of described central authorities.
7. the system as claimed in claim 1, it is characterised in that described access controls list bag
Include the information relevant to dns server, and wherein said DTAF fire wall can control or
Analyze the flow from described dns server.
8. the system as claimed in claim 1, it is characterised in that described system also includes that territory turns
Move subsystem, wherein said territory transfer subsystem formed new Authoritative DNS server and make to
Fewer network traffics are rerouted to described new Authoritative DNS server.
9. system as claimed in claim 8, it is characterised in that described territory transfer subsystem is fixed
Phase ground rotates described Authoritative DNS server.
10. system as claimed in claim 8, it is characterised in that described new authoritative DNS
The network traffics that server process is new.
11. 1 kinds of methods reducing malicious network traffic, it is characterised in that described method includes:
Analyze the network traffics at least one authority's domain name system DNS server;
Network flow data is produced according to analysis result;
Described network flow data is sent to center system;
Receive the access from described center system and control list;
Described access according to being received controls list update fire wall parameter.
12. methods as claimed in claim 11, it is characterised in that described method also includes:
Determine the dns server used by suspicious network traffic;
The data of the described dns server used by suspicious network traffic are included in described net
In network data on flows;
The information of the described dns server used by suspicious network traffic is included in described visit
Ask in control list.
13. methods as claimed in claim 11, it is characterised in that described method also includes:
Form at least one new Authoritative DNS server;
At least some in described network traffics is routed to described new Authoritative DNS server.
14. methods as claimed in claim 13, it is characterised in that described method also includes:
Rotate described Authoritative DNS server termly.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510112440.0A CN106034116A (en) | 2015-03-13 | 2015-03-13 | Method and system for reducing malicious network flow |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510112440.0A CN106034116A (en) | 2015-03-13 | 2015-03-13 | Method and system for reducing malicious network flow |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106034116A true CN106034116A (en) | 2016-10-19 |
Family
ID=57150699
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510112440.0A Pending CN106034116A (en) | 2015-03-13 | 2015-03-13 | Method and system for reducing malicious network flow |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106034116A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109510780A (en) * | 2018-12-12 | 2019-03-22 | 锐捷网络股份有限公司 | Flow control method, exchange chip and the network equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101567815A (en) * | 2009-05-27 | 2009-10-28 | 清华大学 | Method for effectively detecting and defending domain name server (DNS) amplification attacks |
| CN101572701A (en) * | 2009-02-10 | 2009-11-04 | 中科正阳信息安全技术有限公司 | Security gateway system for resisting DDoS attack for DNS service |
| US20100138910A1 (en) * | 2008-12-03 | 2010-06-03 | Check Point Software Technologies, Ltd. | Methods for encrypted-traffic url filtering using address-mapping interception |
| CN104135461A (en) * | 2013-05-02 | 2014-11-05 | 中国移动通信集团河北有限公司 | Firewall policy processing method and device |
| US20140331304A1 (en) * | 2013-05-03 | 2014-11-06 | John Wong | Method and system for mitigation of distributed denial of service (ddos) attacks |
| CN104301180A (en) * | 2014-10-16 | 2015-01-21 | 杭州华三通信技术有限公司 | Service message processing method and device |
-
2015
- 2015-03-13 CN CN201510112440.0A patent/CN106034116A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100138910A1 (en) * | 2008-12-03 | 2010-06-03 | Check Point Software Technologies, Ltd. | Methods for encrypted-traffic url filtering using address-mapping interception |
| CN101572701A (en) * | 2009-02-10 | 2009-11-04 | 中科正阳信息安全技术有限公司 | Security gateway system for resisting DDoS attack for DNS service |
| CN101567815A (en) * | 2009-05-27 | 2009-10-28 | 清华大学 | Method for effectively detecting and defending domain name server (DNS) amplification attacks |
| CN104135461A (en) * | 2013-05-02 | 2014-11-05 | 中国移动通信集团河北有限公司 | Firewall policy processing method and device |
| US20140331304A1 (en) * | 2013-05-03 | 2014-11-06 | John Wong | Method and system for mitigation of distributed denial of service (ddos) attacks |
| CN104301180A (en) * | 2014-10-16 | 2015-01-21 | 杭州华三通信技术有限公司 | Service message processing method and device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109510780A (en) * | 2018-12-12 | 2019-03-22 | 锐捷网络股份有限公司 | Flow control method, exchange chip and the network equipment |
| CN109510780B (en) * | 2018-12-12 | 2023-02-17 | 锐捷网络股份有限公司 | Flow control method, switching chip and network equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9294483B2 (en) | Method and system for mitigation of distributed denial of service (DDOS) attacks | |
| US20170374088A1 (en) | Individually assigned server alias address for contacting a server | |
| US9674217B2 (en) | Method and system for mitigation of distributed denial of service (DDOS) attacks | |
| MacFarland et al. | The SDN shuffle: Creating a moving-target defense using host-based software-defined networking | |
| US10257221B2 (en) | Selective sinkholing of malware domains by a security device via DNS poisoning | |
| Jafarian et al. | Spatio-temporal address mutation for proactive cyber agility against sophisticated attackers | |
| US9503424B2 (en) | Dynamic resolution of fully qualified domain name (FQDN) address objects in policy definitions | |
| Passerini et al. | Fluxor: Detecting and monitoring fast-flux service networks | |
| EP2715522B1 (en) | Using dns communications to filter domain names | |
| Luo et al. | RPAH: Random port and address hopping for thwarting internal and external adversaries | |
| JP6315640B2 (en) | Communication destination correspondence collection apparatus, communication destination correspondence collection method, and communication destination correspondence collection program | |
| Kotenko et al. | Agent‐based simulation of cooperative defence against botnets | |
| Green et al. | Characterizing network-based moving target defenses | |
| Du et al. | DDoS defense as a network service | |
| WO2018163464A1 (en) | Attack countermeasure determination device, attack countermeasure determination method, and attack countermeasure determination program | |
| Shue et al. | On building inexpensive network capabilities | |
| Dissanayake | DNS cache poisoning: A review on its technique and countermeasures | |
| Nasr et al. | MassBrowser: Unblocking the Censored Web for the Masses, by the Masses. | |
| Rajendran | DNS amplification & DNS tunneling attacks simulation, detection and mitigation approaches | |
| Heinrich et al. | New kids on the DRDoS block: Characterizing multiprotocol and carpet bombing attacks | |
| Priyadharshini et al. | Prevention of DDOS attacks using new cracking algorithm | |
| Al-Qudah et al. | DDoS protection as a service: hiding behind the giants | |
| CN106034116A (en) | Method and system for reducing malicious network flow | |
| Hao et al. | Addressless: A new internet server model to prevent network scanning | |
| Tzur-David et al. | Delay fast packets (dfp): Prevention of dns cache poisoning |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20161019 |
|
| WD01 | Invention patent application deemed withdrawn after publication |