CN103442018A - Dynamic defense method and system for CC (Challenge Collapsar) attack - Google Patents
Dynamic defense method and system for CC (Challenge Collapsar) attack Download PDFInfo
- Publication number
- CN103442018A CN103442018A CN2013104257848A CN201310425784A CN103442018A CN 103442018 A CN103442018 A CN 103442018A CN 2013104257848 A CN2013104257848 A CN 2013104257848A CN 201310425784 A CN201310425784 A CN 201310425784A CN 103442018 A CN103442018 A CN 103442018A
- Authority
- CN
- China
- Prior art keywords
- dynamic
- list
- blacklist
- white list
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a dynamic defense method and a dynamic defense system for CC (Challenge Collapsar) attack, which can overcome the defects existing in the conventional method, can timely and accurately defense the CC attack and can quickly correct the error when mistaken killing occurs. According to the technical scheme of the invention, the method comprises the following steps: receiving an HTTP (Hypertext Transfer Protocol) request; counting the access frequency of a request IP (Internet Protocol) in a period of time; obtaining an anti-attack threshold value according to the counting result; detecting whether the attack occurs according to the anti-attack threshold value, denying the access if the attack occurs, and normally accessing if no attack occurs.
Description
Technical field
The present invention relates to CC(Challenge Collapsar) attack defense method, relate in particular to the CC attack defense method in content distributing network (CDN).
Background technology
The principle of CC(Challenge Collapsar) attacking is that the page higher to some consumption of natural resource constantly initiated normal request, reaches and consumes the service end resource, causes server normally to connect.CC attacks and to occur in after the Transmission Control Protocol three-way handshake completes, and can regard the DDOS(Distributed Denial of Service of application layer as) attack.
The IP that shielding is launched a offensive is a kind of mode that defence CC attacks, and when finding that the access characteristic (as number of times, flow etc.) of an IP within a period of time surpasses threshold value, shields this IP, makes it can not continue access.The shielding IP defense mechanism that CC attacks specifically has two kinds of implementations:
(1) access log is carried out to statistical analysis, calculate the attack protection threshold value, use this threshold value to resist attack;
(2) statistical log not, directly configure the attack protection threshold value, uses this threshold value to resist attack.
The drawback that threshold mode is set according to log analysis is: gather, analyze daily record and need the regular hour, can not calculate in time corresponding threshold value, extended the time under fire.
The drawback of configured threshold mode is: more difficult definite suitable threshold value causes resisting the situation of incessantly attacking or occurring manslaughtering.
In addition, above two kinds of modes are in the situation that all access of quick-recovery user soon occur manslaughtering.
Summary of the invention
The object of the invention is to address the above problem, the dynamic security method and system that provides a kind of CC to attack, solve the drawback that existing mode exists, and also defends exactly in time CC to attack, error correction rapidly when occurring manslaughtering.
Technical scheme of the present invention is: the present invention has disclosed a kind of dynamic security method that CC attacks, and comprising:
Receive the HTTP request;
The access times of statistics request IP within a period of time;
Obtain the attack protection threshold value according to statistics;
According to the attack protection threshold test, whether attacked, if attacked denied access, if do not attacked normally access.
One embodiment of the dynamic security method of attacking according to CC of the present invention also comprised before the step of attack protection threshold test:
The request that detects whether in the black/white list, if in blacklist denied access, if in white list normal access send response.
One embodiment of the dynamic security method of attacking according to CC of the present invention, blacklist and white list are adjusted by following steps:
Monitor the dynamic-configuration serve port;
Receive the dynamic configuration requests of blacklist and white list;
Process according to request type, if increase or delete list, carry out the adjustment of blacklist and white list, if check that list exports blacklist and white list, the rear transmission response of finishing dealing with.
One embodiment of the dynamic security method of attacking according to CC of the present invention, the term of validity of blacklist and white list detects by following steps:
Check one by one the validity of the configuration of every blacklist and white list;
The configuration of Delete Expired.
The present invention has also disclosed the Dynamic Defense System that a kind of CC attacks, and comprising:
The request receiving device, receive the HTTP request;
The request statistic device, the access times of statistics request IP within a period of time;
The threshold value deriving means, obtain the attack protection threshold value according to statistics;
Whether the Check processing device, attacked according to the attack protection threshold test, if attacked denied access, if do not attacked normally access.
One embodiment of the Dynamic Defense System of attacking according to CC of the present invention also comprised before the Check processing device:
The list checkout gear, the request that detects whether in the black/white list, if in blacklist denied access, if in white list normal access send response.
One embodiment of the Dynamic Defense System of attacking according to CC of the present invention, the list checkout gear also comprises the list adjusting module, wherein the list adjusting module further comprises:
Monitoring unit, monitor the dynamic-configuration serve port;
The configuring request receiving element, the dynamic configuration requests of reception blacklist and white list;
The dynamic-configuration unit, process according to request type, if increase or delete list, carries out the adjustment of blacklist and white list, if check that list exports blacklist and white list, the rear transmission response of finishing dealing with.
One embodiment of the Dynamic Defense System of attacking according to CC of the present invention, the list checkout gear also comprises term of validity detection module, wherein term of validity detection module further comprises:
The validity check unit, check the validity of the configuration of every blacklist and white list one by one;
Expired configuration delete cells, the configuration of Delete Expired.
The present invention contrasts prior art following beneficial effect: the present invention, according to the dynamic definite threshold of statistics to the access situation, carries out the attack protection processing according to this dynamic threshold, also can tackle CC according to blacklist that can dynamic-configuration and white list and attack.Compared to conventional art, the present invention can adjust suitable threshold value in real time, avoids resisting and incessantly attacks or the wrong situation of killing of appearance.
The accompanying drawing explanation
Fig. 1 shows the flow chart of the first embodiment of the dynamic security method that CC of the present invention attacks.
Fig. 2 shows the flow chart of the second embodiment of the dynamic security method that CC of the present invention attacks.
Fig. 3 shows the flow chart of dynamic-configuration black/white list of the present invention.
Fig. 4 shows the flow chart of regular detection black/white list validity of the present invention.
Fig. 5 shows the schematic diagram of the first embodiment of the Dynamic Defense System that CC of the present invention attacks.
Fig. 6 shows the schematic diagram of the second embodiment of the Dynamic Defense System that CC of the present invention attacks.
Fig. 7 shows the refinement schematic diagram of list adjusting module of the present invention.
Fig. 8 shows the refinement schematic diagram of term of validity detection module of the present invention.
Embodiment
Below in conjunction with drawings and Examples, the invention will be further described.
the first embodiment of the dynamic security method that CC attacks
Fig. 1 shows the flow process of the first embodiment of the dynamic security method that CC of the present invention attacks.Refer to Fig. 1, details are as follows for the implementation step of the dynamic security method of the present embodiment.
Step S10: receive the HTTP request.
Step S11: the access times of statistics request IP within a period of time.
In being provided, the server of HTTP service (as Nginx etc.) or acting server (as Squid etc.) software carries out dynamic statistics and analysis.
Step S12: according to statistics, obtain the attack protection threshold value.
Such as by computational methods such as peak value ratios, dynamically determining the attack protection threshold value.
Step S13: whether under attack according to the attack protection threshold test, if attacked denied access, if attacked normal process request Concurrency, do not send response.
the second embodiment of the dynamic security method that CC attacks
Fig. 2 shows the flow process of the second embodiment of the dynamic security method that CC of the present invention attacks.Refer to Fig. 2, details are as follows for the implementation step of the dynamic security method of the present embodiment.
Step S20: receive the HTTP request.
Step S21: the access times of statistics request IP within a period of time.
In being provided, the server of HTTP service (as Nginx etc.) or acting server (as Squid etc.) software carries out dynamic statistics and analysis.
Step S22: according to statistics, obtain the attack protection threshold value.
Such as by computational methods such as peak value ratios, dynamically determining the attack protection threshold value.
Step S23: the request that detects whether in the black/white list, if the URL in blacklist and IP are directly tackled, denied access, if the URL in white list and IP the normal process request Concurrency send response.
The black/white list can dynamic-configuration, server software is increased to the dynamic-configuration interface, external system can send IP and the blacklist of URL and the dynamic-configuration of white list to server software by this dynamic-configuration interface, comprises dynamic increase, dynamically deletes and inquiry etc.
Concrete configuration flow refers to Fig. 3, at first monitors the dynamic-configuration serve port; Then receive the dynamic configuration requests of blacklist and white list; Finally according to request type, process, if increase or delete list, carry out the adjustment of blacklist and white list, if check that list is output as text by blacklist and white list, the rear transmission of finishing dealing with responds to external system, with expression, runs succeeded or failure.
The black/white list dynamic-configuration that external system sends has expired time, expired can ceasing to be in force automatically afterwards.As shown in Figure 4, check at first one by one the validity of the configuration of every blacklist and white list, then the configuration of Delete Expired.
Step S24: whether under attack according to the attack protection threshold test, if attacked denied access, if attacked normal process request Concurrency, do not send response.
the first embodiment of the Dynamic Defense System that CC attacks
Fig. 5 shows the principle of the first embodiment of the Dynamic Defense System that CC of the present invention attacks, refer to Fig. 5, the Dynamic Defense System that the CC of the present embodiment attacks comprises: request receiving device 10, request statistic device 11, threshold value deriving means 12, Check processing device 13.
The output connection request statistic device 11 of request receiving device 10, the output connect threshold deriving means 12 of request statistic device 11, the output of threshold value deriving means 12 connects Check processing device 13.
Request receiving device 10 receives the HTTP request.The access times of request statistic device 11 statistics request IP within a period of time are carried out dynamic statistics and analysis in the server that the HTTP service is provided (as Nginx etc.) or acting server (as Squid etc.) software.Threshold value deriving means 12 obtains the attack protection threshold value according to statistics, such as by computational methods such as peak value ratios, dynamically determining the attack protection threshold value.Whether Check processing device 13 is attacked according to the attack protection threshold test, if attacked denied access, if attacked normal process request Concurrency, does not send response.
the second embodiment of the Dynamic Defense System that CC attacks
Fig. 6 shows the principle of the second embodiment of the Dynamic Defense System that CC of the present invention attacks, refer to Fig. 6, the Dynamic Defense System that the CC of the present embodiment attacks comprises: request receiving device 20, request statistic device 21, threshold value deriving means 22, list checkout gear 23, Check processing device 24.
The output connection request statistic device 21 of request receiving device 20, the output connect threshold deriving means 22 of request statistic device 21, the output of threshold value deriving means 22 connects list checkout gear 23, and the output of list checkout gear 23 connects Check processing device 24.
Request receiving device 20 receives the HTTP request.The access times of request statistic device 21 statistics request IP within a period of time are carried out dynamic statistics and analysis in the server that the HTTP service is provided (as Nginx etc.) or acting server (as Squid etc.) software.Threshold value deriving means 22 obtains the attack protection threshold value according to statistics, such as by computational methods such as peak value ratios, dynamically determining the attack protection threshold value.List checkout gear 23 detects request whether in the black/white list, if the URL in blacklist and IP are directly tackled, denied access, if the URL in white list and IP the normal process request Concurrency send response.Whether Check processing device 24 is attacked according to the attack protection threshold test, if attacked denied access, if attacked normal process request Concurrency, does not send response.
The black/white list can dynamic-configuration, server software is increased to the dynamic-configuration interface, external system can send IP and the blacklist of URL and the dynamic-configuration of white list to server software by this dynamic-configuration interface, comprises dynamic increase, dynamically deletes and inquiry etc.Therefore list checkout gear 23 also comprises list adjusting module 3, comprises as shown in Figure 7 monitoring unit 31, configuring request receiving element 32, dynamic-configuration unit 33.Monitoring unit 31 is monitored the dynamic-configuration serve port.Configuring request receiving element 32 receives the dynamic configuration requests of blacklist and white list.Dynamic-configuration unit 33 is processed according to request type, if increase or delete list, carrying out the adjustment of blacklist and white list, if check that list is output as text by blacklist and white list, the rear transmission of finishing dealing with responds to external system, with expression, runs succeeded or failure.
The black/white list dynamic-configuration that external system sends has expired time, expired can ceasing to be in force automatically afterwards.As shown in Figure 8, list checkout gear 23 also comprises term of validity detection module 4, and wherein term of validity detection module further comprises validity inspection unit 41 and expired configuration delete cells 42.Validity check unit 41 checks the validity of the configuration of every blacklist and white list one by one.The configuration of expired configuration delete cells 42 Delete Expireds.
Above-described embodiment is to provide to those of ordinary skills and realizes and use of the present invention; those of ordinary skills can be without departing from the present invention in the case of the inventive idea; above-described embodiment is made to various modifications or variation; thereby protection scope of the present invention do not limit by above-described embodiment, and it should be the maximum magnitude that meets the inventive features that claims mention.
Claims (8)
1. the dynamic security method that a CC attacks comprises:
Receive the HTTP request;
The access times of statistics request IP within a period of time;
Obtain the attack protection threshold value according to statistics;
According to the attack protection threshold test, whether attacked, if attacked denied access, if do not attacked normally access.
2. the dynamic security method that CC according to claim 1 attacks, is characterized in that, before the step of attack protection threshold test, also comprises:
The request that detects whether in the black/white list, if in blacklist denied access, if in white list normal access send response.
3. the dynamic security method that CC according to claim 2 attacks, is characterized in that, blacklist and white list are adjusted by following steps:
Monitor the dynamic-configuration serve port;
Receive the dynamic configuration requests of blacklist and white list;
Process according to request type, if increase or delete list, carry out the adjustment of blacklist and white list, if check that list exports blacklist and white list, the rear transmission response of finishing dealing with.
4. the dynamic security method that CC according to claim 2 attacks, is characterized in that, the term of validity of blacklist and white list detects by following steps:
Check one by one the validity of the configuration of every blacklist and white list;
The configuration of Delete Expired.
5. the Dynamic Defense System that a CC attacks comprises:
The request receiving device, receive the HTTP request;
The request statistic device, the access times of statistics request IP within a period of time;
The threshold value deriving means, obtain the attack protection threshold value according to statistics;
Whether the Check processing device, attacked according to the attack protection threshold test, if attacked denied access, if do not attacked normally access.
6. the Dynamic Defense System that CC according to claim 5 attacks, is characterized in that, before the Check processing device, also comprises:
The list checkout gear, the request that detects whether in the black/white list, if in blacklist denied access, if in white list normal access send response.
7. the Dynamic Defense System that CC according to claim 6 attacks is characterized in that the list checkout gear also comprises the list adjusting module, and wherein the list adjusting module further comprises:
Monitoring unit, monitor the dynamic-configuration serve port;
The configuring request receiving element, the dynamic configuration requests of reception blacklist and white list;
The dynamic-configuration unit, process according to request type, if increase or delete list, carries out the adjustment of blacklist and white list, if check that list exports blacklist and white list, the rear transmission response of finishing dealing with.
8. the Dynamic Defense System that CC according to claim 6 attacks is characterized in that the list checkout gear also comprises term of validity detection module, and wherein term of validity detection module further comprises:
The validity check unit, check the validity of the configuration of every blacklist and white list one by one;
Expired configuration delete cells, the configuration of Delete Expired.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013104257848A CN103442018A (en) | 2013-09-17 | 2013-09-17 | Dynamic defense method and system for CC (Challenge Collapsar) attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013104257848A CN103442018A (en) | 2013-09-17 | 2013-09-17 | Dynamic defense method and system for CC (Challenge Collapsar) attack |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103442018A true CN103442018A (en) | 2013-12-11 |
Family
ID=49695683
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013104257848A Pending CN103442018A (en) | 2013-09-17 | 2013-09-17 | Dynamic defense method and system for CC (Challenge Collapsar) attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103442018A (en) |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103685294A (en) * | 2013-12-20 | 2014-03-26 | 北京奇虎科技有限公司 | Method and device for identifying attack sources of denial of service attack |
| CN103997488A (en) * | 2014-05-06 | 2014-08-20 | 汉柏科技有限公司 | Network attack monitoring method and system |
| CN104065644A (en) * | 2014-05-28 | 2014-09-24 | 北京知道创宇信息技术有限公司 | Method and apparatus for recognizing CC attacks based on log analysis |
| CN104079557A (en) * | 2014-05-22 | 2014-10-01 | 汉柏科技有限公司 | CC attack protection method and device |
| CN104702623A (en) * | 2015-03-27 | 2015-06-10 | 携程计算机技术(上海)有限公司 | IP lockout method and system |
| CN104917779A (en) * | 2015-06-26 | 2015-09-16 | 北京奇虎科技有限公司 | Protection method of CC attack based on cloud, device thereof and system thereof |
| CN105530218A (en) * | 2014-09-28 | 2016-04-27 | 北京奇虎科技有限公司 | Link security detection method and client |
| CN105897674A (en) * | 2015-11-25 | 2016-08-24 | 乐视云计算有限公司 | DDoS attack protection method applied to CDN server group and system |
| CN105939320A (en) * | 2015-12-02 | 2016-09-14 | 杭州迪普科技有限公司 | Message processing method and device |
| CN106330911A (en) * | 2016-08-25 | 2017-01-11 | 广东睿江云计算股份有限公司 | CC (Challenge Collapsar) attack protection method and device |
| CN103763136B (en) * | 2014-01-07 | 2017-04-12 | 北京奇虎科技有限公司 | White list maintaining method and device |
| CN106598723A (en) * | 2015-10-19 | 2017-04-26 | 北京国双科技有限公司 | Configuration method and device for resources in distributed system |
| CN106598881A (en) * | 2016-12-20 | 2017-04-26 | 北京小米移动软件有限公司 | Page processing method and device |
| CN107819727A (en) * | 2016-09-13 | 2018-03-20 | 腾讯科技(深圳)有限公司 | A kind of network safety protection method and system based on the safe credit worthiness of IP address |
| CN107979560A (en) * | 2016-10-21 | 2018-05-01 | 北京计算机技术及应用研究所 | It is a kind of that attack defense method is applied based on Multiple detection |
| CN108234341A (en) * | 2018-01-25 | 2018-06-29 | 北京搜狐新媒体信息技术有限公司 | The passive current-limiting method of Nginx dynamics and system based on device-fingerprint |
| CN108234342A (en) * | 2018-01-25 | 2018-06-29 | 北京搜狐新媒体信息技术有限公司 | Nginx dynamic active current-limiting methods and system based on device-fingerprint |
| CN110188577A (en) * | 2019-05-22 | 2019-08-30 | 上海上湖信息技术有限公司 | A kind of information display method, device, equipment and medium |
| CN110519266A (en) * | 2019-08-27 | 2019-11-29 | 四川长虹电器股份有限公司 | A method of the cc attack detecting based on statistical method |
| CN110557371A (en) * | 2019-07-31 | 2019-12-10 | 中至数据集团股份有限公司 | Access limiting method, system, readable storage medium and game server |
| CN111327615A (en) * | 2020-02-21 | 2020-06-23 | 浙江德迅网络安全技术有限公司 | CC attack protection method and system |
| CN111614629A (en) * | 2020-04-29 | 2020-09-01 | 浙江德迅网络安全技术有限公司 | Dynamic defense system and method for CC attack |
| CN112637002A (en) * | 2020-12-04 | 2021-04-09 | 北京金山云网络技术有限公司 | Test resource deleting method and device, storage medium and electronic equipment |
| CN113452647A (en) * | 2020-03-24 | 2021-09-28 | 百度在线网络技术(北京)有限公司 | Feature identification method, feature identification device, electronic equipment and computer-readable storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101540761A (en) * | 2009-04-24 | 2009-09-23 | 成都市华为赛门铁克科技有限公司 | Method and equipment for monitoring distributed denial of service attack |
| CN102413105A (en) * | 2010-09-25 | 2012-04-11 | 杭州华三通信技术有限公司 | Method and device for preventing attack of challenge collapsar (CC) |
-
2013
- 2013-09-17 CN CN2013104257848A patent/CN103442018A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101540761A (en) * | 2009-04-24 | 2009-09-23 | 成都市华为赛门铁克科技有限公司 | Method and equipment for monitoring distributed denial of service attack |
| CN102413105A (en) * | 2010-09-25 | 2012-04-11 | 杭州华三通信技术有限公司 | Method and device for preventing attack of challenge collapsar (CC) |
Cited By (34)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103685294A (en) * | 2013-12-20 | 2014-03-26 | 北京奇虎科技有限公司 | Method and device for identifying attack sources of denial of service attack |
| CN103763136B (en) * | 2014-01-07 | 2017-04-12 | 北京奇虎科技有限公司 | White list maintaining method and device |
| CN103997488A (en) * | 2014-05-06 | 2014-08-20 | 汉柏科技有限公司 | Network attack monitoring method and system |
| CN103997488B (en) * | 2014-05-06 | 2018-01-05 | 汉柏科技有限公司 | The monitoring method and system of a kind of network attack |
| CN104079557A (en) * | 2014-05-22 | 2014-10-01 | 汉柏科技有限公司 | CC attack protection method and device |
| CN104065644A (en) * | 2014-05-28 | 2014-09-24 | 北京知道创宇信息技术有限公司 | Method and apparatus for recognizing CC attacks based on log analysis |
| CN104065644B (en) * | 2014-05-28 | 2017-11-21 | 北京知道创宇信息技术有限公司 | CC attack recognition method and apparatus based on log analysis |
| CN105530218A (en) * | 2014-09-28 | 2016-04-27 | 北京奇虎科技有限公司 | Link security detection method and client |
| CN104702623B (en) * | 2015-03-27 | 2019-01-08 | 上海携程商务有限公司 | IP blockage method and system |
| CN104702623A (en) * | 2015-03-27 | 2015-06-10 | 携程计算机技术(上海)有限公司 | IP lockout method and system |
| CN104917779A (en) * | 2015-06-26 | 2015-09-16 | 北京奇虎科技有限公司 | Protection method of CC attack based on cloud, device thereof and system thereof |
| CN106598723A (en) * | 2015-10-19 | 2017-04-26 | 北京国双科技有限公司 | Configuration method and device for resources in distributed system |
| CN105897674A (en) * | 2015-11-25 | 2016-08-24 | 乐视云计算有限公司 | DDoS attack protection method applied to CDN server group and system |
| WO2017088397A1 (en) * | 2015-11-25 | 2017-06-01 | 乐视控股(北京)有限公司 | Ddos attack protection method and system for cdn server group |
| CN105939320A (en) * | 2015-12-02 | 2016-09-14 | 杭州迪普科技有限公司 | Message processing method and device |
| CN106330911A (en) * | 2016-08-25 | 2017-01-11 | 广东睿江云计算股份有限公司 | CC (Challenge Collapsar) attack protection method and device |
| CN107819727A (en) * | 2016-09-13 | 2018-03-20 | 腾讯科技(深圳)有限公司 | A kind of network safety protection method and system based on the safe credit worthiness of IP address |
| CN107819727B (en) * | 2016-09-13 | 2020-11-17 | 腾讯科技(深圳)有限公司 | Network security protection method and system based on IP address security credit |
| CN107979560A (en) * | 2016-10-21 | 2018-05-01 | 北京计算机技术及应用研究所 | It is a kind of that attack defense method is applied based on Multiple detection |
| CN106598881A (en) * | 2016-12-20 | 2017-04-26 | 北京小米移动软件有限公司 | Page processing method and device |
| CN106598881B (en) * | 2016-12-20 | 2020-10-09 | 北京小米移动软件有限公司 | Page processing method and device |
| CN108234341A (en) * | 2018-01-25 | 2018-06-29 | 北京搜狐新媒体信息技术有限公司 | The passive current-limiting method of Nginx dynamics and system based on device-fingerprint |
| CN108234342A (en) * | 2018-01-25 | 2018-06-29 | 北京搜狐新媒体信息技术有限公司 | Nginx dynamic active current-limiting methods and system based on device-fingerprint |
| CN108234342B (en) * | 2018-01-25 | 2021-08-13 | 北京搜狐新媒体信息技术有限公司 | Nginx dynamic active current limiting method and system based on equipment fingerprint |
| CN108234341B (en) * | 2018-01-25 | 2021-06-11 | 北京搜狐新媒体信息技术有限公司 | Nginx dynamic passive current limiting method and system based on equipment fingerprint |
| CN110188577A (en) * | 2019-05-22 | 2019-08-30 | 上海上湖信息技术有限公司 | A kind of information display method, device, equipment and medium |
| CN110557371A (en) * | 2019-07-31 | 2019-12-10 | 中至数据集团股份有限公司 | Access limiting method, system, readable storage medium and game server |
| CN110519266B (en) * | 2019-08-27 | 2021-04-27 | 四川长虹电器股份有限公司 | Cc attack detection method based on statistical method |
| CN110519266A (en) * | 2019-08-27 | 2019-11-29 | 四川长虹电器股份有限公司 | A method of the cc attack detecting based on statistical method |
| CN111327615A (en) * | 2020-02-21 | 2020-06-23 | 浙江德迅网络安全技术有限公司 | CC attack protection method and system |
| CN113452647A (en) * | 2020-03-24 | 2021-09-28 | 百度在线网络技术(北京)有限公司 | Feature identification method, feature identification device, electronic equipment and computer-readable storage medium |
| CN113452647B (en) * | 2020-03-24 | 2022-11-29 | 百度在线网络技术(北京)有限公司 | Feature identification method, feature identification device, electronic equipment and computer-readable storage medium |
| CN111614629A (en) * | 2020-04-29 | 2020-09-01 | 浙江德迅网络安全技术有限公司 | Dynamic defense system and method for CC attack |
| CN112637002A (en) * | 2020-12-04 | 2021-04-09 | 北京金山云网络技术有限公司 | Test resource deleting method and device, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103442018A (en) | Dynamic defense method and system for CC (Challenge Collapsar) attack | |
| US10432652B1 (en) | Methods for detecting and mitigating malicious network behavior and devices thereof | |
| US10623376B2 (en) | Qualifying client behavior to mitigate attacks on a host | |
| KR101095447B1 (en) | Apparatus and method for preventing distributed denial of service attack | |
| CN102291390B (en) | Method for defending against denial of service attack based on cloud computation platform | |
| US9282116B1 (en) | System and method for preventing DOS attacks utilizing invalid transaction statistics | |
| CN102739683B (en) | A kind of network attack filter method and device | |
| WO2018121331A1 (en) | Attack request determination method, apparatus and server | |
| WO2016006520A1 (en) | Detection device, detection method and detection program | |
| Cambiaso et al. | Slowcomm: Design, development and performance evaluation of a new slow DoS attack | |
| US10547636B2 (en) | Method and system for detecting and mitigating denial-of-service attacks | |
| US11108815B1 (en) | Methods and system for returning requests with javascript for clients before passing a request to a server | |
| CN103929440A (en) | Web page tamper prevention device based on web server cache matching and method thereof | |
| US20120173712A1 (en) | Method and device for identifying p2p application connections | |
| CN101150586A (en) | CC attack prevention method and device | |
| CN105959313A (en) | Method and device for preventing HTTP proxy attack | |
| CN103139138A (en) | Application layer denial of service (DoS) protective method and system based on client detection | |
| CN111327615A (en) | CC attack protection method and system | |
| Pellegrino et al. | Cashing Out the Great Cannon? On {Browser-Based}{DDoS} Attacks and Economics | |
| CN108234516B (en) | Method and device for detecting network flooding attack | |
| CN103634284A (en) | Network flood attack detecting method and device | |
| CN102075535B (en) | Distributed denial-of-service attack filter method and system for application layer | |
| WO2011103835A2 (en) | User access control method, apparatus and system | |
| CN109688136B (en) | Detection method, system and related components for forging IP attack behavior | |
| Oo et al. | Enhancement of preventing application layer based on DDoS attacks by using hidden semi-Markov model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20131211 |
|
| RJ01 | Rejection of invention patent application after publication |