CN106059939A - Message forwarding method and device - Google Patents

Message forwarding method and device Download PDF

Info

Publication number
CN106059939A
CN106059939A CN201610339071.3A CN201610339071A CN106059939A CN 106059939 A CN106059939 A CN 106059939A CN 201610339071 A CN201610339071 A CN 201610339071A CN 106059939 A CN106059939 A CN 106059939A
Authority
CN
China
Prior art keywords
message
labelling
attack
flow cleaning
flowspec
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610339071.3A
Other languages
Chinese (zh)
Other versions
CN106059939B (en
Inventor
余清炎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou H3C Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201610339071.3A priority Critical patent/CN106059939B/en
Publication of CN106059939A publication Critical patent/CN106059939A/en
Application granted granted Critical
Publication of CN106059939B publication Critical patent/CN106059939B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic

Abstract

The invention provides a message forwarding method and device. The method comprises the steps of: judging whether a received message carries a flow cleaning mark, wherein the flow cleaning mark is used for indicating whether the current message is a normal message which has been detected; and forwarding the message when the message carries the flow cleaning mark. According to the invention, the forwarding efficiency of the normal message is improved.

Description

A kind of message forwarding method and device
Technical field
The present invention relates to network communication technology field, particularly relate to a kind of message forwarding method and device.
Background technology
Along with the development of internet, applications, the consequence that network attack causes is increasingly severe.Wherein, DoS (Denial of service, refusal service)/DDos (Distributed Denial of Service, point Cloth refusal service) to attack (general designation Denial of Service attack) disguised and easy to implement and become due to it Usual attack means.
At present, it is upper and lower at the equipment closest to attack source for the way that Denial of Service attack is popular Send out the flow control policy of Forwarding plane, such as, FlowSpec (Flow Specification, flow specification) Flow control policy, this flow control policy can be mated attack traffic accurately, and be carried out attack traffic Filter and control, thus reducing the attack traffic impact on forwarded performance.
FlowSpec flow control policy can be carried by Routing Protocol, such as, and BGP (Border Gateway Protocol, Border Gateway Protocol), thus issue at the network equipment running bgp protocol FlowSpec flow control policy, and the flow (including normal discharge) of each process is carried out FlowSpec detects, and to identify attack traffic, this affects the efficiency of transmission of normal discharge to a certain extent.
Summary of the invention
It is an object of the invention to provide a kind of message forwarding method and device, in order to reduce in carrier network The detection number of times of each network equipment normal stream amount.
For achieving the above object, the invention provides technical scheme:
The present invention provides a kind of message forwarding method, the network equipment being applied in carrier network, described side Method includes:
Judging whether the message received carries flow cleaning labelling, described flow cleaning labelling is worked as expression Front message is through the normal message of detection;
When described message carries flow cleaning labelling, forward described message.
The present invention also provides for a kind of apparatus for forwarding message, the network equipment being applied in carrier network, institute State device to include:
Marker for judgment unit, for judging whether the message received carries flow cleaning labelling, described flow Clean labelling for representing that current message is through the normal message of detection;
Message retransmission unit, for when carrying flow cleaning labelling in described message, forwards described message.
By above description it can be seen that the embodiment of the present invention proposes a kind of message forwarding method, the method exists When confirming that the message received carries flow cleaning labelling, forwarding direct to message, do not detect, from And improve the forward efficiency of normal message.
Accompanying drawing explanation
Fig. 1 is the attack protection network diagram shown in the embodiment of the present invention;
Fig. 2 is the message forwarding method flow chart shown in the embodiment of the present invention;
Fig. 3 is the IP heading form shown in the embodiment of the present invention;
Fig. 4 A is the structural representation of the network equipment shown in the embodiment of the present invention;
Fig. 4 B is the structural representation of the apparatus for forwarding message of the network equipment shown in Fig. 4 A.
Detailed description of the invention
Here will illustrate exemplary embodiment in detail, its example represents in the accompanying drawings.Following When description relates to accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represents same or analogous Key element.Embodiment described in following exemplary embodiment does not represent the institute consistent with the present invention There is embodiment.On the contrary, they only with as appended claims describes in detail, the one of the present invention The example of the apparatus and method that a little aspects are consistent.
It is only merely for describing the purpose of specific embodiment in terminology used in the present invention, and is not intended to be limiting The present invention." a kind of " of singulative used in the present invention and appended claims, " " " it is somebody's turn to do " be also intended to include most form, unless context clearly shows that other implications.Also should manage Solving, term "and/or" used herein refers to and comprises one or more project of listing being associated Any or all may combination.
Although should be appreciated that may use term first, second, third, etc. various to describe in the present invention Information, but these information should not necessarily be limited by these terms.These terms only be used for by same type of information that This distinguishes.Such as, without departing from the present invention, the first information can also be referred to as Two information, similarly, the second information can also be referred to as the first information.Depend on linguistic context, as in this institute Use word " if " can be construed to " and ... time " or " when ... time " or " response In determining ".
Before being specifically described the embodiment of the present invention, the most simply introduce in the embodiment of the present invention and can relate to The correlation technique arrived.
It is a kind of central flow attack technology that DoS/DDoS attacks, and assailant is by controlling thousands of attack Same target (address of theenduser or server) is initiated flow attacking by equipment simultaneously, causes this destination The upstream access device of location or under fire server are congested by abnormal flow, and user cannot normally use.This is attacked Mode of hitting easily is implemented, disguise by force, simply effective, therefore, become the usual attack means of hacker, to net Network constitutes a serious threat safely, brings huge economic loss and impact to enterprise and user.
At present, attacking maximally effective defense mechanism for DoS/DDoS is on the equipment of attack source Issue the flow control policy of Forwarding plane, the attack traffic of coupling flow control policy is filtered and controls System, thus near attack source, attack traffic is limited, reduce the threat to user network.
RFC in IETF (Internet Engineering Task Force, Internet engineering duty group) In document, FlowSpec is defined as can be applicable to IP (Internet Protocol, Internet protocol) flow The n tuple being made up of some matched rules, such as, source address, destination address, port, source port, mesh Port, protocol type, (Internet Control Message Protocol international controls message association to ICMP View) type, burst situation, TCP (Transmission Control Protocol, transmission control protocol) mark Note, DSCP (Differentiated Services Code Point, differentiated services code points) value etc..Therefore, Available FlowSpec technology disposes flow control policy (being called for short FlowSpec flow control policy), with Reach precisely to mate attack traffic, and attack traffic is performed multiple choices action, such as, all abandon, Speed limit, flow redirect or the DSCP value etc. of amendment IP message, thus alleviate what DoS/DDoS attacked Impact.
BGP (Border Gateway Protocol, Border Gateway Protocol) is used at AS (Autonomous System, autonomous system) between transmit the path vector agreement of route selection information, be inter-domain routing protocol, Eye is in controlling the propagation of route and selecting best route.Utilize the NLRI (Network of bgp protocol message Layer Reachability Information, Network Layer Reachable Information) field can encapsulate other protocol information, and Passing to other equipment being configured with bgp protocol, therefore, a lot of agreements are by this protocol extension of BGP Ability transmits the various routing iinformations that oneself needs.
FlowSpec technology equally can be by the protocol extension ability of BGP, by FlowSpec flow-control plan Slightly it is distributed on the equipment of other configuration bgp protocols, and is issued to the Forwarding plane of equipment.Equipment according to FlowSpec flow control policy carries out FlowSpec detection to the flow (including normal discharge) of process, right The attack traffic of coupling FlowSpec flow control policy filters and controls, thus right near attack source Attack traffic limits, and reduces the threat to user network.But, this FlowSpec detection mode can shadow Ring the efficiency of transmission of normal discharge.
The embodiment of the present invention proposes a kind of message forwarding method, and the method carries stream in confirming the message received When amount cleans labelling, forwarding direct to message, no longer carry out FlowSpec detection, thus improve normal message Forward efficiency.
See Fig. 1, for a kind of attack protection network diagram shown in the embodiment of the present invention.This attack protection net Network includes user network 10, user network 20 and carrier network 30.Wherein, user network 10 Including main frame 11 and the network equipment 12;User network 20 includes main frame 21 and the network equipment 22;Operation Business's network 30 includes the network equipment 31~the network equipment 33.
First, each network equipment sets up neighborhood by bgp protocol.When the network equipment (such as, net Network equipment 12) when attack being detected, generate a FlowSpec list item (i.e. FlowSpec flow-control Strategy), and trigger bgp protocol generation BGP FlowSpec route, this BGP FlowSpec route Carry FlowSpec list item information, give it by bgp neighbor by this BGP FlowSpec advertising of route Its network equipment.
The network equipment (such as, the network equipment 31) in carrier network receives this BGP FlowSpec After route, by this BGP FlowSpec route sending-down to Forwarding plane, generate FlowSpec list item, after The continuous message received according to this FlowSpec list item coupling carries out FlowSpec detection, so that it is determined that receive Message whether be attack message, and then take corresponding measure (such as, filter or current limliting).
Seeing Fig. 2, for an embodiment flow chart of message forwarding method of the present invention, this embodiment is to report Literary composition repeating process is described.
In the following description, the network equipment not being construed as limiting is defaulted as the network equipment of carrier network.
Step 201, it is judged that whether the message of reception carries flow cleaning labelling.
Flow cleaning labelling in the embodiment of the present invention is used for representing that current message had carried out FlowSpec Detect, and testing result is normal message.
Step 202, when carrying flow cleaning labelling in described message, forwards described message.
When the network equipment receives the message carrying flow cleaning labelling, illustrate current message be by The normal message that other network equipment detected, therefore, no longer performs FlowSpec detection to this message, Directly forward, thus reduce the detection number of times to normal message, improve the forward efficiency of normal message.
When the judged result according to step 201, when confirmation message does not carries flow cleaning labelling, to reception Message perform FlowSpec detection, i.e. according to the FlowSpec list item issued in the network equipment (as front Described FlowSpec list item is carried by bgp protocol and distributes, and this FlowSpec list item have recorded attack report The message characteristic of literary composition, i.e. the n tuple information of attack message) judge whether current message is attack message.
Message characteristic and the message characteristic phase of the attack message of record in FlowSpec list item when the message received Meanwhile, the message determining reception is attack message;Otherwise, it is not attack message.When the message received is not During attack message, the network equipment is to forward after this message adds flow cleaning labelling, subsequently received to point out This message of the network equipment of this message is the normal message through detection, it is not necessary to perform FlowSpec detection again.
In one preferably embodiment, the network equipment can carry flow in the heading of existing IP message Clean labelling, to represent that current message is for the normal message through detection.Specifically, can be at IP shown in Fig. 3 The attribute field (3Bit) of heading is carried, and this attribute field includes 3 (Bit), wherein, first It is not used by;Second is DF (Don ' t Fragment, forbid burst) position, only when DF position is 0 Just allow burst;3rd is MF (More Fragment, many bursts) position, represents when MF position is 1 Also have fragment message below, be when 0, to represent last burst.The embodiment of the present invention utilizes in attribute field First be not used by, as cleaning marker bit, carries flow cleaning labelling.Such as, when the current report of detection When literary composition is normal message, arranging cleaning marker bit is 1.When other network equipments receive this message, pass through Identify that this cleaning marker bit confirms that current message is normal message, and then no longer perform FlowSpec detection, directly Switch through and send out.
When the network equipment is attack message by FlowSpec detection confirmation message, abandon this message, thus Realize the interception to attack message, shield the impact on user network.
Additionally, in order to prevent assailant from knowing the defence policies of the present invention, and in attack message, carry flow Cleaning labelling, and then evade FlowSpec detection, first the embodiment of the present invention carries out network to the message received The detection in source, i.e. judge the message that receives whether from inside carrier network, for from operator's net Message within network performs abovementioned steps 201 and the process of step 202;For being not from carrier network Internal message, such as, from the message of user network, then remove the flow cleaning labelling in message, then Perform step 201 and the process of step 202, i.e. the message entering carrier network from user network is forced Perform FlowSpec detection.
The most still as a example by Fig. 1, message repeating process is discussed in detail.
It is assumed that main frame 21 sends IP message to main frame 11, this IP message is after the network equipment 22 forwards Enter carrier network 30.
The network equipment 33 receives the IP message that the network equipment 22 forwards, according to the interface of this IP message of reception, Determine that the equipment being connected with this interface is (within equipment outside carrier network 30 or carrier network 30 Equipment), and then determine that this IP message is from the message within carrier network 30, or from operator The message of network 30 external network.When confirming this IP message from carrier network 30 outside, force clear Except the flow cleaning labelling in IP message is (as it was previously stated, first that can arrange attribute field in IP message is 0)。
The network equipment 33 IP message to receiving performs FlowSpec detection, when detecting this IP message for attacking During message (having there is the FlowSpec list item that this IP message is corresponding in the present embodiment default network equipment 33), By this IP packet loss, no longer forward to the network equipment 32;When detecting this IP message and being normal message, Flow cleaning labelling (first that arranges attribute field in IP message is 1) is added in this IP message, and It is transmitted to the network equipment 32.
The network equipment 32 confirms that the IP message received is internal from carrier network 30, and confirms this IP message Carry flow cleaning labelling, the most no longer perform FlowSpec detection, be directly forwarded to the network equipment 31.
In like manner, the network equipment 31 confirm the IP message received from inside carrier network 30, and this IP When message carries flow cleaning labelling, do not perform FlowSpec detection, be directly forwarded to the network equipment 12.
IP message is transmitted to main frame 11 by the network equipment 12.
By the present embodiment it can be seen that in the operator network, normal message has only carried out a FlowSpec Detection, substantially increases the forward efficiency of normal message.
Corresponding with the embodiment of aforementioned message forwarding method, present invention also offers the reality of apparatus for forwarding message Execute example.
The embodiment of apparatus for forwarding message 400 of the present invention can be applied on network devices.Device embodiment can To be realized by software, it is also possible to realize by the way of hardware or software and hardware combining.Implemented in software it is Example, as the device on a logical meaning, is by right in the processor run memory of its place equipment The computer program instructions answered is formed.For hardware view, as shown in Figure 4 A, turn for message of the present invention A kind of hardware structure diagram of transmitting apparatus place equipment, except the processor shown in Fig. 4 A and non-volatile memories Outside device, in embodiment, the equipment at device place is generally according to the actual functional capability of this equipment, it is also possible to include it His hardware, repeats no more this.
Refer to Fig. 4 B, for the structural representation of the apparatus for forwarding message 400 in one embodiment of the invention. This apparatus for forwarding message 400 includes marker for judgment unit 401 and message retransmission unit 402, wherein:
Marker for judgment unit 401, for judging whether the message received carries flow cleaning labelling, described flow Clean labelling for representing that current message is through the normal message of detection;
Message retransmission unit 402, for when carrying flow cleaning labelling in described message, forwards described message.
Further, described device 400 also includes:
Message judging unit, for when not carrying flow cleaning labelling, it is judged that described message in described message Whether it is attack message;
Labelling adding device, for when described message is not attack message, adds flow for described message clear Wash labelling;
Described message retransmission unit 402, is additionally operable to forward the message of described interpolation flow cleaning labelling.
Further, described device 400 also includes:
Message receives unit, for described message judging unit judge described message be whether attack message it Before, receiving Border Gateway Protocol (BGP) message, described BGP message carries flow specification FlowSpec list item, Described FlowSpec list item have recorded the message characteristic of attack message;
Described message judging unit, specifically for the message characteristic of the message when described reception with described When the message characteristic of the attack message of record is identical in FlowSpec list item, determine that the message of described reception is for attacking Hit message;Otherwise, it determines the message of described reception is not attack message.
Further, described device 400 also includes:
Whether labelling clearing cell, carry in judging, at described marker for judgment unit 401, the message received Before flow cleaning labelling, it is judged that whether described message comes from inside carrier network;When described message not When coming from carrier network inside, remove the flow cleaning labelling in described message.
Further,
Described flow cleaning labelling carries first Bit of attribute field in heading.
In said apparatus, the function of unit and the process that realizes of effect specifically refer in said method corresponding Step realize process, do not repeat them here.
For device embodiment, owing to it corresponds essentially to embodiment of the method, so relevant part ginseng See that the part of embodiment of the method illustrates.Device embodiment described above is only schematically, The wherein said unit illustrated as separating component can be or may not be physically separate, makees The parts shown for unit can be or may not be physical location, i.e. may be located at a place, Or can also be distributed on multiple NE.Can select according to the actual needs part therein or The whole module of person realizes the purpose of the present invention program.Those of ordinary skill in the art are not paying creativeness In the case of work, i.e. it is appreciated that and implements.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all at this Within the spirit of invention and principle, any modification, equivalent substitution and improvement etc. done, should be included in Within the scope of protection of the invention.

Claims (10)

1. a message forwarding method, the network equipment being applied in carrier network, it is characterised in that described Method includes:
Judging whether the message received carries flow cleaning labelling, described flow cleaning labelling is used for representing current Message is through the normal message of detection;
When described message carries flow cleaning labelling, forward described message.
2. the method for claim 1, it is characterised in that described method also includes:
When described message does not carries flow cleaning labelling, it is judged that whether described message is attack message;
When described message is not attack message, add flow cleaning labelling for described message;
Forward the message of described interpolation flow cleaning labelling.
3. method as claimed in claim 2, it is characterised in that described judge whether described message is to attack report Before literary composition, also include:
Receiving Border Gateway Protocol (BGP) message, described BGP message carries flow specification FlowSpec list item, Described FlowSpec list item have recorded the message characteristic of attack message;
Described judge whether described message is attack message, including:
When the message characteristic of message of described reception and the report of the attack message of record in described FlowSpec list item When literary composition feature is identical, determine that the message of described reception is attack message;Otherwise, it determines the message of described reception It it is not attack message.
4. the method for claim 1, it is characterised in that whether carry in the described message judging to receive Before flow cleaning labelling, also include:
Judge whether described message comes from inside carrier network;
When described message is not from carrier network inside, remove the flow cleaning mark in described message Note.
5. the method as described in Claims 1-4 is arbitrary, it is characterised in that:
Described flow cleaning labelling carries first Bit of attribute field in heading.
6. an apparatus for forwarding message, the network equipment being applied in carrier network, it is characterised in that Described device includes:
Marker for judgment unit, for judging whether the message received carries flow cleaning labelling, described flow Clean labelling for representing that current message is through the normal message of detection;
Message retransmission unit, for when carrying flow cleaning labelling in described message, forwards described message.
7. device as claimed in claim 6, it is characterised in that described device also includes:
Message judging unit, for when not carrying flow cleaning labelling, it is judged that described report in described message Whether literary composition is attack message;
Labelling adding device, for when described message is not attack message, adds flow for described message Clean labelling;
Described message retransmission unit, is additionally operable to forward the message of described interpolation flow cleaning labelling.
8. device as claimed in claim 7, it is characterised in that described device also includes:
Message receives unit, for judging whether described message is attack message at described message judging unit Before, receiving Border Gateway Protocol (BGP) message, described BGP message carries flow specification FlowSpec table , described FlowSpec list item have recorded the message characteristic of attack message;
Described message judging unit, specifically for the message characteristic of the message when described reception with described When the message characteristic of the attack message of record is identical in FlowSpec list item, determine that the message of described reception is Attack message;Otherwise, it determines the message of described reception is not attack message.
9. device as claimed in claim 6, it is characterised in that described device also includes:
Whether labelling clearing cell, for carrying stream in the message that described marker for judgment unit judges receives Before amount cleans labelling, it is judged that whether described message comes from inside carrier network;When described message not When coming from carrier network inside, remove the flow cleaning labelling in described message.
10. the device as described in claim 6 to 9 is arbitrary, it is characterised in that:
Described flow cleaning labelling carries first Bit of attribute field in heading.
CN201610339071.3A 2016-05-19 2016-05-19 Message forwarding method and device Active CN106059939B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610339071.3A CN106059939B (en) 2016-05-19 2016-05-19 Message forwarding method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610339071.3A CN106059939B (en) 2016-05-19 2016-05-19 Message forwarding method and device

Publications (2)

Publication Number Publication Date
CN106059939A true CN106059939A (en) 2016-10-26
CN106059939B CN106059939B (en) 2019-12-06

Family

ID=57177300

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610339071.3A Active CN106059939B (en) 2016-05-19 2016-05-19 Message forwarding method and device

Country Status (1)

Country Link
CN (1) CN106059939B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108123843A (en) * 2016-11-28 2018-06-05 中国移动通信有限公司研究院 Flow rate testing methods, detection data processing method and processing device
CN111224960A (en) * 2019-12-27 2020-06-02 北京天融信网络安全技术有限公司 Information processing method, information processing device, electronic equipment and storage medium
CN114172738A (en) * 2021-12-15 2022-03-11 广州市苏纳米实业有限公司 DDoS attack resisting method and device based on intelligent security box and intelligent security box

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101136922A (en) * 2007-04-28 2008-03-05 华为技术有限公司 Service stream recognizing method, device and distributed refusal service attack defending method, system
CN102195843A (en) * 2010-03-02 2011-09-21 中国移动通信集团公司 Flow control system and method
CN104601482A (en) * 2013-10-30 2015-05-06 中兴通讯股份有限公司 Traffic cleaning method and device
CN104917653A (en) * 2015-06-26 2015-09-16 北京奇虎科技有限公司 Virtual flow monitoring method based on cloud platform and device thereof
US20150281085A1 (en) * 2014-01-23 2015-10-01 InMon Corp. Method and system of large flow control in communication networks

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101136922A (en) * 2007-04-28 2008-03-05 华为技术有限公司 Service stream recognizing method, device and distributed refusal service attack defending method, system
CN102195843A (en) * 2010-03-02 2011-09-21 中国移动通信集团公司 Flow control system and method
CN104601482A (en) * 2013-10-30 2015-05-06 中兴通讯股份有限公司 Traffic cleaning method and device
US20150281085A1 (en) * 2014-01-23 2015-10-01 InMon Corp. Method and system of large flow control in communication networks
CN104917653A (en) * 2015-06-26 2015-09-16 北京奇虎科技有限公司 Virtual flow monitoring method based on cloud platform and device thereof

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108123843A (en) * 2016-11-28 2018-06-05 中国移动通信有限公司研究院 Flow rate testing methods, detection data processing method and processing device
CN108123843B (en) * 2016-11-28 2020-04-14 中国移动通信有限公司研究院 Flow detection method, detection data processing method and device
CN111224960A (en) * 2019-12-27 2020-06-02 北京天融信网络安全技术有限公司 Information processing method, information processing device, electronic equipment and storage medium
CN114172738A (en) * 2021-12-15 2022-03-11 广州市苏纳米实业有限公司 DDoS attack resisting method and device based on intelligent security box and intelligent security box
CN114172738B (en) * 2021-12-15 2022-12-13 广州市苏纳米实业有限公司 DDoS attack resisting method and device based on intelligent security box and intelligent security box

Also Published As

Publication number Publication date
CN106059939B (en) 2019-12-06

Similar Documents

Publication Publication Date Title
CN110290098B (en) Method and device for defending network attack
Ambrosin et al. Lineswitch: Efficiently managing switch flow in software-defined networking while effectively tackling dos attacks
Anderson et al. Preventing Internet denial-of-service with capabilities
AU2015255980B2 (en) System and methods for reducing impact of malicious activity on operations of a wide area network
US7925766B2 (en) Method for distributed denial-of-service attack mitigation by selective black-holing in MPLS VPNS
US7953855B2 (en) Distributed denial-of-service attack mitigation by selective black-holing in IP networks
KR101067781B1 (en) Method and apparatus for defending against denial of service attacks in IP networks by target victim self-identification and control
JP4808573B2 (en) System, method, and program for identifying the source of malicious network messages
KR20080028381A (en) Method for defending against denial of service attacks in ip networks by target victim self-identification and control
US20130298220A1 (en) System and method for managing filtering information of attack traffic
CN110099027A (en) Transmission method and device, storage medium, the electronic device of service message
CN106059939A (en) Message forwarding method and device
JP4284248B2 (en) Application service rejection attack prevention method, system, and program
JP5178573B2 (en) Communication system and communication method
Dubendorfer et al. Adaptive distributed traffic control service for DDoS attack mitigation
JP4322179B2 (en) Denial of service attack prevention method and system
Bossardt et al. Enhanced Internet security by a distributed traffic control service based on traffic ownership
Okada et al. Oblivious ddos mitigation with locator/id separation protocol
Park et al. An effective defense mechanism against DoS/DDoS attacks in flow-based routers
EP1744516A1 (en) Distributed denial-of-service attack mitigation by selective black-holing in IP networks
Ohsita et al. Deployable overlay network for defense against distributed SYN flood attacks
Atoum et al. Distributed Black Box and Graveyards Defense Strategies against Distributed Denial of Services
Kang et al. Design and Experiments of small DDoS Defense System using Traffic Deflecting in Autonomous System.
An et al. Coordination of anti-spoofing mechanisms in partial deployments
Priescu et al. Design of traceback methods for tracking DoS attacks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant after: Xinhua three Technology Co., Ltd.

Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant before: Huasan Communication Technology Co., Ltd.

GR01 Patent grant
GR01 Patent grant