CN103441946A - CPU-protecting mass-flow attack identification method and device - Google Patents
CPU-protecting mass-flow attack identification method and device Download PDFInfo
- Publication number
- CN103441946A CN103441946A CN2013103988174A CN201310398817A CN103441946A CN 103441946 A CN103441946 A CN 103441946A CN 2013103988174 A CN2013103988174 A CN 2013103988174A CN 201310398817 A CN201310398817 A CN 201310398817A CN 103441946 A CN103441946 A CN 103441946A
- Authority
- CN
- China
- Prior art keywords
- message
- cpu
- type
- rate
- large flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a CPU-protecting mass-flow attack identification method and device. The method includes: dividing messages which need to be processed by a CPU into different types; acquiring a real-time rate at which messages of each type are uploaded to the CPU; judging whether the real-time rate of the messages of each type exceeds a filtering rate of the messages of the type; if the real-time rate exceeds the filtering rate, abandoning the messages of the type exceeding the filtering rate and adjusting the filtering rate of the messages of the type into a preset minimum rate; and if the real-time rate does not exceed the filtering rate, allowing the messages of the type to be uploaded to the CPU. The CPU-protecting mass-flow attack identification method and device enable the messages to be classified into different types and the real-time rates of the messages to be calculated, rates of the messages of different types to be limited, and an alarm to be sent for messages with overly high speeds and reception rates to be automatically adjusted so that the CPU is protected from attacks by mass flow and affects of an overly high speed of messages of a specific type on messages of other types are prevented.
Description
Technical field
The invention belongs to the electronic communication field, relate to a kind of CPU guard method and device, particularly a kind of large flow attacking recognition methods and device of protecting CPU.
Background technology
Development along with network technology; current various network device particularly access layer equipment type of message to be processed is more and more; the thing followed is that the CPU pressure that will bear is increasing; CPU also likely is subject to the large flow attacking of malice simultaneously, protects the large flow attacking identification of CPU just to seem especially important for this reason.
Existing resist technology mainly contains two kinds, a kind of is method and apparatus as the application number protection CPU that is 201110251229.9, this scheme is to control too much message up sending to CPU at forwarding plane, and the specific implementation process comprises: the time period T1 inner port of 1) adding up default is sent to the message amount of CPU; 2) more described message amount and described port allow to send to the maximum message segment quantity of CPU; 3) when described message amount is greater than maximum message segment quantity, in ensuing time period T2, abandon and send the message that port that message amount is greater than maximum message segment quantity is sent to CPU, return to step 1).
Another kind is CPU guard method and the device thereof that application number is 200910226207.X, this scheme is to control the speed that receives message on the CPU receive direction, the specific implementation process comprises: send to the message amount of CPU by statistical unit in the time, obtain CPU packet receiving speed; According to the inverse relation of CPU packet receiving speed and CPU usage threshold value, determine the CPU usage threshold value of using in described CPU packet receiving rate situation; According to the CPU usage threshold value of determining and the current occupancy of CPU, judge whether to be protected CPU, and when adjudicating when being, restriction CPU packet receiving speed.
In above-mentioned two kinds of CPU protection schemes, for total message rate, controlled, so there will be the excessive situation that will have influence on the reception of all the other all messages of message rate of a type.As in a particular network environment, the message of a certain type, such as protocol massages, their message numbers within a certain cycle are limited, after total message number is controlled, once the protocol massages number of this type surpasses normal value, the total message number that just likely makes CPU receive exceeds the control threshold value, and now system will judge that CPU is subject to large flow attacking.Therefore, the control method of existing CPU protection scheme is flexible not enough.
Summary of the invention
The shortcoming of prior art in view of the above, the object of the present invention is to provide large flow attacking recognition methods and the device of a kind of CPU of protection, for solving the problem of prior art CPU protection scheme underaction.
Reach for achieving the above object other relevant purposes, the invention provides large flow attacking recognition methods and the device of a kind of CPU of protection.
A kind of large flow attacking recognition methods of protecting CPU, the large flow attacking recognition methods of described protection CPU comprises:
To the message classified types that needs CPU to process; Determine that the message after type is called type message;
Gather the each type message and upload the real time rate of CPU;
Judge whether the real time rate of each type message surpasses the filtering rate of this type of message;
If surpass, will be over this type of packet loss of filtering rate, and the filtering rate of adjusting this type of message is default minimum-rate;
If do not surpass, allow this type of message normally to upload CPU.
Preferably, the described port numbers according to the protocol type that comprises message, message input CPU to the message classified types is or/and the vlan number of message.
Preferably, the large flow attacking recognition methods of described protection CPU also comprises: if the real time rate of certain type message surpasses the default maximum rate of described type message, send large flow attacking alarm.
Preferably, the process that the described type message of described permission is normally uploaded CPU comprises: whether the filtering rate that the type message of CPU is normally uploaded in judgement is default minimum-rate, if adjust the filtering rate of described type message for default maximum rate, then upload described type message; Otherwise directly upload described type message.
Preferably, the process that described collection each type message is uploaded the real time rate of CPU comprises:
1) receive a kind of type message, obtain the current time of reception;
Whether the difference that 2) judges the current time of reception and timing zero hour is less than 1 second, if this type of message count pick up adds 1, this count value is the real time rate of current described type message, then returns to step 1); If not, upgrading timing zero hour is the current time of reception, and count value is reset to 1, returns to step 1) and starts the next count cycle.
A kind of large flow attacking recognition device of protecting CPU, the large flow attacking recognition device of described protection CPU is a preprocessor, described preprocessor comprises: the message receiver module receives the whole messages that are uploaded to CPU; The type of message definition module, be connected with described message receiver module, to the message classified types that needs CPU to process; The speed acquisition module, be connected with described type of message definition module, gathers the real time rate that the each type message is uploaded CPU; Comparison module, be connected with described speed acquisition module, judges whether the real time rate of each type message surpasses the filtering rate of this type of message; Processing module, be connected with described comparison module, will be over this type of packet loss of filtering rate; Or this type of message that will not surpass filtering rate normally uploaded CPU; The filtering rate adjusting module, be connected with described comparison module, and when the real time rate of certain type message surpasses the filtering rate of this type of message, the filtering rate of adjusting this type of message is default minimum-rate; When the real time rate of certain type message is less than the default maximum rate of this type of message, to attack while removing, the filtering rate of adjusting this type of message is default maximum rate.
Preferably, whole messages of the described CPU of being uploaded to comprise the message that needs CPU to process and the message that does not need CPU to process.
Preferably, described preprocessor comprises an alarm module, and described alarm module is connected with described comparison module, sends large flow attacking alarm when the real time rate of certain type message surpasses the default maximum rate of this type of message.
Preferably, described processing module also comprises: discarding unit, with described comparison module, be connected, and will abandon over the type message of filtering rate; Uploading unit, be connected with described comparison module, and the type message that does not surpass filtering rate is normally uploaded to CPU; The filtering rate control unit, with described uploading unit, with described filtering rate adjusting module, be connected, judge whether the described filtering rate of normally uploading the type message of CPU is default minimum-rate, if control described filtering rate adjusting module, the described filtering rate of normally uploading the type message of CPU is adjusted into to default maximum rate.
Preferably, described speed acquisition module comprises: timing unit, the moment of recording the described type message of current reception; The difference comparing unit, be connected with described timing unit, and whether the moment that judges the described type message of described current reception is less than 1 second with the difference of the timing zero hour; Counting unit, be connected with described difference comparing unit, in the situation that described difference is less than 1 second count value, adds 1, otherwise upgrade timing zero hour, is the current time of reception, and counting is reset to 1, starts the next count cycle.
As mentioned above, large flow attacking recognition methods and the device of protection CPU of the present invention have following beneficial effect:
The present invention can accurately be classified to message; calculate the real time rate of message; carry out speed limit for various messages; for speed, excessive message carries out alarm and automatically adjusts receiving velocity; both protect CPU not to be subject to large flow attacking, and avoided again the excessive transmission to the other types message of a certain type message speed to impact.
The accompanying drawing explanation
The schematic flow sheet of the large flow attacking recognition methods that Fig. 1 is protection CPU of the present invention.
Fig. 2 is the idiographic flow schematic diagram that every type of message of collection of the present invention is uploaded the real time rate of CPU.
Fig. 3 is the idiographic flow schematic diagram that type message of the present invention is normally uploaded CPU.
The structured flowchart of the large flow attacking recognition device that Fig. 4 is protection CPU of the present invention.
The structured flowchart of the speed acquisition module in the large flow attacking recognition device that Fig. 5 is protection CPU of the present invention.
The structured flowchart of the processing module in the large flow attacking recognition device that Fig. 6 is protection CPU of the present invention.
The element numbers explanation
100 preprocessors
110 message receiver modules
120 type of message definition modules
130 speed acquisition modules
131 timing units
132 difference comparing units
133 counting units
140 comparison modules
150 filtering rate adjusting modules
160 processing modules
161 discarding unit
162 uploading unit
163 filtering rate control units
170 alarm modules
Embodiment
Below, by specific instantiation explanation embodiments of the present invention, those skilled in the art can understand other advantages of the present invention and effect easily by the disclosed content of this specification.The present invention can also be implemented or be applied by other different embodiment, and the every details in this specification also can be based on different viewpoints and application, carries out various modifications or change not deviating under spirit of the present invention.
Refer to accompanying drawing.It should be noted that, the diagram provided in the present embodiment only illustrates basic conception of the present invention in a schematic way, satisfy in graphic and only show with assembly relevant in the present invention but not component count, shape and size drafting while implementing according to reality, during its actual enforcement, kenel, quantity and the ratio of each assembly can be a kind of random change, and its assembly layout kenel also may be more complicated.
Below in conjunction with embodiment and accompanying drawing, the present invention is described in detail.
Embodiment mono-
The present embodiment provides the large flow attacking recognition methods of a kind of CPU of protection, and as shown in Figure 1, the large flow attacking recognition methods of described protection CPU comprises:
To the message classified types that needs CPU to process, determine that the message after type is called type message.Further, the described port numbers according to the protocol type that comprises message, message input CPU to the message classified types is or/and the vlan number of message.The definition of type of message needs message to be processed according to coming from CPU, for the message the present invention who needs CPU to process, just defines its type, and regulation CPU allows the speed of reception & disposal; For the message that does not need clearly to classify, the present invention can unified definition be " other " type, such as following definition:
Protection scope of the present invention is not limited to several division foundations that the present embodiment is enumerated, and every message is classified all comprising within the scope of the invention that rate identification controls.
Gather the each type message and upload the real time rate of CPU.Further, as shown in Figure 2, the detailed process that described collection each type message is uploaded the real time rate of CPU comprises:
(1) receive described type message, obtain the current time of reception;
(2) whether the difference that judges the current time of reception and timing zero hour is less than 1 second, if described type message count pick up adds 1, the value of current counting is the real time rate that current described type message is uploaded CPU, then returns to step (1); If not, more New count zero hour is the current time of reception, and count value is reset to 1, starts the next count cycle.
Protection scope of the present invention is not limited to the message rate acquisition mode that the present embodiment is enumerated, and everyly can realize that the mode of message rate collection all comprises within the scope of the invention.
Judge whether the real time rate of each type message surpasses the filtering rate of this type of message.The each type message has its corresponding filtering rate, default maximum rate and default minimum-rate.Further, suppose to have 3 types of messages, be respectively category-A type message, category-B type message, C type message; Accordingly, the filtering rate of category-A type message is speed A; The filtering rate of category-B type message is speed B; The filtering rate of C type message is speed C; The concrete the performance whether real time rate that judges the each type message surpasses the filtering rate of this type of message is: judge that whether the speed of category-A type message is over speed A, whether the speed that judges category-B type message surpasses speed B, judges whether the speed of C type message surpasses speed C.
Will be over this type of packet loss of filtering rate if surpass, and the filtering rate of adjusting this type of message is for presetting minimum-rate.Further, if the real time rate of this type of message surpasses the default maximum rate of this type of message, send large flow attacking alarm.
If do not surpass and allow this type of message normally to upload CPU.Further, as shown in Figure 3, the specific implementation step that this type of message of described permission normally uploaded CPU also comprises: judge whether the described filtering rate of normally uploading the type message of CPU is default minimum-rate, if adjusting the filtering rate of described type message is default maximum rate, and uploads described type message; Otherwise directly upload described type message.
Described default maximum rate is given the maximum rate that CPU processes on meaning to allow, give the maximum rate that CPU processes in the permission that default minimum-rate means after identification is attacked to adjust, these two values are fixed, and filtering rate is dynamically to adjust, if attack is arranged current, filtering rate is adjusted into default minimum-rate automatically, and after attacking releasing, filtering rate is adjusted back default maximum rate automatically.The condition that judgement is attacked is the size of comparison real time rate and default maximum rate, if be greater than, attack is arranged, and is less than and does not have.In one-period, the message that surpasses filtering rate all will be dropped.
The present invention has functions such as the classification of transmitted to CPU message, filtration, large flow attacking identification alarm, receiving velocity controls; it is classified according to the message characteristics of above delivering to CPU; calculate the real time rate of every kind of message; compare real time rate and default speed; the speed of every kind of message that dynamically adjustment can reception & disposal, protection CPU is not subject to large flow attacking.The present invention is in the situation that total speed is normal but the speed of certain type message is excessive, also can judge the existence of large flow attacking, and after identification is attacked, can dynamically adjust the speed of the type message of transmitted to CPU processing, after finding to attack releasing, also can recover the speed of the type message of transmitted to CPU processing.
Embodiment bis-
The present embodiment provides the large flow attacking recognition device of a kind of CPU of protection; this device can be realized the large flow attacking recognition methods of the described protection of embodiment mono-CPU, but the implement device of the large flow attacking recognition methods of protection CPU of the present invention is not limited to the described recognition device of the present embodiment.
As shown in Figure 4; the large flow attacking recognition device of described protection CPU is a preprocessor 100; described preprocessor 100 comprises: message receiver module 110; type of message definition module 120; speed acquisition module 130, comparison module 140, filtering rate adjusting module 150; processing module 160, alarm module 170.
Described message receiver module 110 receives the whole messages that are uploaded to CPU.Further, whole messages of the described CPU of being uploaded to comprise the message that needs CPU to process and the message that does not need CPU to process.
Described type of message definition module 120 is connected with described message receiver module 110, to the message classified types that needs CPU to process.The described port numbers according to the protocol type that comprises message, message input CPU to the message classified types is or/and the vlan number of message.The definition of type of message needs message to be processed according to coming from CPU, for the message the present invention who needs CPU to process, just defines its type, and regulation CPU allows the speed of reception & disposal; For the message that does not need clearly to classify, the present invention can unified definition be " other " type, such as following definition:
Protection scope of the present invention is not limited to several division foundations that the present embodiment is enumerated, and every message is classified all comprising within the scope of the invention that rate identification controls.
Described speed acquisition module 130 is connected with described type of message definition module 120, gathers the real time rate that the each type message is uploaded CPU.Further, as shown in Figure 5, described speed acquisition module 130 comprises: timing unit 131, difference comparing unit 132, counting unit 133; Described timing unit 131 records the moment of the described type message of current reception; Described difference comparing unit 132 is connected with described timing unit 131, and whether the moment that judges the described type message of described current reception is less than 1 second with the difference of the timing zero hour; Described counting unit 133 is connected with described difference comparing unit 132, in the situation that described difference is less than 1 second count value, adds 1, otherwise upgrade timing zero hour, is the current time of reception, and counting is reset to 1, starts the next count cycle.The protection range of speed acquisition module of the present invention is not limited to the composition structure that the present embodiment is enumerated, and everyly can realize that the composition structure of the function of speed acquisition module all is included in protection scope of the present invention.
Described comparison module 140 is connected with described speed acquisition module 130, judges whether the real time rate of each type message surpasses the filtering rate of this type of message.
Described filtering rate adjusting module 150 is connected with described comparison module 140, and when the real time rate of certain type message surpasses the filtering rate of this type of message, the filtering rate of adjusting this type of message is default minimum-rate; When the real time rate of certain type message is less than the default maximum rate of this type of message, to attack while removing, the filtering rate of adjusting this type of message is default maximum rate.
Described processing module 160 is connected with described comparison module 140, will be over this type of packet loss of filtering rate; Or this type of message that will not surpass default maximum rate normally uploaded CPU.
Further, as shown in Figure 6, described processing module 160 also comprises discarding unit 161, uploading unit 162, filtering rate control unit 163; Described discarding unit 161 is connected with described comparison module 140, will abandon over the type message of filtering rate; Described uploading unit 162 is connected with described comparison module 140, and the type message that does not surpass filtering rate is normally uploaded to CPU; Described filtering rate control unit 163 is connected with described filtering rate adjusting module 150 with described uploading unit 161, judge whether the described filtering rate of normally uploading the type message of CPU is default minimum-rate, if control described filtering rate adjusting module 150, the described filtering rate of normally uploading the type message of CPU is adjusted into to default maximum rate.
Described alarm module 170 is connected with described comparison module 140, sends large flow attacking alarm when the real time rate of certain type message surpasses the default maximum rate of described type message.
The present invention has functions such as the classification of transmitted to CPU message, filtration, large flow attacking identification alarm, receiving velocity controls; it is classified according to the message characteristics of above delivering to CPU; calculate the real time rate of every kind of message; compare real time rate and default speed; the speed of every kind of message that dynamically adjustment can reception & disposal, protection CPU is not subject to large flow attacking.
The present invention can accurately be classified to message; calculate the real time rate of message; carry out speed limit for various messages; for speed, excessive type message carries out alarm and automatically adjusts the receiving velocity of CPU to this type of message; both protect CPU not to be subject to large flow attacking, and avoided again the excessive transmission to the other types message of a certain type message speed to impact.
The present invention is in the situation that total speed is normal but the speed of certain type message is excessive, also can judge the existence of large flow attacking, and after identification is attacked, can dynamically adjust the speed of the type message of transmitted to CPU processing, after finding to attack releasing, also can recover the speed of the type message of transmitted to CPU processing.
In sum, the present invention has effectively overcome various shortcoming of the prior art and the tool high industrial utilization.
Above-described embodiment is illustrative principle of the present invention and effect thereof only, but not for limiting the present invention.Any person skilled in the art scholar all can, under spirit of the present invention and category, be modified or be changed above-described embodiment.Therefore, such as in affiliated technical field, have and usually know that the knowledgeable, not breaking away from all equivalence modifications that complete under disclosed spirit and technological thought or changing, must be contained by claim of the present invention.
Claims (10)
1. a large flow attacking recognition methods of protecting CPU, is characterized in that, the large flow attacking recognition methods of described protection CPU comprises:
To the message classified types that needs CPU to process;
Gather the each type message and upload the real time rate of CPU;
Judge whether the real time rate of each type message surpasses the filtering rate of this type of message;
If surpass, will be over this type of packet loss of filtering rate, and the filtering rate of adjusting this type of message is default minimum-rate;
If do not surpass, allow this type of message normally to upload CPU.
2. the large flow attacking recognition methods of protection CPU according to claim 1 is characterized in that: the described port numbers according to the protocol type that comprises message, message input CPU to the message classified types is or/and the vlan number of message.
3. the large flow attacking recognition methods of protection CPU according to claim 1; it is characterized in that; the large flow attacking recognition methods of described protection CPU also comprises: if the real time rate of certain type message surpasses the default maximum rate of described type message, send large flow attacking alarm.
4. the large flow attacking recognition methods of protection CPU according to claim 3, is characterized in that, the process that this type of message of described permission normally uploaded CPU comprises:
Whether the filtering rate that the type message of CPU is normally uploaded in judgement is default minimum-rate, if the filtering rate of adjusting described type message is default maximum rate, and uploads described type message; If not, directly upload described type message.
5. the large flow attacking recognition methods of protection CPU according to claim 1, is characterized in that, the process that described collection each type message is uploaded the real time rate of CPU comprises:
1) receive a kind of type message, obtain the current time of reception;
Whether the difference that 2) judges the current time of reception and timing zero hour is less than 1 second, if this type of message count pick up adds 1, this count value is the real time rate of current described type message, then returns to step 1); If not, upgrading timing zero hour is the current time of reception, and count value is reset to 1, returns to step 1).
6. a large flow attacking recognition device of protecting CPU, is characterized in that, the large flow attacking recognition device of described protection CPU is a preprocessor, and described preprocessor comprises:
The message receiver module, receive the whole messages that are uploaded to CPU;
The type of message definition module, be connected with described message receiver module, to the message classified types that needs CPU to process;
The speed acquisition module, be connected with described type of message definition module, gathers the real time rate that the each type message is uploaded CPU;
Comparison module, be connected with described speed acquisition module, judges whether the real time rate of each type message surpasses the filtering rate of this type of message;
Processing module, be connected with described comparison module, will be over this type of packet loss of filtering rate; Or this type of message that will not surpass filtering rate normally uploaded CPU;
The filtering rate adjusting module, be connected with described comparison module, and when the real time rate of certain type message surpasses the filtering rate of this type of message, the filtering rate of adjusting this type of message is default minimum-rate; When the real time rate of certain type message is less than the default maximum rate of this type of message, to attack while removing, the filtering rate of adjusting this type of message is default maximum rate.
7. the large flow attacking recognition device of protection according to claim 6 CPU, it is characterized in that: whole messages of the described CPU of being uploaded to comprise the message that needs CPU to process and the message that does not need the CPU processing.
8. the large flow attacking recognition device of protection according to claim 6 CPU; it is characterized in that: described preprocessor comprises an alarm module; described alarm module is connected with described comparison module, sends large flow attacking alarm when the real time rate of certain type message surpasses the default maximum rate of this type of message.
9. the large flow attacking recognition device of protection according to claim 6 CPU, it is characterized in that: described processing module also comprises:
Discarding unit, be connected with described comparison module, will abandon over the type message of filtering rate;
Uploading unit, be connected with described comparison module, and the type message that does not surpass filtering rate is normally uploaded to CPU;
The filtering rate control unit, with described uploading unit, with described filtering rate adjusting module, be connected, judge whether the described filtering rate of normally uploading the type message of CPU is default minimum-rate, if control described filtering rate adjusting module, the described filtering rate of normally uploading the type message of CPU is adjusted into to default maximum rate.
10. the large flow attacking recognition device of protection CPU according to claim 6, is characterized in that, described speed acquisition module comprises:
Timing unit, the moment of recording the described type message of current reception;
The difference comparing unit, be connected with described timing unit, and whether the moment that judges the described type message of described current reception is less than 1 second with the difference of the timing zero hour;
Counting unit, be connected with described difference comparing unit, in the situation that described difference is less than 1 second count value, adds 1, otherwise upgrade timing zero hour, is the current time of reception, and counting is reset to 1, starts the next count cycle.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013103988174A CN103441946A (en) | 2013-09-05 | 2013-09-05 | CPU-protecting mass-flow attack identification method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013103988174A CN103441946A (en) | 2013-09-05 | 2013-09-05 | CPU-protecting mass-flow attack identification method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103441946A true CN103441946A (en) | 2013-12-11 |
Family
ID=49695612
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013103988174A Pending CN103441946A (en) | 2013-09-05 | 2013-09-05 | CPU-protecting mass-flow attack identification method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103441946A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103825812A (en) * | 2014-02-17 | 2014-05-28 | 杭州华三通信技术有限公司 | Network speed limiting device and method |
| CN104038494A (en) * | 2014-06-11 | 2014-09-10 | 普联技术有限公司 | Method for recording attack source and exchanger |
| CN104243343A (en) * | 2014-09-29 | 2014-12-24 | 华为技术有限公司 | Method for determining message impact and network equipment |
| CN104283643A (en) * | 2014-10-24 | 2015-01-14 | 杭州华三通信技术有限公司 | Message speed limiting method and device |
| CN104539554A (en) * | 2014-12-22 | 2015-04-22 | 上海斐讯数据通信技术有限公司 | Message transmission method and message processing system |
| CN105391646A (en) * | 2015-10-19 | 2016-03-09 | 上海斐讯数据通信技术有限公司 | Method and device for performing early-warning processing on link layer equipment |
| CN105743679A (en) * | 2014-12-11 | 2016-07-06 | 中兴通讯股份有限公司 | Cpu protection method and apparatus in multinucleated network equipment |
| CN105939339A (en) * | 2016-03-22 | 2016-09-14 | 杭州迪普科技有限公司 | Protection method and device of attack protocol message flow |
| CN106657030A (en) * | 2016-12-05 | 2017-05-10 | 互联网域名系统北京市工程研究中心有限公司 | Illegal message safety protection method and system based on DHCP server |
| CN109379356A (en) * | 2018-10-16 | 2019-02-22 | 盛科网络(苏州)有限公司 | The method and device of automatic capture cpu attack message |
| CN112165410A (en) * | 2020-09-16 | 2021-01-01 | 杭州迪普信息技术有限公司 | Message capturing method and device |
| CN113037691A (en) * | 2019-12-24 | 2021-06-25 | 中国移动通信集团浙江有限公司 | Message processing method, device and system |
| CN113765813A (en) * | 2020-09-24 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Method and device for dynamically adjusting message receiving rate |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101083563A (en) * | 2007-07-20 | 2007-12-05 | 杭州华三通信技术有限公司 | Method and apparatus for preventing distributed refuse service attack |
| US7516487B1 (en) * | 2003-05-21 | 2009-04-07 | Foundry Networks, Inc. | System and method for source IP anti-spoofing security |
| CN102281295A (en) * | 2011-08-06 | 2011-12-14 | 黑龙江大学 | Method for easing distributed denial of service attacks |
| CN102487339A (en) * | 2010-12-01 | 2012-06-06 | 中兴通讯股份有限公司 | Attack preventing method for network equipment and device |
-
2013
- 2013-09-05 CN CN2013103988174A patent/CN103441946A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7516487B1 (en) * | 2003-05-21 | 2009-04-07 | Foundry Networks, Inc. | System and method for source IP anti-spoofing security |
| CN101083563A (en) * | 2007-07-20 | 2007-12-05 | 杭州华三通信技术有限公司 | Method and apparatus for preventing distributed refuse service attack |
| CN102487339A (en) * | 2010-12-01 | 2012-06-06 | 中兴通讯股份有限公司 | Attack preventing method for network equipment and device |
| CN102281295A (en) * | 2011-08-06 | 2011-12-14 | 黑龙江大学 | Method for easing distributed denial of service attacks |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103825812B (en) * | 2014-02-17 | 2017-11-14 | 新华三技术有限公司 | A kind of network speed limit device and method |
| CN103825812A (en) * | 2014-02-17 | 2014-05-28 | 杭州华三通信技术有限公司 | Network speed limiting device and method |
| CN104038494A (en) * | 2014-06-11 | 2014-09-10 | 普联技术有限公司 | Method for recording attack source and exchanger |
| CN104243343A (en) * | 2014-09-29 | 2014-12-24 | 华为技术有限公司 | Method for determining message impact and network equipment |
| CN104243343B (en) * | 2014-09-29 | 2018-02-09 | 华为技术有限公司 | A kind of method and the network equipment for determining message impact |
| CN104283643A (en) * | 2014-10-24 | 2015-01-14 | 杭州华三通信技术有限公司 | Message speed limiting method and device |
| CN104283643B (en) * | 2014-10-24 | 2018-06-12 | 新华三技术有限公司 | Message rate-limiting method and device |
| EP3232608B1 (en) * | 2014-12-11 | 2020-01-01 | ZTE Corporation | Cpu protection method and apparatus in multi-core network device |
| CN105743679A (en) * | 2014-12-11 | 2016-07-06 | 中兴通讯股份有限公司 | Cpu protection method and apparatus in multinucleated network equipment |
| CN104539554A (en) * | 2014-12-22 | 2015-04-22 | 上海斐讯数据通信技术有限公司 | Message transmission method and message processing system |
| CN104539554B (en) * | 2014-12-22 | 2018-05-18 | 上海斐讯数据通信技术有限公司 | A kind of message transmitting method and message handling system |
| CN105391646A (en) * | 2015-10-19 | 2016-03-09 | 上海斐讯数据通信技术有限公司 | Method and device for performing early-warning processing on link layer equipment |
| CN105939339A (en) * | 2016-03-22 | 2016-09-14 | 杭州迪普科技有限公司 | Protection method and device of attack protocol message flow |
| CN106657030A (en) * | 2016-12-05 | 2017-05-10 | 互联网域名系统北京市工程研究中心有限公司 | Illegal message safety protection method and system based on DHCP server |
| CN106657030B (en) * | 2016-12-05 | 2019-09-27 | 互联网域名系统北京市工程研究中心有限公司 | A kind of method and system based on Dynamic Host Configuration Protocol server invalid packet security protection |
| CN109379356A (en) * | 2018-10-16 | 2019-02-22 | 盛科网络(苏州)有限公司 | The method and device of automatic capture cpu attack message |
| CN113037691A (en) * | 2019-12-24 | 2021-06-25 | 中国移动通信集团浙江有限公司 | Message processing method, device and system |
| CN112165410A (en) * | 2020-09-16 | 2021-01-01 | 杭州迪普信息技术有限公司 | Message capturing method and device |
| CN113765813A (en) * | 2020-09-24 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Method and device for dynamically adjusting message receiving rate |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103441946A (en) | CPU-protecting mass-flow attack identification method and device | |
| CN103561011B (en) | A kind of SDN controller method and system for preventing blind DDoS attacks on | |
| CN104580222B (en) | Ddos attack Distributed Detection and response method based on comentropy | |
| KR100402979B1 (en) | Improving system preformance in a data network through queue management based on ingress rate monitoring | |
| CN101060531B (en) | A method and device for avoiding the attack of network equipment | |
| US9959751B2 (en) | Filter method for adapting a computing load | |
| EP2761826B1 (en) | Attribution of congestion contributions | |
| EP2933954A1 (en) | Network anomaly notification method and apparatus | |
| EP2575303A1 (en) | Determining congestion measures | |
| CN101547187B (en) | Network attack protection method for broadband access equipment | |
| KR20050081439A (en) | System of network security and working method thereof | |
| CN110784415B (en) | ECN quick response method and device | |
| CN101980506A (en) | Flow characteristic analysis-based distributed intrusion detection method | |
| CN104104558B (en) | A kind of method that network storm suppresses in transformer station process layer communication | |
| CN108574698B (en) | Method for carrying out network security protection on Internet of things system | |
| CN1606293A (en) | Line card port protection rate limiter circuitry | |
| EP2073457A1 (en) | A method and apparatus for preventing igmp message attack | |
| CN109194608B (en) | DDoS attack and flash congestion event detection method based on flow | |
| CN104852863B (en) | Dynamic threshold management method and device in a kind of shared buffer memory interchanger | |
| CN109657463A (en) | A kind of defence method and device of message flood attack | |
| CN106330758A (en) | Transfer method and device based on multilayer queue fluid control back pressure | |
| CN109617824A (en) | Collecting method, device and server | |
| CN101420419B (en) | Adaptive high-speed network flow layered sampling and collecting method | |
| CN102164077B (en) | Bandwidth control method, device and router | |
| CN106656665A (en) | Local area network speed testing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20131211 |