CN102355465B - Mapping cache DoS (Disc operating System) attack defense method based on identification, separation and mapping network - Google Patents
Mapping cache DoS (Disc operating System) attack defense method based on identification, separation and mapping network Download PDFInfo
- Publication number
- CN102355465B CN102355465B CN201110306435.5A CN201110306435A CN102355465B CN 102355465 B CN102355465 B CN 102355465B CN 201110306435 A CN201110306435 A CN 201110306435A CN 102355465 B CN102355465 B CN 102355465B
- Authority
- CN
- China
- Prior art keywords
- mapping
- buffer memory
- map information
- switch router
- puzzle
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000013507 mapping Methods 0.000 title claims abstract description 140
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000000926 separation method Methods 0.000 title abstract description 4
- 230000007123 defense Effects 0.000 title abstract 2
- 230000007246 mechanism Effects 0.000 claims abstract description 28
- 230000005540 biological transmission Effects 0.000 claims description 6
- 238000010276 construction Methods 0.000 claims description 3
- 238000000354 decomposition reaction Methods 0.000 claims description 3
- 238000010200 validation analysis Methods 0.000 claims description 3
- 238000004891 communication Methods 0.000 abstract description 7
- 230000001960 triggered effect Effects 0.000 abstract 1
- 238000001914 filtration Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000007115 recruitment Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000001174 ascending effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000000205 computational method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012804 iterative process Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a mapping cache DoS (Disc operating System) attack defense method based on an identification, separation and mapping network. Two thresholds are set in a mapping cache. When the number of mapping information entries in the mapping cache reaches the first threshold, a puzzle mechanism is triggered by an access switch router to reduce the increasing rate of the mapping information entries in the mapping cache; and when the number of mapping information entries in the mapping cache reaches the second threshold, the credibility of mapping information is calculated by the access switch router to identify and filter malicious mapping information. The uninterrupted communication of legitimate users can be protected, the malicious mapping information in the mapping cache can be identified and filtered, possible mapping cache DoS attacks can be prevented through the puzzle mechanism and the algorithm of mapping information credibility, and the security and reliability of the identification, separation and mapping network can be improved.
Description
Technical field
The present invention relates to a kind of mapping buffer memory DoS attack defence method based on identifier separating mapping network.DoS (Denial-of-Service) attacks and belongs to host resource exhausted attack.
Background technology
Identifier separating mapping network is a kind of novel network architecture, although the identity information thought separated with positional information has solved irrationality and the potential safety hazard in legacy network, the thought of this separated mapping also may be with serving new safety problem.
In identifier separating mapping network, may there is access switch router mapping buffer memory DoS attack, therefore need effective defence method.
In conventional internet, router side generally adopts rate limit Rate Limiting method to control the function that communication sends or receives at a network interface, thereby prevents DoS attack.The cardinal principle that rate limit is attacked is to control the flow rate of network service, and when network traffics speed is less than or equal to the limit value of some appointments, router is normally worked; When network traffics speed is greater than the limit value of some appointments, router abandons by strategy or congestion control mechanism or postpones extra packet.
Yet rate limit method has not only reduced assailant's attack speed, also reduced the speed of validated user proper communication simultaneously; Rate limit method can not be identified the map entry of malice in mapping buffer memory, and the map entry of malice is present in the mapping buffer memory of couple in router always; The associativity of rate limit method and identifier separating mapping network is poor, is not suitable with the new mapping caching mechanism of introducing of couple in router.
Summary of the invention
The object of this invention is to provide a kind of mapping buffer memory DoS attack defence method based on identifier separating mapping network, it can prevent from accessing overflowing of switch router mapping buffer memory, ensure the continuity of validated user communication, malice map information in identification and filtration access switch router mapping buffer memory, ensure the availability that accesses switch router in identifier separating mapping network, guarantee to access the authenticity of map information entry in switch router mapping buffer memory, thus the fail safe that has improved identifier separating mapping network.
For this reason, the invention provides a kind of mapping buffer memory DoS attack defence method based on identifier separating mapping network, it is characterized in that, comprise the following steps:
1) when access switch router is received after the packet that user terminal sends, if while there is no the map information of packet rs destination address in its mapping buffer memory, access switch router is inquired about corresponding map information to mapping server, map information is stored in mapping buffer memory simultaneously, and sets timer;
2) the map information entry number in mapping buffer memory is increased to after thresholding 1, access switch router triggers puzzle mechanism, in the mapping buffer memory sending for user terminal, there is not each new data packets of its map information, access switch router is utilized the unique puzzle of puzzle algorithm construction, and puzzle is sent to this user terminal;
3) user terminal is received after the puzzle of access switch router transmission, utilizes the suitable CPU time to search the answer of puzzle, and the answer of puzzle is sent to access switch router;
4) access switch router is received after the answer of user terminal transmission, and if the correctness of Validation Answer Key, correct, accesses the switch router inquiry map information of packet rs destination address before; If incorrect, access switch router and simply abandon previous packet;
5) after the map information entry in mapping buffer memory is increased to the thresholding 2 that is greater than thresholding 1, access switch router is calculated the confidence value of the map information that belongs to same user terminal, if the confidence value of map information is less than the limits value of setting, access switch router and delete all map information entries of this user terminal in mapping buffer memory, and filter out this user terminal all packets afterwards.
Preferably, described in be filtered into immediately the malice map entry of removing in mapping buffer memory, or utilize legal map entry to override the map entry of malice.
Preferably, first user terminal must carry out prime factor decomposition computation, then carries out the answer that module exponent interative computation draws puzzle.
Preferably, between each puzzle, be incoherent.
Preferably, large several K, the iterations n that access switch router is decomposed from prime factor, seek scope nonnegative integer l and tetra-aspects of modulus q regulate the difficulty of puzzle mechanism.
According to the present invention, in mapping, two thresholdings are set in buffer memory, when in mapping buffer memory, map information entry number reaches thresholding 1, access switch router triggers puzzle mechanism and slows down advancing the speed of map information entry in mapping buffer memory; When in mapping buffer memory, map information entry number reaches thresholding 2, access switch router is calculated the reliability discriminant of map information and filtering fallacious map information.
The present invention has prevented mapping cache overflow, has ensured the continuity of validated user communication.
Meanwhile, for the mapping buffer memory DoS attack of malicious attacker, the present invention can identify and filter the map information of malice in mapping buffer memory, thereby has ensured the availability of access switch router.
The present invention is directed in identifier separating mapping network and connect the design feature as switch router, utilize the confidence level algorithm of puzzle mechanism and map information, resisted the mapping buffer memory DoS attack that may exist, improved the security reliability of identifier separating mapping network.
Accompanying drawing explanation
Fig. 1 is the mapping buffer memory DoS attack defence method synoptic diagram based on identifier separating mapping network.
Fig. 2 is the workflow schematic diagram of method shown in Fig. 1.
Fig. 3 is puzzle mechanism reciprocal process schematic diagram.
Embodiment
As shown in Figure 1, the present invention sets two threshold values in the mapping buffer memory of access switch router, and thresholding 1 is less than thresholding 2.When the map information entry number in mapping buffer memory reaches thresholding 1, access switch router employing puzzle mechanism slows down the query rate of map information, thereby in reduction mapping buffer memory, map entry advances the speed; When the map entry in mapping buffer memory continues to be increased to thresholding 2, access switch router adopts map information confidence level algorithm to differentiate and filtering fallacious map information entry, prevents from shining upon overflowing of buffer memory, ensures the uninterrupted communication of validated user.
The puzzle mechanism of the method combines prime factor by iterative algorithm decomposes and discrete logarithm problem, is a kind of puzzle algorithm of CPU restricted type, solves the CPU time that puzzle needs right quantity.This puzzle mechanism has following characteristic:
(1) this puzzle algorithm has good calculating guarantee, and first user terminal must carry out prime factor decomposition computation, then carries out the answer that module exponent interative computation draws puzzle, does not have the shortcut that obtains puzzle answer;
(2) easily checking, access switch router only needs once to contrast the checking that can complete puzzle answer; And between each puzzle, be incoherent, can not guess and another puzzle from a puzzle;
(3) controllability of difficulty, has fine and smooth difficulty granularity, and access switch router can regulate the difficulty of puzzle mechanism from four aspects, be respectively large several K, iterations n, seek scope---nonnegative integer l and the modulus q that prime factor decomposes.
The main implementation of puzzle mechanism is as follows:
Step 1: when the entry number of map information reaches thresholding 1 in mapping buffer memory, access switch router is analyzed each newly arrived packet, if do not have the map information of this packet rs destination address in mapping buffer memory, access switch router structure puzzle { K, q, r, l, y
n, Sum} retains the answer x of this puzzle simultaneously
1, then this puzzle is sent to the source host of this packet;
Step 2: source host is received puzzle { K, q, r, l, y
n, after Sum}, by suitable calculating, obtain the answer x ' of puzzle, then the answer of puzzle is sent to corresponding access switch router;
Step 3: when access switch router is received after x ', contrast x
1with x ', if equate, access the map information of switch router inquiry corresponding data bag destination address; If etc., do not access switch router, abandon corresponding data bag.
Access switch router is differentiated the legitimacy of user terminal by calculating the confidence level algorithm of map information, whether shining upon buffer memory DoS attack.If the confidence level that belongs to the map information of a certain user terminal in mapping buffer memory is less than the decision content of prior setting, think that this user terminal is malice; If the confidence level that belongs to the map information of a certain user terminal in mapping buffer memory is greater than the decision content of prior setting, think that this user terminal is legal.The confidence level algorithm of map information is theoretical based on binomial event posterior probability, and it is mainly defined as follows:
Wherein, TV is the confidence value of map information, u is for belonging to the legal map information entry number of a certain user terminal in access switch router mapping buffer memory, v is for belonging to the map information entry number of the malice of same user terminal in access switch router mapping buffer memory.
In access switch router mapping buffer memory, the legitimacy of map information is judged by following principle:
If the timer timing time of a certain map information entry is less than predefined limit value t in mapping buffer memory
mR, think that this map information entry is legal map information entry; If the timer timing time of a certain map information entry is greater than predefined limit value t in mapping buffer memory
mR, think that this map information entry is for map information entry maliciously.
Embodiment 1: as shown in Figure 2, the groundwork flow process of the mapping buffer memory DoS attack defence method based on identifier separating mapping network is as follows:
Step 1: when access switch router is received after the packet that user terminal sends, if while there is no the map information of packet rs destination address in its mapping buffer memory, access switch router is inquired about corresponding map information to mapping server, map information is stored in mapping buffer memory simultaneously, and sets timer;
Step 2: the map information entry number in mapping buffer memory is increased to after thresholding 1, access switch router triggers puzzle mechanism, each new data packets sending for user terminal (not having its map information in mapping buffer memory), access switch router is utilized the unique puzzle of puzzle algorithm construction, and puzzle is sent to this user terminal;
Step 3: user terminal is received after the puzzle of access switch router transmission, utilized the suitable CPU time to search the answer of puzzle, and the answer of puzzle is sent to access switch router;
Step 4: access switch router is received after the answer of user terminal transmission, the correctness of Validation Answer Key, if correct, accesses the switch router inquiry map information of packet rs destination address before; If incorrect, access switch router and simply abandon previous packet;
Step 5: the map information entry in mapping buffer memory is increased to after thresholding 2, access switch router is calculated the confidence value of the map information that belongs to same user terminal, if the confidence value of map information is less than the limits value of setting, access switch router and delete all map information entries of this user terminal in mapping buffer memory, and filter out this user terminal all packets afterwards.
Embodiment 2: it is as described below that the puzzle of the mapping buffer memory DoS attack defence method based on identifier separating mapping network produces algorithm:
First access switch router chooses a series of prime number a
1a
n, by formula (1), calculate large number K.
Choose a large prime number q, at [0, q-1], select a random number r simultaneously.X
1be a random puzzle answer of selecting in [r, (r+l) mod (q-1)] is interval, wherein, l is the variable number of access switch router appointment.
Then, access switch router is by being used formula (2) to calculate y
n.
Formula (2) has successfully used iterative algorithm, the end a of each iteration
ibe a prime factor counting greatly K, wherein, all prime factors of K are pressed ascending sequence and are arranged, for example, if e≤f, so a
e≤ a
f.Iterations i in formula (2) can ensure at sequence x
1to x
nin there is not loop cycle.Reason is as follows: iff using discrete logarithm equation
due to modulo operation, at sequence x
1to x
nin just may there is the circulation in cycle, i.e. x
l=x
l+c.Therefore,, when malicious attacker is found the circulation law of iterative process, just may find shortcut and escape a large amount of calculating consumption.
In addition, owing to having introduced modular arithmetic, at interval [r, (r+l) mod (q-1)], may there is different x
1after equation (2), obtain same y
n.In order to address this problem, access switch router utilizes formula (3) to calculate all x
iand Sum:
So far, puzzle produces algorithm and finishes, and corresponding puzzle collection is { K, q, r, l, y
n, Sum}.
Embodiment 3: in the mapping buffer memory DoS attack defence method based on identifier separating mapping network, puzzle verification method is as described below:
When a user terminal receives that, after the puzzle of access switch router, first the prime factor of calculating K decomposes, and obtains all prime factor a
1a
n.Then, according to equation (2) and (3), user terminal is carried out Brute Force and is searched candidate's puzzle answer x ' at interval [r, (r+l) mod (q-1)], and calculates y
n' and Sum '.If y
n'=y
nand Sum '=Sum, user terminal thinks that x ' is the answer of puzzle, then sends to x ' access switch router.
When access switch router, receive the puzzle answer x ' that user terminal calculates, only need the x that contrasts x ' and oneself retain
1.If both are consistent, access the map information of switch router inquiry corresponding data bag destination address; If both are inconsistent, access switch router and abandon corresponding data bag.
Embodiment 4: Fig. 3 has described the reciprocal process of puzzle mechanism in the mapping buffer memory DoS attack defence method based on identifier separating mapping network, specific as follows:
Step 1: when the entry number of map information reaches thresholding 1 in mapping buffer memory, access switch router is analyzed each newly arrived packet, if do not have the map information of this packet rs destination address in mapping buffer memory, access switch router structure puzzle { K, q, r, l, y
n, Sum} retains the answer x of this puzzle simultaneously
1, then this puzzle is sent to the source host of this packet;
Step 2: user terminal is received puzzle { K, q, r, l, y
n, after Sum}, by the calculating of Brute Force, obtain the answer x ' of puzzle, then the answer of puzzle is sent to corresponding access switch router;
Step 3: when access switch router is received after x ', contrast x
1with x ', if equate, access the map information of switch router inquiry corresponding data bag destination address; If etc., do not access switch router, abandon corresponding data bag.
Embodiment 5: when the map information entry number in mapping buffer memory is increased to thresholding 2, the confidence level algorithm of access switch router triggering map information is differentiated the confidence level of the map information that belongs to same user terminal, and specific algorithm is as described below:
In the mapping buffer memory of access switch router, each map information all has its time-out time of timer record, thereby judges whether delete corresponding entry.Generally, normal communication behavior is continuous two-way, and its information interaction time delay is average packet round-trip delay Round Trip Time (RTT).Therefore, the timing time of a legal map entry should change within 0 to maximum RTT time.On the contrary, mapping buffer memory DoS attack is unidirectional discontinuous behavior, and its main purpose is to utilize a large amount of useless map information entries to occupy mapping spatial cache, causes mapping cache overflow.Therefore, the timing time of these map information entries will increase until Time-to-Live value always.Based on this basic principle, the present invention defines map information confidence level and calculates as described in formula (4).
Formula (4) is theoretical based on binomial event posterior probability.Wherein, TV is the confidence value of map information, u is for belonging to the legal map information entry number of a certain user terminal in access switch router mapping buffer memory, v is for belonging to the map information entry number of the malice of same user terminal in access switch router mapping buffer memory.
In access switch router mapping buffer memory, the legitimacy of map information entry is judged by following principle:
If the timer timing time of a certain map information entry is less than predefined limit value t in mapping buffer memory
mR, think that this map information entry is legal map information entry; If the timer timing time of a certain map information entry is greater than predefined limit value t in mapping buffer memory
mR, think that this map information entry is for map information entry maliciously.
Consider situation below: if a legal user terminal has a large amount of map information entries, the timing time scope of these map information entries is at t
mRand between Time-to-Live value, having map information entry seldom simultaneously, the timing time scope of these map information entries is 0 to t
mRbetween.Therefore, if the map information confidence value of calculating according to formula (4) may be very low.In order to reduce this rate of false alarm, the present invention's regulation surpasses a limit value N when belonging to the map information entry number of same user terminal
ttime, access switch router is just calculated the confidence value of this user terminal map information.
For the access switch router mapping buffer memory DoS attack that prevents from may existing in identifier separating mapping network, the invention provides a kind of mapping buffer memory DoS attack defence method based on identifier separating mapping network, the method combines the feature of identity and position separation system structure in identifier separating mapping network, in the mapping buffer memory of access switch router, double threshold mechanism is set and prevents from shining upon overflowing of buffer memory.Thresholding 1 triggers the query rate that puzzle mechanism slows down map information, thereby reduces the recruitment of map information entry in mapping buffer memory; Thresholding 2 triggers the filtering fallacious map entry that map information confidence level algorithm is differentiated.
The present invention has ensured the availability that accesses switch router in identifier separating mapping network, guaranteed the authenticity of map entry in access switch router mapping buffer memory, prevent mapping buffer memory DoS attack, improved the safety and reliability of identifier separating mapping network.
According to the present invention, puzzle mechanism can replace by other puzzle mechanism, can reach equally the object of the query rate that slows down map information.
According to the present invention, filtering technique can be both the malice map entry of removing immediately in mapping buffer memory, can be also to utilize legal map entry to override the map entry of malice.
The present invention, in conjunction with the feature separated with position of identity in identifier separating mapping network, adopts double threshold mechanism to prevent from shining upon overflowing of buffer memory in the mapping buffer memory of access switch router.When the map entry number in mapping buffer memory reaches thresholding 1, access switch router adopts puzzle mechanism to slow down the query rate of map information, thereby reduces the recruitment of map entry in mapping buffer memory; When the map information entry number in mapping buffer memory reaches thresholding 2, access switch router adopts map information confidence level algorithm to differentiate and filtering fallacious map information entry.
The present invention sets two thresholdings in the mapping buffer memory of access switch router, and thresholding 1 value is less than thresholding 2 values.
Puzzle mechanism of the present invention is decomposed quality factor and discrete logarithm perfect adaptation by iterative algorithm, is a kind of CPU restricted type puzzle algorithm, needs the CPU time of right quantity to calculate puzzle answer.
Puzzle mechanism of the present invention has following characteristic:
(1) this puzzle algorithm has good calculating guarantee, does not have the shortcut that obtains puzzle answer;
(2) easily checking, and between puzzle, be incoherent;
(3) controllability of difficulty, has fine and smooth difficulty granularity.
In the design of puzzle mechanism, access switch router can regulate the difficulty of puzzle mechanism from four aspects, be respectively large several K, iterations n, seek scope---nonnegative integer l and the modulus q that prime factor decomposes.
Access switch router is differentiated the legitimacy of user terminal by calculating the confidence level algorithm of map information, whether shining upon buffer memory DoS attack, specific as follows: if belong to the decision content that the confidence level of the map information of a certain user terminal is less than prior setting in mapping buffer memory, to think that this user terminal is malice; If the confidence level that belongs to the map information of a certain user terminal in mapping buffer memory is greater than the decision content of prior setting, think that this user terminal is legal.
The confidence level computational methods of map information are theoretical based on binomial event posterior probability, considered to belong to the legal map information entry number of a certain user terminal and the map information entry number of malice in access switch router mapping buffer memory simultaneously.
In access switch router mapping buffer memory, the legitimacy of map information is judged by following principle: if the timer timing time of a certain map information entry is less than predefined limit value t in mapping buffer memory
mR, think that this map information entry is legal map information entry; If the timer timing time of a certain map information entry is greater than predefined limit value t in mapping buffer memory
mR, think that this map information entry is for map information entry maliciously.
Claims (5)
1. the mapping buffer memory DoS attack defence method based on identifier separating mapping network, is characterized in that, comprises the following steps:
1) when access switch router is received after the packet that user terminal sends, if while there is no the map information of packet rs destination address in its mapping buffer memory, access switch router is inquired about corresponding map information to mapping server, map information is stored in mapping buffer memory simultaneously, and sets timer;
2) the map information entry number in mapping buffer memory is increased to after thresholding 1, access switch router triggers puzzle mechanism, in the mapping buffer memory sending for user terminal, there is not each new data packets of the map information of the packet rs destination address that user terminal sends, access switch router is utilized the unique puzzle of puzzle algorithm construction, and puzzle is sent to this user terminal;
3) user terminal is received after the puzzle of access switch router transmission, utilizes the suitable CPU time to search the answer of puzzle, and the answer of puzzle is sent to access switch router;
4) access switch router is received after the answer of user terminal transmission, and if the correctness of Validation Answer Key, correct, accesses the switch router inquiry map information of packet rs destination address before; If incorrect, access switch router and simply abandon previous packet;
5) after the map information entry in mapping buffer memory is increased to the thresholding 2 that is greater than thresholding 1, access switch router is calculated the confidence value of the map information that belongs to same user terminal, if the confidence value of map information is less than the limits value of setting, access switch router and delete all map information entries of this user terminal in mapping buffer memory, and filter out this user terminal all packets afterwards.
2. the mapping buffer memory DoS attack defence method based on identifier separating mapping network as claimed in claim 1, it is characterized in that, described being filtered into removed the malice map entry shining upon in buffer memory immediately, or utilizes legal map entry to override the map entry of malice.
3. the mapping buffer memory DoS attack defence method based on identifier separating mapping network as claimed in claim 1, is characterized in that, first user terminal must carry out prime factor decomposition computation, then carries out the answer that module exponent interative computation draws puzzle.
4. the mapping buffer memory DoS attack defence method based on identifier separating mapping network as claimed in claim 1, is characterized in that, between each puzzle, is incoherent.
5. the mapping buffer memory DoS attack defence method based on identifier separating mapping network as claimed in claim 1, it is characterized in that, large several K, the iterations n that access switch router is decomposed from prime factor, seek scope nonnegative integer l and tetra-aspects of modulus q regulate the difficulty of puzzle mechanism.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110306435.5A CN102355465B (en) | 2011-10-11 | 2011-10-11 | Mapping cache DoS (Disc operating System) attack defense method based on identification, separation and mapping network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110306435.5A CN102355465B (en) | 2011-10-11 | 2011-10-11 | Mapping cache DoS (Disc operating System) attack defense method based on identification, separation and mapping network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102355465A CN102355465A (en) | 2012-02-15 |
| CN102355465B true CN102355465B (en) | 2014-03-19 |
Family
ID=45578960
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110306435.5A Active CN102355465B (en) | 2011-10-11 | 2011-10-11 | Mapping cache DoS (Disc operating System) attack defense method based on identification, separation and mapping network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102355465B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553662A (en) * | 2003-06-08 | 2004-12-08 | 华为技术有限公司 | Method for preventing refusal service attack |
| CN101616129A (en) * | 2008-06-27 | 2009-12-30 | 成都市华为赛门铁克科技有限公司 | The methods, devices and systems of anti-network attack flow overload protection |
| CN101702727A (en) * | 2009-11-25 | 2010-05-05 | 北京交通大学 | Method for defending against DDos in address disjunction mapping network |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100499451C (en) * | 2003-08-26 | 2009-06-10 | 中兴通讯股份有限公司 | Network communication safe processor and its data processing method |
-
2011
- 2011-10-11 CN CN201110306435.5A patent/CN102355465B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553662A (en) * | 2003-06-08 | 2004-12-08 | 华为技术有限公司 | Method for preventing refusal service attack |
| CN101616129A (en) * | 2008-06-27 | 2009-12-30 | 成都市华为赛门铁克科技有限公司 | The methods, devices and systems of anti-network attack flow overload protection |
| CN101702727A (en) * | 2009-11-25 | 2010-05-05 | 北京交通大学 | Method for defending against DDos in address disjunction mapping network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102355465A (en) | 2012-02-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11507569B2 (en) | Methods for extending a proof-of-space-time blockchain | |
| CN109005157B (en) | DDoS attack detection and defense method and system in software defined network | |
| Dai et al. | Finding persistent items in data streams | |
| US10560471B2 (en) | Detecting web exploit kits by tree-based structural similarity search | |
| Bagui et al. | Using machine learning techniques to identify rare cyber‐attacks on the UNSW‐NB15 dataset | |
| US8650646B2 (en) | System and method for optimization of security traffic monitoring | |
| US20180069883A1 (en) | Detection of Known and Unknown Malicious Domains | |
| CN101789931B (en) | Network intrusion detection system and method based on data mining | |
| CN100531213C (en) | Network safety protective method for preventing reject service attack event | |
| US7669241B2 (en) | Streaming algorithms for robust, real-time detection of DDoS attacks | |
| CN105554016A (en) | Network attack processing method and device | |
| CN110691104A (en) | Vehicle-mounted CAN bus self-adaptive intrusion detection method based on message period characteristics | |
| CN106357641A (en) | Method and device for defending interest flooding attacks in information centric network | |
| Siracusano et al. | Detection of LDDoS attacks based on TCP connection parameters | |
| CN102984178B (en) | The detection method of data message and device | |
| CN103546465A (en) | Data flow circle monitoring based LDoS (low-rate denial of service) attack detection and defense method | |
| CN108566363A (en) | Method and system is determined based on the Brute Force of streaming computing | |
| Ben Basat et al. | Fast flow volume estimation | |
| Ponec et al. | Highly efficient techniques for network forensics | |
| US20150331808A1 (en) | Packet capture deep packet inspection sensor | |
| Wu et al. | Efficient large flow detection over arbitrary windows: An algorithm exact outside an ambiguity region | |
| CN102355465B (en) | Mapping cache DoS (Disc operating System) attack defense method based on identification, separation and mapping network | |
| CN105488394B (en) | A kind of method and system that intrusion behavior identification and classification are carried out towards honey pot system | |
| CN113709097B (en) | Network risk sensing method and defense method | |
| Sannomiya et al. | Cardinality counting circuit for real-time abnormal traffic detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20160519 Address after: 100044, Beijing, Haidian District sorghum Bridge oblique Street No. 59, No. 1, building 16, 1606 Patentee after: CHINA HIGH-SPEED RAILWAY TECHNOLOGY CO.,LTD. Address before: 100044 Beijing city Haidian District Shangyuan Village No. 3 Patentee before: Beijing Jiaotong University |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20211202 Address after: 100083 2-305-18-7, 3 / F, building 2, yard 59, gaoliangqiaoxie street, Haidian District, Beijing Patentee after: BEIJING DPSHEEN ORBITAL TECHNOLOGY CO.,LTD. Address before: 100044 1606, 16th floor, building 1, yard 59, gaoliangqiaoxie street, Haidian District, Beijing Patentee before: CHINA HIGH-SPEED RAILWAY TECHNOLOGY CO.,LTD. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240322 Address after: 100044 1606, 16 / F, Zhongkun building, No.59 courtyard, gaoliangqiaoxie street, Haidian District, Beijing Patentee after: CHINA HIGH-SPEED RAILWAY TECHNOLOGY CO.,LTD. Country or region after: China Address before: 100083 2-305-18-7, 3 / F, building 2, yard 59, gaoliangqiaoxie street, Haidian District, Beijing Patentee before: BEIJING DPSHEEN ORBITAL TECHNOLOGY CO.,LTD. Country or region before: China |