CN103001972A - Ddos攻击的识别方法和识别装置及防火墙 - Google Patents
Ddos攻击的识别方法和识别装置及防火墙 Download PDFInfo
- Publication number
- CN103001972A CN103001972A CN2012105721568A CN201210572156A CN103001972A CN 103001972 A CN103001972 A CN 103001972A CN 2012105721568 A CN2012105721568 A CN 2012105721568A CN 201210572156 A CN201210572156 A CN 201210572156A CN 103001972 A CN103001972 A CN 103001972A
- Authority
- CN
- China
- Prior art keywords
- count
- log
- subwindow
- bloom filter
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 230000000977 initiatory effect Effects 0.000 claims description 8
- 238000004364 calculation method Methods 0.000 description 13
- 238000005516 engineering process Methods 0.000 description 13
- 238000005070 sampling Methods 0.000 description 13
- 238000010586 diagram Methods 0.000 description 6
- 238000012544 monitoring process Methods 0.000 description 5
- 239000003795 chemical substances by application Substances 0.000 description 4
- 238000001514 detection method Methods 0.000 description 4
- 239000003999 initiator Substances 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000002045 lasting effect Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Claims (16)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210572156.8A CN103001972B (zh) | 2012-12-25 | 2012-12-25 | Ddos攻击的识别方法和识别装置及防火墙 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210572156.8A CN103001972B (zh) | 2012-12-25 | 2012-12-25 | Ddos攻击的识别方法和识别装置及防火墙 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103001972A true CN103001972A (zh) | 2013-03-27 |
CN103001972B CN103001972B (zh) | 2015-11-25 |
Family
ID=47930116
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210572156.8A Active CN103001972B (zh) | 2012-12-25 | 2012-12-25 | Ddos攻击的识别方法和识别装置及防火墙 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103001972B (zh) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104125242A (zh) * | 2014-08-18 | 2014-10-29 | 北京阅联信息技术有限公司 | 识别伪装ldns请求的ddos攻击的防护方法及装置 |
CN106027546A (zh) * | 2016-06-28 | 2016-10-12 | 华为技术有限公司 | 网络攻击的检测方法、装置及系统 |
WO2016188294A1 (zh) * | 2015-05-28 | 2016-12-01 | 阿里巴巴集团控股有限公司 | 一种网络攻击处理方法和装置 |
CN106293889A (zh) * | 2015-06-05 | 2017-01-04 | 北京国双科技有限公司 | 一种控制滑动窗口移动的方法及装置 |
CN107454052A (zh) * | 2016-05-31 | 2017-12-08 | 华为技术有限公司 | 网络攻击检测方法以及攻击检测装置 |
CN111669359A (zh) * | 2019-03-09 | 2020-09-15 | 深圳市锐速云计算有限公司 | 一种新型网络攻击处理方法及装置 |
CN111818049A (zh) * | 2020-07-08 | 2020-10-23 | 宝牧科技(天津)有限公司 | 一种基于马尔可夫模型的僵尸网络流量检测方法及系统 |
CN112751869A (zh) * | 2020-12-31 | 2021-05-04 | 中国人民解放军战略支援部队航天工程大学 | 基于滑动窗口群的网络异常流量检测方法及装置 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101388885A (zh) * | 2008-07-23 | 2009-03-18 | 成都市华为赛门铁克科技有限公司 | 分布式拒绝服务攻击的检测方法和系统 |
CN101459677A (zh) * | 2009-01-09 | 2009-06-17 | 北京邮电大学 | 一种sip消息洪泛攻击的检测装置和检测方法 |
CN101753381A (zh) * | 2009-12-25 | 2010-06-23 | 华中科技大学 | 一种检测网络攻击行为的方法 |
CN102014031A (zh) * | 2010-12-31 | 2011-04-13 | 湖南神州祥网科技有限公司 | 一种网络流量异常检测方法及系统 |
-
2012
- 2012-12-25 CN CN201210572156.8A patent/CN103001972B/zh active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101388885A (zh) * | 2008-07-23 | 2009-03-18 | 成都市华为赛门铁克科技有限公司 | 分布式拒绝服务攻击的检测方法和系统 |
CN101459677A (zh) * | 2009-01-09 | 2009-06-17 | 北京邮电大学 | 一种sip消息洪泛攻击的检测装置和检测方法 |
CN101753381A (zh) * | 2009-12-25 | 2010-06-23 | 华中科技大学 | 一种检测网络攻击行为的方法 |
CN102014031A (zh) * | 2010-12-31 | 2011-04-13 | 湖南神州祥网科技有限公司 | 一种网络流量异常检测方法及系统 |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104125242A (zh) * | 2014-08-18 | 2014-10-29 | 北京阅联信息技术有限公司 | 识别伪装ldns请求的ddos攻击的防护方法及装置 |
WO2016188294A1 (zh) * | 2015-05-28 | 2016-12-01 | 阿里巴巴集团控股有限公司 | 一种网络攻击处理方法和装置 |
CN106302347A (zh) * | 2015-05-28 | 2017-01-04 | 阿里巴巴集团控股有限公司 | 一种网络攻击处理方法和装置 |
CN106302347B (zh) * | 2015-05-28 | 2019-11-05 | 阿里巴巴集团控股有限公司 | 一种网络攻击处理方法和装置 |
CN106293889A (zh) * | 2015-06-05 | 2017-01-04 | 北京国双科技有限公司 | 一种控制滑动窗口移动的方法及装置 |
CN106293889B (zh) * | 2015-06-05 | 2019-11-19 | 北京国双科技有限公司 | 一种控制滑动窗口移动的方法及装置 |
CN107454052A (zh) * | 2016-05-31 | 2017-12-08 | 华为技术有限公司 | 网络攻击检测方法以及攻击检测装置 |
CN106027546A (zh) * | 2016-06-28 | 2016-10-12 | 华为技术有限公司 | 网络攻击的检测方法、装置及系统 |
CN111669359A (zh) * | 2019-03-09 | 2020-09-15 | 深圳市锐速云计算有限公司 | 一种新型网络攻击处理方法及装置 |
CN111818049A (zh) * | 2020-07-08 | 2020-10-23 | 宝牧科技(天津)有限公司 | 一种基于马尔可夫模型的僵尸网络流量检测方法及系统 |
CN112751869A (zh) * | 2020-12-31 | 2021-05-04 | 中国人民解放军战略支援部队航天工程大学 | 基于滑动窗口群的网络异常流量检测方法及装置 |
CN112751869B (zh) * | 2020-12-31 | 2023-07-14 | 中国人民解放军战略支援部队航天工程大学 | 基于滑动窗口群的网络异常流量检测方法及装置 |
Also Published As
Publication number | Publication date |
---|---|
CN103001972B (zh) | 2015-11-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103001972B (zh) | Ddos攻击的识别方法和识别装置及防火墙 | |
Roschke et al. | A new alert correlation algorithm based on attack graph | |
CN106506242B (zh) | 一种网络异常行为和流量监测的精确定位方法与系统 | |
CN109600363A (zh) | 一种物联网终端网络画像及异常网络访问行为检测方法 | |
US10701076B2 (en) | Network management device at network edge for INS intrusion detection based on adjustable blacklisted sources | |
CN104734916B (zh) | 一种基于tcp协议的高效多级异常流量检测方法 | |
CN107454039B (zh) | 网络攻击检测系统、方法和计算机可读存储介质 | |
CN110138788A (zh) | 一种基于深度指标的脆弱性攻击代价定量评估方法 | |
CN103139166A (zh) | 基于小信号检测理论的LDoS攻击检测方法 | |
Yan et al. | Low-rate dos attack detection based on improved logistic regression | |
Chen et al. | DDoS attack detection method based on network abnormal behaviour in big data environment | |
CN100379201C (zh) | 可控计算机网络的分布式黑客追踪的方法 | |
Ran et al. | Defending saturation attacks on SDN controller: A confusable instance analysis-based algorithm | |
CN107864110A (zh) | 僵尸网络主控端检测方法和装置 | |
KR20170054215A (ko) | 넷플로우 기반 연결 핑거프린트 생성 및 경유지 역추적 방법 | |
CN103501302A (zh) | 一种蠕虫特征自动提取的方法及系统 | |
CN106375351B (zh) | 一种异常域名检测的方法及装置 | |
Moustafa et al. | RCNF: Real-time collaborative network forensic scheme for evidence analysis | |
CN108494791A (zh) | 一种基于Netflow日志数据的DDOS攻击检测方法及装置 | |
CN117375942A (zh) | 基于节点清洗防范DDoS攻击的方法及装置 | |
Zali et al. | Real-time intrusion detection alert correlation and attack scenario extraction based on the prerequisite-consequence approach | |
CN106817268B (zh) | 一种ddos攻击的检测方法及系统 | |
Aparicio-Navarro et al. | An on-line wireless attack detection system using multi-layer data fusion | |
KR100656340B1 (ko) | 비정상 트래픽 정보 분석 장치 및 그 방법 | |
Zheng et al. | Segment detection algorithm: CAN bus intrusion detection based on bit constraint |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C53 | Correction of patent of invention or patent application | ||
CB02 | Change of applicant information |
Address after: 215163 Jiangsu city of Suzhou province high tech Industrial Development Zone, kolding Road No. 78 Su Gaoxin Software Park Building 7 layer 3 Applicant after: HILLSTONE NETWORKS Address before: 215163 Jiangsu city of Suzhou province high tech Zone (Suzhou city) kolding Road No. 78 Gaoxin Software Park Building 7 floor 3 Applicant before: Suzhou Shanshi Network Co., Ltd. |
|
COR | Change of bibliographic data |
Free format text: CORRECT: APPLICANT; FROM: SUZHOU SHANSHI NETWORK CO., LTD. TO: HILLSTONE NETWORKS COMMUNICATION TECHNOLOGY CO., LTD. |
|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C41 | Transfer of patent application or patent right or utility model | ||
TR01 | Transfer of patent right |
Effective date of registration: 20160824 Address after: 100083 Beijing city Haidian District Wangzhuang Road No. 1 Building No. 4 hospital (Tsinghua Tongfang Technology Plaza, D block 6 layer 0615) Patentee after: BEIJING HILLSTONE NETWORKS INFORMATION TECHNOLOGY CO., LTD. Address before: 215163 Jiangsu city of Suzhou province high tech Industrial Development Zone, kolding Road No. 78 Su Gaoxin Software Park Building 7 layer 3 Patentee before: HILLSTONE NETWORKS |
|
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20220113 Address after: 100192 room 101-01, 5 / F, 20 / F, yard 1, Baosheng South Road, Haidian District, Beijing Patentee after: BEIJING HILLSTONE NETWORKS INFORMATION TECHNOLOGY Co.,Ltd. Patentee after: Jingyi Zhiyuan (Wuhan) Information Technology Co., Ltd; Address before: 100083 0615, 6th floor, building 4, No.1 courtyard, Wangzhuang Road, Haidian District, Beijing Patentee before: BEIJING HILLSTONE NETWORKS INFORMATION TECHNOLOGY Co.,Ltd. |