CN101924764A - Large-scale DDoS (Distributed Denial of Service) attack defense system and method based on two-level linkage mechanism - Google Patents
Large-scale DDoS (Distributed Denial of Service) attack defense system and method based on two-level linkage mechanism Download PDFInfo
- Publication number
- CN101924764A CN101924764A CN2010102574500A CN201010257450A CN101924764A CN 101924764 A CN101924764 A CN 101924764A CN 2010102574500 A CN2010102574500 A CN 2010102574500A CN 201010257450 A CN201010257450 A CN 201010257450A CN 101924764 A CN101924764 A CN 101924764A
- Authority
- CN
- China
- Prior art keywords
- cleaning
- flow
- network
- ddos attack
- center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses large-scale DDoS (Distributed Denial of Service) attack defense system and method based on a two-level linkage mechanism. The method comprises the following steps of: monitoring the flow of a total network by a flow monitoring subsystem in real time, and searching and confirming a DDoS attack behavior; sending an alarm message for triggering a cleaning operation to a flow cleaning subsystem, and guiding the abnormal flow of the DDoS attach behavior to the flow cleaning subsystem; receiving the abnormal flow guided by the flow monitoring subsystem by the flow cleaning subsystem, cleaning the abnormal flow according to the cleaning operation triggered by the alarm message, (wherein the flow cleaning subsystem adopts the two-level architecture of a backbone network plus a local network defense system, and the two levels of cleaning system work cooperatively and clean synchronously), and injecting the cleaned cleaning flow back to a target customer network. The large-scale DDoS attack defense system and method based on the two-level linkage mechanism solve the problems of cleaning capacity, cleaning precision, and the like existing in the traditional DDoS defense technology; and on the basis of reducing the deployment cost of service scale, the large-scale DDoS attach defense capability of the total network is greatly improved, and the cleaning precision of the attack flow is increased.
Description
Technical field
The present invention relates to network safety filed, relate in particular to a kind of extensive ddos attack system of defense and method based on the secondary joint-action mechanism.
Background technology
Along with improving constantly of the industry-by-industry level of IT application, more and more enterprise customers' regular traffic operation is also more and more higher for the dependence of the Internet.At present because going from bad to worse of Internet security context makes this class client's Internet service be faced with great threat and risk.
Wherein, one of attack form that it is exist in the present the Internet the most common that distributed denial of service (DDoS, Distributed Denial of Service) is attacked, harmfulness is maximum.Ddos attack is meant by means of the client/server technology, and a plurality of computers are joined together as attacking platform one or more targets to be started DoS attack.Ddos attack is owing to attacking simply, achieving the goal easily, be difficult to prevent and trace more and more to become common attack pattern.
In recent years because commercial competition, political mood, economy such as extort at the driving of factor, ddos attack more and more presents systematism, scale, business-like characteristics, attack traffic is counted G, tens G easily, even tens G, attacking frequency also becomes worse greatly, cause service that serious consequences such as interruption, systemic breakdown are provided not only for internet, applications, the IT system service of all kinds of corporate clients, cause heavy economic losses; Simultaneously also serious threat has had a strong impact on the quality and the stable operation of infrastructure operator's backbone network to the infrastructure of telecom operators, one of the most common, safety problem that harmfulness is maximum that makes ddos attack become to exist in the present the Internet.
Ddos attack defence method commonly used at present has two kinds; a kind of is the terminal means of defence that cleans; by being on the defensive at flow cleaning equipment near the local deployment-specific of protected target; the characteristics of this method are the single-point defence; can only clean protection for the local user provides; and defence capability is limited, causes the congested of protected target place network or paralysis after attack in force takes place easily, and is then powerless for extensive, ultra-large ddos attack.
Another is that the source end cleans means of defence, by adopting the preventing mechanism of " distributed deployment, centralized dispatching, nearly source are cleaned ", before attack traffic converges, carry out distributed cleaning at a plurality of backbone network nodes place, can be used to defend the extensive ddos attack of tens G, tens G even G up to a hundred near the attack source.But because this mechanism mainly is to clean in the backbone network aspect, for the metropolitan area network, (IDC of Internet data center, Internet Data Center) etc. accusing each other of inside then is difficult to defence, simultaneously since purging system to dispose aspect higher, be difficult to dispose the prevention policies that becomes more meticulous; Above-mentioned two factors may cause causing the part attack traffic to avoid guard system, and the ddos attack protection that becomes more meticulous that provides for the client is provided.
In sum, how the abnormal flow to extensive ddos attack effectively cleans, and the extensive ddos attack defence capability that promotes the whole network becomes the technical problem that this area needs to be resolved hurrily.
Summary of the invention
The technical problem that the present invention will solve provides a kind of extensive ddos attack system of defense and method based on the secondary joint-action mechanism, can effectively solve problems of the prior art, can reach the flow cleaning that becomes more meticulous, obtain the expection technique effect of the extensive ddos attack defence capability that improves the whole network extensive ddos attack.
One aspect of the present invention provides a kind of extensive ddos attack system of defense based on the secondary joint-action mechanism, this system comprises: the flow monitoring subsystem, be used for the flow of the whole network is monitored in real time, after search and the behavior of affirmation ddos attack, send the warning message that triggers cleaning operation to the flow cleaning subsystem, and the abnormal flow of ddos attack behavior is drawn to the flow cleaning subsystem; The flow cleaning subsystem is used to receive the abnormal flow that the flow monitoring subsystem draws, and triggers cleaning operation according to warning message, abnormal flow is cleaned, and the cleaning flow after will cleaning is recycled into target customer's network.
Among the embodiment of the extensive ddos attack system of defense based on the secondary joint-action mechanism provided by the invention, this flow cleaning subsystem further comprises: the cleaning center of backbone network aspect is used for cleaning at the abnormal flow of nearly source end to the cross-domain ddos attack behavior that enters backbone network; The cleaning center of local network aspect, be used for cleaning, and the re-injection flow after the backbone network aspect cleaned carries out secondary cleaning to the abnormal flow of the ddos attack behavior of local network inside and from the abnormal flow that backbone network is omitted the ddos attack behavior of local network.
Among the embodiment of the extensive ddos attack system of defense based on the secondary joint-action mechanism provided by the invention, the cleaning center of local network aspect is that target customer place metropolitan area network or Internet data center dispose a cover cleaning equipment or a cleaning equipment group, is used for assisting the collaborative cleaning of the cleaning center enforcement of backbone network aspect to the abnormal flow of ddos attack behavior by the secondary joint-action mechanism.
Among the embodiment of the extensive ddos attack system of defense based on the secondary joint-action mechanism provided by the invention, after the abnormal flow of cross-domain ddos attack behavior enters backbone network, carry out nearly source by a plurality of cleaning center of backbone network aspect and clean, and the cleaning flow after will cleaning is recycled into the local network at target customer place by designated lane or dedicated network.
Among the embodiment of the extensive ddos attack system of defense based on the secondary joint-action mechanism provided by the invention, clean to the abnormal flow of the ddos attack behavior of local network inside and from the abnormal flow that backbone network is omitted the ddos attack behavior of local network, and after the re-injection flow after the backbone network aspect cleaned carries out secondary cleaning, cleaning flow after the cleaning center of local network aspect is cleaned it is recycled into target customer's network by tag distribution protocol (LDP) tunnel or multi protocol label switching protocol VPN (virtual private network) (MPLS VPN).
Another aspect of the present invention provides a kind of extensive ddos attack defence method based on the secondary joint-action mechanism, and this method comprises: the flow monitoring subsystem is monitored in real time to the flow of the whole network, searches and the behavior of affirmation ddos attack; Send the warning message that triggers cleaning operation to the flow cleaning subsystem, and the abnormal flow of ddos attack behavior is drawn to the flow cleaning subsystem; The flow cleaning subsystem receives the abnormal flow of flow monitoring subsystem traction, triggers cleaning operation according to warning message, abnormal flow is cleaned, and the cleaning flow after will cleaning is recycled into target customer's network.
Among the embodiment of the extensive ddos attack defence method based on the secondary joint-action mechanism provided by the invention, step " is cleaned abnormal flow " and further comprised: the cleaning center of backbone network aspect is cleaned at the abnormal flow of nearly source end to the cross-domain ddos attack behavior that enters backbone network; The cleaning center of local network aspect is cleaned to the abnormal flow of the ddos attack behavior of local network inside and from the abnormal flow that backbone network is omitted the ddos attack behavior of local network, and the re-injection flow after the backbone network aspect cleaned carries out secondary cleaning.
Among the embodiment of the extensive ddos attack defence method based on the secondary joint-action mechanism provided by the invention, the cleaning center of local network aspect is that target customer place metropolitan area network or Internet data center dispose a cover cleaning equipment or a cleaning equipment group, assists the collaborative cleaning of the cleaning center enforcement of backbone network aspect to the abnormal flow of ddos attack behavior by the secondary joint-action mechanism.
Among the embodiment of the extensive ddos attack defence method based on the secondary joint-action mechanism provided by the invention, after the abnormal flow of cross-domain ddos attack behavior enters backbone network, carry out nearly source by a plurality of cleaning center of backbone network aspect and clean, and the cleaning flow after will cleaning is recycled into the local network at target customer place by designated lane or dedicated network.
Among the embodiment of the extensive ddos attack defence method based on the secondary joint-action mechanism provided by the invention, the cleaning center of local network aspect is cleaned to the abnormal flow of the ddos attack behavior of local network inside and from the abnormal flow that backbone network is omitted the ddos attack behavior of local network, and the re-injection flow after the backbone network aspect cleaned carries out secondary cleaning.Cleaning flow after the cleaning center of local network aspect is cleaned it is recycled into target customer's network by LDP tunnel or MPLS VPN.
The extensive ddos attack system of defense and the method based on the secondary joint-action mechanism of confession of the present invention, problems such as existing cleaning capacity of existing DDoS guard technology and cleaning precision have been solved, on the basis that reduces professional scale lower deployment cost, promote the extensive ddos attack defence capability of the whole network greatly, improved the cleaning precision of attack traffic.
Description of drawings
The structural representation of a kind of extensive ddos attack system of defense based on the secondary joint-action mechanism that Fig. 1 illustrates that the embodiment of the invention provides;
Fig. 2 illustrates the schematic flow sheet that extensive ddos attack system of defense provided by the invention starts ddos attack flow cleaning mechanism;
The structural representation of a kind of extensive ddos attack system of defense based on the secondary joint-action mechanism that Fig. 3 illustrates that the embodiment of the invention provides;
Fig. 4 illustrates the schematic flow sheet that starts ddos attack flow cleaning mechanism based on the extensive ddos attack system of defense of secondary joint-action mechanism provided by the invention;
Fig. 5 illustrates the schematic flow sheet that the extensive ddos attack system of defense based on the secondary joint-action mechanism provided by the invention starts an embodiment of ddos attack flow cleaning mechanism;
The flow chart of Fig. 6 illustrates that the embodiment of the invention provides a kind of extensive ddos attack defence method based on the secondary joint-action mechanism;
Fig. 7 illustrates the flow chart of another embodiment of the extensive ddos attack defence method based on the secondary joint-action mechanism provided by the invention.
Embodiment
With reference to the accompanying drawings the present invention is described more fully, exemplary embodiment of the present invention wherein is described.
The structural representation of a kind of extensive ddos attack system of defense based on the secondary joint-action mechanism that Fig. 1 illustrates that the embodiment of the invention provides.
As shown in Figure 1, comprise flow monitoring subsystem 102, flow cleaning subsystem 104 based on the extensive ddos attack system of defense 100 of secondary joint-action mechanism, wherein
Flow monitoring subsystem 102, be used for the flow of the whole network is monitored in real time, after search and the behavior of affirmation ddos attack, send the warning message that triggers cleaning operation to the flow cleaning subsystem, and the abnormal flow of ddos attack behavior is drawn to the flow cleaning subsystem.For example, the flow monitoring subsystem is monitored in real time and is analysed in depth the whole network or arrival target customer's flow, searches and the deviation of " normally " behavior or the basic act of ddos attack.After attack was identified, the monitoring system activating alarm was given attendant or purging system, started the flow cleaning measure by manually or automatically triggering cleaning equipment.Among the embodiment of the extensive ddos attack system of defense based on the secondary joint-action mechanism provided by the invention, the monitoring range of flow monitoring subsystem can comprise backbone network aspect and local network aspect, can adopt one or more sets systems to form.
Flow cleaning subsystem 104 is used to receive the abnormal flow that the flow monitoring subsystem draws, and triggers cleaning operation according to warning message, abnormal flow is cleaned, and the cleaning flow after will cleaning is recycled into the network at target customer place.For example, the flow cleaning subsystem is the important component part of ddos attack protectiving scheme, after flow is arrived this subsystem by " traction ", can clean attack traffic by means such as flow cleaning, and legal packet is continued to be sent to destination address.Among the embodiment of the extensive ddos attack system of defense based on the secondary joint-action mechanism provided by the invention, respectively dispose a cover cleaning equipment (group) at backbone network aspect and target customer place metropolitan area network or IDC, can adopt the collaborative cleaning of secondary joint-action mechanism realization ddos attack flow.
Extensive ddos attack system of defense and method based on the secondary joint-action mechanism provided by the invention can be relied on the one or more backbone networks of operator, target customer place metropolitan area network or IDC, and ddos attack cleaning subsystem is realized; For convenience of description, provider backbone network can be called backbone network; Client place metropolitan area network or data center are called local network, the DDoS cleaning equipment of backbone network deploy, the cleaning equipment of the inner deployment of local network can be referred to as purging system.In the application of reality, cleaning center may be one or be made of the equipment group that many cleaning equipments are formed.
Realize aspect in technology, relate generally to several links such as flow monitoring, flow traction, flow cleaning and flow re-injection; Specifically:
1) flow monitoring: turn-on flow rate acquisition function (as Netflow etc.) on the core of whole network (relating to backbone network, local network) and convergence-level router, dispose flow collection and analytical system in the union, big stratum reticulare face realize to exception flow of network, potential security threat flow (as with the deviation of normal behaviour or the basic act of ddos attack) carry out macroscopic view monitoring and analyze, realize reporting to the police automatically and cleaning to trigger and link.In addition, can be as required at client CPE (customer premises equipment, CPE, Customer Premises Equipment) goes up turn-on flow rate acquisition function or, realize the alarm of client ddos attack and clean and trigger interlock at the abnormal flow monitoring equipment of customer network exit deployment-specific.
2) flow traction: in whole network, relate generally to the backbone network aspect, distributed deployment flow cleaning subsystem (for example cleaning center of backbone network aspect), when the abnormal flow monitoring subsystem flow that notes abnormalities, and triggering flow cleaning mechanism (can be by automatic triggering, also can manually start) after, utilize RR (Router Reflector, Routing Reflector) at backbone network declaration BGP (borde gateway Routing Protocol, Border Gateway Protocol) routing update, be drawn to each cleaning center node nearby with going to, realize distributedly cleaning with regard to the source in cleaning center by the flow of target of attack.Can set up the BGP relation by a triggering router and a plurality of RR on the backbone network that are specifically designed to the flow traction, unified declaration routing update is to realize that a plurality of RR are carried out centralized control.In addition,, clean the cleaning center of subsystem and the RR of local network and set up the BGP relation, realize that in the local network aspect unified declaration upgrades, originating from local net and the target flow that flows into local network are drawn to purging system flow cleaning for the local network aspect.
3) flow cleaning: in the backbone network aspect, each cleaning center is cleaned nearby to the ddos attack flow, blocking attack traffic near attacking the source, cleaning center adopts Anycast mechanism, and (Anycast and Multicast and Unicast are three kinds of communication modes, wherein Anycast refers to that a transmit leg is with the communication between the nearest group of recipient in the IPV6 agreement, and one of its purposes is the renewal work of All hosts routing table in organizing with a main frame.IPV6 can judge nearest gateway automatically, then packet is passed to this gateway conversely, this main frame can carry out Anycast to all main frames in organizing, up to the renewal work of finishing whole routing table) carry out the configuration of routing policy, can adopt many group Anycast address, whole or some cleaning center uses same Loopback IP address as external address of service, can realize the load balancing of the whole network or part of nodes as required, realize the unified scheduling of the whole network cleaning center resource, reduce impact or influence that extensive ddos attack flow causes backbone network to the full extent.
4) flow re-injection: the flow re-injection in the technical program divides two parts, relates to after the backbone network aspect flow cleaning and the two_stage flow re-injection after the local network flow cleaning.In the backbone network aspect, after each cleaning center was finished flow cleaning, the cleaning flow was recycled into client place local network by designated lane or network.In the local network aspect, the inner flow of initiating of local network and be cleaned from the flow that backbone network enters local network after, the cleaning flow is recycled into customer network by the multi protocol label switching protocol VPN (virtual private network) (MPLS VPN) or tag distribution protocol (LDP) tunnel of local network inside, thereby has finally finished the re-injection of all cleaning flows.
An embodiment of the extensive ddos attack system of defense based on the secondary joint-action mechanism provided by the invention, problems such as existing cleaning capacity of existing DDoS guard technology and cleaning precision have been solved, on the basis that reduces professional scale lower deployment cost, promote the extensive ddos attack defence capability of the whole network greatly, improved the cleaning precision of attack traffic.
Fig. 2 illustrates the schematic flow sheet that extensive ddos attack system of defense provided by the invention starts ddos attack flow cleaning mechanism.
As shown in Figure 2, the traffic monitoring subsystem is monitored in real time and is analysed in depth the whole network or arrival target customer's flow, searches and the deviation of " normally " behavior or the basic act of ddos attack.After attack was identified, this monitoring subsystem can be by to the O﹠M personnel or clean subsystem and send warning message, and with this abnormal flow draw to the flow cleaning subsystem (as among Fig. 2 "
" shown in flow to, represent the abnormal flow of traffic monitoring subsystem traction), thus again by manually or automatically triggering the measure of cleaning equipment startup flow cleaning.After described abnormal flow is arrived the flow cleaning subsystem by " traction ", clean this attack traffic by means such as flow cleaning, and with legal packet continue to be sent to destination address (as among Fig. 2 "
" and "
" shown in flow to, flow and the local network aspect of representing the backbone network aspect to clean the back re-injection are respectively cleaned the flow of back re-injection).Can respectively dispose a cover cleaning equipment (group) at backbone network aspect and target customer place metropolitan area network or data center, this will be further detailed in embodiment subsequently.
Fig. 3 illustrates the structural representation of another embodiment of the extensive ddos attack system of defense based on the secondary joint-action mechanism provided by the invention.
As shown in Figure 3, mainly comprise based on the extensive ddos attack system of defense 300 of secondary joint-action mechanism: flow monitoring subsystem 302, flow cleaning subsystem 304, wherein; Wherein flow monitoring subsystem 302 can be to have same or analogous functional module with flow monitoring subsystem 102 shown in Figure 1; For for purpose of brevity, repeat no more here.
As shown in Figure 3, flow cleaning subsystem 302 further comprises: flow analysis subsystem 3030 and DNS association analysis subsystem 3022, wherein
The cleaning center 3030 of backbone network aspect is used for cleaning at the abnormal flow of nearly source end to the cross-domain ddos attack behavior that enters backbone network.
The cleaning center 3022 of local network aspect, be used for cleaning, and the re-injection flow after the backbone network aspect cleaned carries out secondary cleaning to the abnormal flow of the ddos attack behavior of local network inside and from the abnormal flow that backbone network is omitted the ddos attack behavior of local network.Among the embodiment of the extensive ddos attack system of defense based on the secondary joint-action mechanism provided by the invention, the cleaning center of local network aspect is that target customer place metropolitan area network or Internet data center dispose a cover cleaning equipment or a cleaning equipment group, is used for assisting the collaborative cleaning of the cleaning center enforcement of backbone network aspect to the abnormal flow of ddos attack behavior by the secondary joint-action mechanism.
Among the embodiment of the extensive ddos attack system of defense based on the secondary joint-action mechanism provided by the invention, after the abnormal flow of cross-domain ddos attack behavior enters backbone network, carry out nearly source by a plurality of cleaning center of backbone network aspect and clean, and the cleaning flow after will cleaning is recycled into the local network at target customer place by designated lane or dedicated network.
Among the embodiment of the extensive ddos attack system of defense based on the secondary joint-action mechanism provided by the invention, clean to the abnormal flow of the ddos attack behavior of local network inside and from the abnormal flow that backbone network is omitted the ddos attack behavior of local network, and after the re-injection flow after the backbone network aspect cleaned carries out secondary cleaning, cleaning flow after the cleaning center of local network aspect is cleaned it is recycled into target customer's network by LDP tunnel or MPLS VPN.
Among the embodiment of the extensive ddos attack system of defense based on the secondary joint-action mechanism provided by the invention, the backbone network cleaning center adopts distributed deployment, with regard to the working mechanism that the source is cleaned, be responsible for cleaning cross-domain attack traffic with regard to the source in the backbone network aspect; The local network purging system adopts terminal cleaning way to be responsible for cleaning this locality to internal attack flow and the cross-domain flow rate after cleaning is carried out secondary cleaning, thereby constitute the cleaning system of defense of secondary interlock, this secondary cleaning center collaborative work, can carry out cleaning operation synchronously; And adopt designated lane to realize the long-range re-injection of cleaning flow, thus the backbone bandwidth resource effectively saved, and significantly improve the flow cleaning precision.
Fig. 4 illustrates the schematic flow sheet that starts ddos attack flow cleaning mechanism based on the extensive ddos attack system of defense of secondary joint-action mechanism provided by the invention.
The representative network of the extensive ddos attack system of defense based on the secondary joint-action mechanism provided by the invention is disposed as shown in Figure 4, dispose cleaning center (as cleaning center 1, cleaning center 2, cleaning center 3 and local network cleaning center) respectively at a plurality of core nodes of backbone network aspect and target customer place metropolitan area network or IDC, form the secondary purging system framework of backbone network+local network, this secondary purging system adopts the machine-processed Collaboration of secondary interlock, and Each performs its own functions.Wherein the cleaning center of backbone network aspect mainly be responsible for nearly source end to the cross-domain attack traffic that enters backbone network (in as Fig. 4 "
" shown in flow to represent attack traffic) clean; and follow the principle that flow enters nearest cleaning center (being responsible for the unusual attack traffic of local network 1 being cleaned as cleaning center 1; cleaning center 2 is responsible for the unusual attack traffic of local network 2 being cleaned; cleaning center 3 is responsible cleans the unusual attack traffic of local network 3) nearby nearby nearby, among Fig. 4 "
" shown in flow to representative cleaning flow, among Fig. 4 "
" shown in flow to and to represent routing update information; The cleaning center of local network mainly is responsible for the attack traffic of local network inside and is cleaned from the attack traffic that backbone network is omitted local network, and the flow that the backbone network cleaning center was cleaned carried out secondary cleaning, collaboratively provide ddos attack protection service intensification, jumbo for the client.
Fig. 5 illustrates the schematic flow sheet that the extensive ddos attack system of defense based on the secondary joint-action mechanism provided by the invention starts an embodiment of ddos attack flow cleaning mechanism.
The present invention is an example to run two backbone network A (as the CN2 network) and B (as 163 networks) and client place metropolitan area network or Internet data center's (abbreviation local network), specifies the distributed defending against network deployment that how to realize based on the extensive ddos attack flow of secondary joint-action mechanism.
As shown in Figure 5, dispose flow cleaning center at backbone network core node (choosing a plurality of core nodes in the present embodiment), as backbone network one-level purging system; Two two backbone networks of A, B of hanging of each cleaning center, and identical cleaning center loop-back address is set, the Router Reflector of each cleaning center and place Da Qu (RR) is set up EBGP (External BGP, ExteriorBorder Gateway Protocol) Peer; Simultaneously set up BGP Peer, be used to declare distribution and the centralized control of protected route to realize cleaning at Trigger router of backbone network A node deployment and backbone network RR.Dispose a cover cleaning center at client place local network c, this cleaning center be responsible for originating from local net inside attack traffic (as among Fig. 5 "
" shown in flow to represent attack traffic) and the cleaning that enters the local network flow from backbone network A and/or B; Set up simultaneously the flow loopback VPN or the LDP passage of a special use in advance in local network inside, by this passage will clean flow (as among Fig. 5 "
" shown in flow to representative cleaning flow) be recycled into customer network.
On the core of backbone network and local network and convergence-level router, open Netflow, dispose flow collection and analytical system in the union, realize the macroscopic view monitoring of exception flow of network, potential security threat flow and analyze at big stratum reticulare face based on Netflow.For example, the target customer's of local network c main frame (the IP address is 60.195.X.X) is subjected to the extensive ddos attack from the nationwide, after being deployed in abnormal flow Monitor And Control Subsystem on the backbone network and finding this abnormal flow, judge that the attack source distributes and the target of attack address, starts the clear instruction of level two interlock.In the backbone network aspect, trigger router and will declare core, convergence router by RR to backbone network A, the BGP route next jump address of declaring protected destination address is the unique cleaning center address of the whole network, and each cleaning center realizes sharing automatically of flow by the Anycast mode; After receiving the bgp update information that RR declares, the core of backbone network A and converge routing node and will be forwarded to cleaning center to the attack traffic from all directions nearby realizes the flow traction.Each cleaning center is cleaned nearby to drawing the ddos attack flow that comes, and is blocking attack traffic near attacking the source.Cleaning flow after each cleaning center is cleaned enters backbone network B, enters the local network c at protected destination host place by backbone network B overall situation routing mode.
In the local network aspect, local purging system starts clear instruction synchronously, the attack traffic of originating from local net c inside, enter the cleaning flow of local network c and be derived from the attack traffic of backbone network B by backbone network B, all being drawn to local purging system cleans, flow after the cleaning enters client place network by MPLS VPN or the LDP passage of purging system and client's first line of a couplet CPE, has realized the final re-injection of normal discharge.
The flow chart of Fig. 6 illustrates that the embodiment of the invention provides a kind of extensive ddos attack defence method based on the secondary joint-action mechanism.
As shown in Figure 6, the extensive ddos attack defence method 600 based on the secondary joint-action mechanism comprises: step 602, the flow monitoring subsystem is monitored in real time to the flow of the whole network, searches and the behavior of affirmation ddos attack.For example, the flow monitoring subsystem is monitored in real time and is analysed in depth the whole network or arrival target customer's flow, searches and the deviation of " normally " behavior or the basic act of ddos attack.
An embodiment of the extensive ddos attack defence method based on the secondary joint-action mechanism provided by the invention, problems such as existing cleaning capacity of existing DDoS guard technology and cleaning precision have been solved, on the basis that reduces professional scale lower deployment cost, promote the extensive ddos attack defence capability of the whole network greatly, improved the cleaning precision of attack traffic.
Fig. 7 illustrates the flow chart of another embodiment of the extensive ddos attack defence method based on the secondary joint-action mechanism provided by the invention.
As shown in Figure 2, extensive ddos attack defence method 200 based on the secondary joint-action mechanism comprises step 702,704,706,707 and 708, wherein step 702 and 704 can be carried out respectively and step 602 shown in Figure 6 and 604 same or analogous technology contents, for for purpose of brevity, repeat no more its technology contents here.
As shown in Figure 7, after step 704, execution in step 706, the flow cleaning subsystem receives the abnormal flow of flow monitoring subsystem traction, trigger cleaning operation according to warning message, the cleaning center of backbone network aspect is cleaned at the abnormal flow of nearly source end to the cross-domain ddos attack behavior that enters backbone network.
Step 708 is recycled into target customer's network with the cleaning flow after cleaning.
Among the embodiment of the extensive ddos attack defence method based on the secondary joint-action mechanism provided by the invention, the cleaning center of local network aspect is that target customer place metropolitan area network or Internet data center dispose a cover cleaning equipment or a cleaning equipment group, assists the collaborative cleaning of the cleaning center enforcement of backbone network aspect to the abnormal flow of ddos attack behavior by the secondary joint-action mechanism.
Among the embodiment of the extensive ddos attack defence method based on the secondary joint-action mechanism provided by the invention, after the abnormal flow of cross-domain ddos attack behavior enters backbone network, carry out nearly source by a plurality of cleaning center of backbone network aspect and clean, and the cleaning flow after will cleaning is recycled into the network at target customer place by designated lane or dedicated network.
Among the embodiment of the extensive ddos attack defence method based on the secondary joint-action mechanism provided by the invention, the cleaning center of local network aspect is cleaned to the abnormal flow of the ddos attack behavior of local network inside and from the abnormal flow that backbone network is omitted the ddos attack behavior of local network, and the re-injection flow after the backbone network aspect cleaned carries out secondary cleaning.Cleaning flow after the cleaning center of local network aspect is cleaned it is recycled into target customer's network by LDP tunnel or MPLS VPN.
With reference to the exemplary description of aforementioned the present invention, those skilled in the art can clearly know the present invention and have the following advantages:
1, an embodiment of extensive ddos attack system of defense and the method based on the secondary joint-action mechanism provided by the invention, problems such as existing cleaning capacity of existing DDoS guard technology and cleaning precision have been solved, on the basis that reduces professional scale lower deployment cost, promote the extensive ddos attack defence capability of the whole network greatly, improved the cleaning precision of attack traffic.
2, an embodiment of extensive ddos attack system of defense and the method based on the secondary joint-action mechanism provided by the invention, the backbone network cleaning center adopts distributed deployment, with regard to the working mechanism that the source is cleaned, be responsible for cleaning cross-domain attack traffic with regard to the source in the backbone network aspect; The local network purging system adopts terminal cleaning way to be responsible for cleaning this locality to internal attack flow and the cross-domain flow rate after cleaning is carried out secondary cleaning, thereby constitute the cleaning system of defense of secondary interlock, this secondary cleaning center collaborative work, can carry out cleaning operation synchronously; And adopt designated lane to realize the long-range re-injection of cleaning flow, thus the backbone bandwidth resource effectively saved, and significantly improve the flow cleaning precision.
Description of the invention provides for example with for the purpose of describing, and is not exhaustively or limit the invention to disclosed form.Many modifications and variations are obvious for the ordinary skill in the art.Selecting and describing embodiment is for better explanation principle of the present invention and practical application, thereby and makes those of ordinary skill in the art can understand the various embodiment that have various modifications that the present invention's design is suitable for special-purpose.
Claims (10)
1. extensive ddos attack system of defense based on the secondary joint-action mechanism is characterized in that described system comprises:
The flow monitoring subsystem, be used for the flow of the whole network is monitored in real time, after search and the behavior of affirmation ddos attack, send the warning message that triggers cleaning operation to the flow cleaning subsystem, and the abnormal flow of described ddos attack behavior is drawn extremely described flow cleaning subsystem;
Described flow cleaning subsystem is used to receive the described abnormal flow that described flow monitoring subsystem draws, and triggers cleaning operation according to described warning message, described abnormal flow is cleaned, and the cleaning flow after will cleaning is recycled into target customer's network.
2. system according to claim 1 is characterized in that, described flow cleaning subsystem further comprises:
The cleaning center of backbone network aspect is used for cleaning at the abnormal flow of nearly source end to the cross-domain ddos attack behavior that enters backbone network;
The cleaning center of local network aspect, be used for cleaning, and the re-injection flow after the backbone network aspect cleaned carries out secondary cleaning to the abnormal flow of the ddos attack behavior of described local network inside and from the abnormal flow that described backbone network is omitted the described ddos attack behavior of local network.
3. system according to claim 2, it is characterized in that, the cleaning center of described local network aspect is that target customer place metropolitan area network or Internet data center dispose a cover cleaning equipment or a cleaning equipment group, is used for assisting the collaborative cleaning of the cleaning center enforcement of described backbone network aspect to the abnormal flow of described ddos attack behavior by the secondary joint-action mechanism.
4. system according to claim 2, it is characterized in that, after the abnormal flow of described cross-domain ddos attack behavior enters described backbone network, carry out nearly source by a plurality of cleaning center of described backbone network aspect and clean, and the cleaning flow after will cleaning is recycled into the local network at target customer place by designated lane or dedicated network.
5. system according to claim 2, it is characterized in that, clean to the abnormal flow of the ddos attack behavior of described local network inside and from the abnormal flow that described backbone network is omitted the described ddos attack behavior of local network, and the re-injection flow after the backbone network cleaning center cleaned carries out secondary cleaning, cleaning flow after the cleaning center of described local network aspect is cleaned it is recycled into target customer's network by tag distribution protocol (LDP) tunnel or multi protocol label switching protocol VPN (virtual private network) (MPLS VPN).
6. extensive ddos attack defence method based on the secondary joint-action mechanism is characterized in that described method comprises:
The flow monitoring subsystem is monitored in real time to the flow of the whole network, searches and the behavior of affirmation ddos attack;
Send the warning message that triggers cleaning operation to the flow cleaning subsystem, and the abnormal flow of described ddos attack behavior is drawn to described flow cleaning subsystem;
Described flow cleaning subsystem receives the described abnormal flow of described flow monitoring subsystem traction, triggers cleaning operation according to described warning message, described abnormal flow is cleaned, and the cleaning flow after will cleaning is recycled into target customer's network.
7. method according to claim 6 is characterized in that, step " is cleaned described abnormal flow " and further comprised:
The cleaning center of backbone network aspect is cleaned at the abnormal flow of nearly source end to the cross-domain ddos attack behavior that enters backbone network;
The cleaning center of local network aspect is cleaned to the abnormal flow of the ddos attack behavior of described local network inside and from the abnormal flow that described backbone network is omitted the described ddos attack behavior of local network, and the re-injection flow after backbone network aspect cleaning center cleaned carries out secondary cleaning.
8. method according to claim 7, it is characterized in that, the cleaning center of described local network aspect is that target customer place metropolitan area network or Internet data center dispose a cover cleaning equipment or a cleaning equipment group, assists the collaborative cleaning of the cleaning center enforcement of described backbone network aspect to the abnormal flow of described ddos attack behavior by the secondary joint-action mechanism.
9. method according to claim 7, it is characterized in that, after the abnormal flow of described cross-domain ddos attack behavior enters described backbone network, carry out nearly source by a plurality of cleaning center of described backbone network aspect and clean, and the cleaning flow after will cleaning is recycled into the local network at target customer place by designated lane or dedicated network.
10. method according to claim 7, it is characterized in that, the cleaning center of local network aspect is cleaned to the abnormal flow of the ddos attack behavior of described local network inside and from the abnormal flow that described backbone network is omitted the described ddos attack behavior of local network, and the re-injection flow after backbone network aspect cleaning center cleaned carries out secondary cleaning, cleaning flow after the cleaning center of described local network aspect is cleaned it is recycled into target customer's network by tag distribution protocol (LDP) tunnel or multi protocol label switching protocol VPN (virtual private network) (MPLS VPN).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010257450.0A CN101924764B (en) | 2010-08-09 | 2010-08-09 | Large-scale DDoS (Distributed Denial of Service) attack defense system and method based on two-level linkage mechanism |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010257450.0A CN101924764B (en) | 2010-08-09 | 2010-08-09 | Large-scale DDoS (Distributed Denial of Service) attack defense system and method based on two-level linkage mechanism |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101924764A true CN101924764A (en) | 2010-12-22 |
| CN101924764B CN101924764B (en) | 2013-04-10 |
Family
ID=43339408
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010257450.0A Active CN101924764B (en) | 2010-08-09 | 2010-08-09 | Large-scale DDoS (Distributed Denial of Service) attack defense system and method based on two-level linkage mechanism |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101924764B (en) |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103209192A (en) * | 2013-05-10 | 2013-07-17 | 张昱 | Domain status cleaning system for DDoS (distributed denial of service) attack and detection method |
| CN103262023A (en) * | 2010-12-29 | 2013-08-21 | 亚马逊技术股份有限公司 | Techniques for protecting against denial of service attacks near the source |
| CN104158803A (en) * | 2014-08-01 | 2014-11-19 | 国家电网公司 | Modularized protection detecting method and system aiming at DDoS (Distributed Denial of Service) attack |
| CN104767762A (en) * | 2015-04-28 | 2015-07-08 | 亚信科技(南京)有限公司 | Safety protection system |
| CN104967588A (en) * | 2014-05-26 | 2015-10-07 | 腾讯科技(深圳)有限公司 | Protection method, apparatus and system for distributed denial of service DDoS (distributed denial of service) attack |
| CN105049441A (en) * | 2015-08-07 | 2015-11-11 | 杭州数梦工场科技有限公司 | Implementation method and system for preventing link type DDoS (Distributed Denial of Service) attacks |
| CN105262737A (en) * | 2015-09-24 | 2016-01-20 | 西安电子科技大学 | Method for resisting DDOS attacks based on channel hopping mode |
| US9350706B1 (en) * | 2013-03-15 | 2016-05-24 | Centurylink Intellectual Property Llc | Network traffic data scrubbing with services offered via anycasted addresses |
| CN106341423A (en) * | 2016-10-26 | 2017-01-18 | 杭州华三通信技术有限公司 | Message processing method and device |
| CN106411910A (en) * | 2016-10-18 | 2017-02-15 | 上海优刻得信息科技有限公司 | Defense method and system for distributed denial of service (DDoS) attacks |
| WO2017041656A1 (en) * | 2015-09-09 | 2017-03-16 | 阿里巴巴集团控股有限公司 | Traffic processing method, device and system |
| CN106685823A (en) * | 2016-12-16 | 2017-05-17 | 杭州迪普科技股份有限公司 | Flow cleaning method and flow cleaning device |
| CN106817268A (en) * | 2015-11-30 | 2017-06-09 | 上海安畅网络科技股份有限公司 | The detection method and system of a kind of DDOS attack |
| CN107231344A (en) * | 2017-05-04 | 2017-10-03 | 杭州迪普科技股份有限公司 | Flow cleaning method and apparatus |
| CN107241294A (en) * | 2016-03-28 | 2017-10-10 | 阿里巴巴集团控股有限公司 | The processing method and processing device of network traffics, cleaning equipment, the network equipment |
| CN107493272A (en) * | 2017-08-01 | 2017-12-19 | 杭州迪普科技股份有限公司 | A kind of flow cleaning methods, devices and systems |
| CN108322417A (en) * | 2017-01-16 | 2018-07-24 | 阿里巴巴集团控股有限公司 | Processing method, device and system and the safety equipment of network attack |
| CN109347792A (en) * | 2018-09-03 | 2019-02-15 | 中新网络信息安全股份有限公司 | A kind of anti-Large Scale DDoS Attack system of defense and defence method continuing linkage pattern based on cloud+end equipment |
| CN109450841A (en) * | 2018-09-03 | 2019-03-08 | 中新网络信息安全股份有限公司 | A kind of Large Scale DDoS Attack detection and system of defense and defence method based on the on-demand linkage pattern of cloud+end equipment |
| CN110995884A (en) * | 2019-12-13 | 2020-04-10 | 成都知道创宇信息技术有限公司 | Method for cleaning and transmitting flow based on Anycast architecture DNS |
| CN111294365A (en) * | 2020-05-12 | 2020-06-16 | 腾讯科技(深圳)有限公司 | Attack flow protection system, method and device, electronic equipment and storage medium |
| CN111355649A (en) * | 2018-12-20 | 2020-06-30 | 阿里巴巴集团控股有限公司 | Flow reinjection method, device and system |
| CN111404868A (en) * | 2019-01-02 | 2020-07-10 | 中国移动通信有限公司研究院 | Method and device for relieving DDoS attack, electronic equipment and storage medium |
| CN113630400A (en) * | 2021-07-28 | 2021-11-09 | 上海纽盾科技股份有限公司 | Communication method, device and system for joint attack prevention in network security |
| CN113852609A (en) * | 2021-09-03 | 2021-12-28 | 深圳市托奇科技有限公司 | DDoS attack defense method and system based on multi-link end cloud linkage mode |
| CN113890746A (en) * | 2021-08-16 | 2022-01-04 | 曙光信息产业(北京)有限公司 | Attack traffic identification method, device, equipment and storage medium |
| WO2023185502A1 (en) * | 2022-03-28 | 2023-10-05 | 华为技术有限公司 | Traffic reinjection method and protection system |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105959334B (en) * | 2016-07-20 | 2019-09-24 | 上海携程商务有限公司 | The automatic defense and method of ddos attack |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002164938A (en) * | 2000-09-12 | 2002-06-07 | Nippon Telegr & Teleph Corp <Ntt> | Method and system for preventing distribution type denial of service attack and its computer program |
| JP2004164107A (en) * | 2002-11-11 | 2004-06-10 | Kddi Corp | Unauthorized access monitoring system |
| US20060075084A1 (en) * | 2004-10-01 | 2006-04-06 | Barrett Lyon | Voice over internet protocol data overload detection and mitigation system and method |
| EP1705863A1 (en) * | 2005-03-25 | 2006-09-27 | AT&T Corp. | Method and apparatus for traffic control of dynamic denial of service attacks within a communications network |
| CN101309150A (en) * | 2008-06-30 | 2008-11-19 | 华为技术有限公司 | Distributed service attack refusing defense method, apparatus and system |
| CN101588246A (en) * | 2008-05-23 | 2009-11-25 | 成都市华为赛门铁克科技有限公司 | Method, network equipment and network system for defending distributed denial service DDoS attack |
-
2010
- 2010-08-09 CN CN201010257450.0A patent/CN101924764B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002164938A (en) * | 2000-09-12 | 2002-06-07 | Nippon Telegr & Teleph Corp <Ntt> | Method and system for preventing distribution type denial of service attack and its computer program |
| JP2004164107A (en) * | 2002-11-11 | 2004-06-10 | Kddi Corp | Unauthorized access monitoring system |
| US20060075084A1 (en) * | 2004-10-01 | 2006-04-06 | Barrett Lyon | Voice over internet protocol data overload detection and mitigation system and method |
| EP1705863A1 (en) * | 2005-03-25 | 2006-09-27 | AT&T Corp. | Method and apparatus for traffic control of dynamic denial of service attacks within a communications network |
| CN101588246A (en) * | 2008-05-23 | 2009-11-25 | 成都市华为赛门铁克科技有限公司 | Method, network equipment and network system for defending distributed denial service DDoS attack |
| CN101309150A (en) * | 2008-06-30 | 2008-11-19 | 华为技术有限公司 | Distributed service attack refusing defense method, apparatus and system |
Cited By (43)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103262023A (en) * | 2010-12-29 | 2013-08-21 | 亚马逊技术股份有限公司 | Techniques for protecting against denial of service attacks near the source |
| US11095680B2 (en) * | 2013-03-15 | 2021-08-17 | Centurylink Intellectual Property Llc | Network traffic data scrubbing with services offered via anycasted addresses |
| US9350706B1 (en) * | 2013-03-15 | 2016-05-24 | Centurylink Intellectual Property Llc | Network traffic data scrubbing with services offered via anycasted addresses |
| CN103209192A (en) * | 2013-05-10 | 2013-07-17 | 张昱 | Domain status cleaning system for DDoS (distributed denial of service) attack and detection method |
| CN103209192B (en) * | 2013-05-10 | 2016-03-23 | 张昱 | For domain name state purging system during ddos attack and detection method |
| CN104967588A (en) * | 2014-05-26 | 2015-10-07 | 腾讯科技(深圳)有限公司 | Protection method, apparatus and system for distributed denial of service DDoS (distributed denial of service) attack |
| CN104967588B (en) * | 2014-05-26 | 2017-02-15 | 腾讯科技(深圳)有限公司 | Protection method, apparatus and system for distributed denial of service DDoS (distributed denial of service) attack |
| CN104158803A (en) * | 2014-08-01 | 2014-11-19 | 国家电网公司 | Modularized protection detecting method and system aiming at DDoS (Distributed Denial of Service) attack |
| CN104767762A (en) * | 2015-04-28 | 2015-07-08 | 亚信科技(南京)有限公司 | Safety protection system |
| CN105049441A (en) * | 2015-08-07 | 2015-11-11 | 杭州数梦工场科技有限公司 | Implementation method and system for preventing link type DDoS (Distributed Denial of Service) attacks |
| CN105049441B (en) * | 2015-08-07 | 2019-01-01 | 杭州数梦工场科技有限公司 | Prevent the method and system of link type ddos attack |
| CN109246128B (en) * | 2015-08-07 | 2019-09-17 | 杭州数梦工场科技有限公司 | Prevent the method and system of link type ddos attack |
| CN109246128A (en) * | 2015-08-07 | 2019-01-18 | 杭州数梦工场科技有限公司 | Prevent the method and system of link type ddos attack |
| WO2017041656A1 (en) * | 2015-09-09 | 2017-03-16 | 阿里巴巴集团控股有限公司 | Traffic processing method, device and system |
| CN106534043A (en) * | 2015-09-09 | 2017-03-22 | 阿里巴巴集团控股有限公司 | Flow processing method, equipment and system |
| CN105262737A (en) * | 2015-09-24 | 2016-01-20 | 西安电子科技大学 | Method for resisting DDOS attacks based on channel hopping mode |
| CN105262737B (en) * | 2015-09-24 | 2018-09-11 | 西安电子科技大学 | A method of based on defending against DDOS attack for jump channel pattern |
| CN106817268A (en) * | 2015-11-30 | 2017-06-09 | 上海安畅网络科技股份有限公司 | The detection method and system of a kind of DDOS attack |
| CN106817268B (en) * | 2015-11-30 | 2020-04-07 | 上海安畅网络科技股份有限公司 | DDOS attack detection method and system |
| CN107241294B (en) * | 2016-03-28 | 2020-09-15 | 阿里巴巴集团控股有限公司 | Network flow processing method and device, cleaning equipment and network equipment |
| CN107241294A (en) * | 2016-03-28 | 2017-10-10 | 阿里巴巴集团控股有限公司 | The processing method and processing device of network traffics, cleaning equipment, the network equipment |
| CN106411910A (en) * | 2016-10-18 | 2017-02-15 | 上海优刻得信息科技有限公司 | Defense method and system for distributed denial of service (DDoS) attacks |
| CN106411910B (en) * | 2016-10-18 | 2019-04-05 | 优刻得科技股份有限公司 | A kind of defence method and system of distributed denial of service attack |
| CN106341423B (en) * | 2016-10-26 | 2019-12-06 | 新华三技术有限公司 | Message processing method and device |
| CN106341423A (en) * | 2016-10-26 | 2017-01-18 | 杭州华三通信技术有限公司 | Message processing method and device |
| CN106685823A (en) * | 2016-12-16 | 2017-05-17 | 杭州迪普科技股份有限公司 | Flow cleaning method and flow cleaning device |
| CN108322417B (en) * | 2017-01-16 | 2021-10-19 | 阿里巴巴集团控股有限公司 | Network attack processing method, device and system and security equipment |
| CN108322417A (en) * | 2017-01-16 | 2018-07-24 | 阿里巴巴集团控股有限公司 | Processing method, device and system and the safety equipment of network attack |
| CN107231344A (en) * | 2017-05-04 | 2017-10-03 | 杭州迪普科技股份有限公司 | Flow cleaning method and apparatus |
| CN107493272A (en) * | 2017-08-01 | 2017-12-19 | 杭州迪普科技股份有限公司 | A kind of flow cleaning methods, devices and systems |
| CN109347792B (en) * | 2018-09-03 | 2020-11-27 | 中新网络信息安全股份有限公司 | Large-scale DDoS attack resistance defense system and method based on cloud + end equipment continuous linkage mode |
| CN109347792A (en) * | 2018-09-03 | 2019-02-15 | 中新网络信息安全股份有限公司 | A kind of anti-Large Scale DDoS Attack system of defense and defence method continuing linkage pattern based on cloud+end equipment |
| CN109450841A (en) * | 2018-09-03 | 2019-03-08 | 中新网络信息安全股份有限公司 | A kind of Large Scale DDoS Attack detection and system of defense and defence method based on the on-demand linkage pattern of cloud+end equipment |
| CN111355649A (en) * | 2018-12-20 | 2020-06-30 | 阿里巴巴集团控股有限公司 | Flow reinjection method, device and system |
| CN111404868A (en) * | 2019-01-02 | 2020-07-10 | 中国移动通信有限公司研究院 | Method and device for relieving DDoS attack, electronic equipment and storage medium |
| CN111404868B (en) * | 2019-01-02 | 2022-04-29 | 中国移动通信有限公司研究院 | Method and device for relieving DDoS attack, electronic equipment and storage medium |
| CN110995884A (en) * | 2019-12-13 | 2020-04-10 | 成都知道创宇信息技术有限公司 | Method for cleaning and transmitting flow based on Anycast architecture DNS |
| CN111294365A (en) * | 2020-05-12 | 2020-06-16 | 腾讯科技(深圳)有限公司 | Attack flow protection system, method and device, electronic equipment and storage medium |
| CN113630400A (en) * | 2021-07-28 | 2021-11-09 | 上海纽盾科技股份有限公司 | Communication method, device and system for joint attack prevention in network security |
| CN113890746A (en) * | 2021-08-16 | 2022-01-04 | 曙光信息产业(北京)有限公司 | Attack traffic identification method, device, equipment and storage medium |
| CN113890746B (en) * | 2021-08-16 | 2024-05-07 | 曙光信息产业(北京)有限公司 | Attack traffic identification method, device, equipment and storage medium |
| CN113852609A (en) * | 2021-09-03 | 2021-12-28 | 深圳市托奇科技有限公司 | DDoS attack defense method and system based on multi-link end cloud linkage mode |
| WO2023185502A1 (en) * | 2022-03-28 | 2023-10-05 | 华为技术有限公司 | Traffic reinjection method and protection system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101924764B (en) | 2013-04-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101924764B (en) | Large-scale DDoS (Distributed Denial of Service) attack defense system and method based on two-level linkage mechanism | |
| US10110485B2 (en) | Techniques for traffic diversion in software defined networks for mitigating denial of service attacks | |
| CN104954367B (en) | A kind of cross-domain ddos attack means of defence of internet omnidirectional | |
| EP3253025B1 (en) | Sdn-based ddos attack prevention method, device and system | |
| US7870611B2 (en) | System method and apparatus for service attack detection on a network | |
| CN101917425A (en) | Centralized cleaning system and method for internet bar flow in manner of bidirectional online | |
| CN102263788B (en) | Method and equipment for defending against denial of service (DDoS) attack to multi-service system | |
| CN102195843B (en) | Flow control system and method | |
| CA2497242A1 (en) | Method for distributed denial-of-service attack mitigation by selective black-holing in mpls vpns | |
| EP1919162A2 (en) | Identification of potential network threats using a distributed threshold random walk | |
| CA2511997A1 (en) | Mitigating denial of service attacks | |
| CN110213214B (en) | Attack protection method, system, device and storage medium | |
| CN106302371B (en) | A kind of firewall control method and system based on subscriber service system | |
| CN107743109A (en) | Means of defence, control device, processing unit and the system of flow attacking | |
| CN108156079B (en) | Data packet forwarding system and method based on cloud service platform | |
| Kumari et al. | Remote triggered black hole filtering with unicast reverse path forwarding (urpf) | |
| CN112787959A (en) | Traffic scheduling method and system | |
| CN103095730A (en) | Information security risk assessment method based on fault tree and system thereof | |
| CN105959334A (en) | DDos attack automatic defense system and method | |
| Singh et al. | Performance analysis of agent based distributed defense mechanisms against DDOS attacks | |
| CN101917414A (en) | BGP (Border Gateway Protocol) classification gateway device and method for realizing gateway function by using same | |
| US20190268263A1 (en) | Flow cache based mechanism of packet redirection in multiple border routers for application awareness | |
| CN116389120A (en) | Novel DDOS attack defense system and method based on IP and topology confusion | |
| KR101060615B1 (en) | Attack Detection and Tracking System and Method in All IP Network Environment | |
| CN110197065B (en) | Service data processing method, switch set and service data processing system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |