CN103746965A - Low-bitrate denial of service attack method based on data flow - Google Patents
Low-bitrate denial of service attack method based on data flow Download PDFInfo
- Publication number
- CN103746965A CN103746965A CN201310702530.6A CN201310702530A CN103746965A CN 103746965 A CN103746965 A CN 103746965A CN 201310702530 A CN201310702530 A CN 201310702530A CN 103746965 A CN103746965 A CN 103746965A
- Authority
- CN
- China
- Prior art keywords
- denial
- service attack
- network
- data
- application program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a low-bitrate denial of service attack method based on a data flow. The method has a low-bitrate denial of service attack effect. Communication rules of a target user or an application program are counted and analyzed, an appropriate opportunity is selected and an instant denial of service attack is initiated when communication is performed by the target user or the application program. After a short period of duration, the process of the denial of service attack is ended so that the denial of service attack effect towards the target user and the application program is achieved. Meanwhile, a low-bitrate attack requirement in a relatively long period of time is maintained. According to the low-bitrate denial of service attack method based on the data flow, minimum price is cost on the specific user or a specific application in a network, and the accurate denial of service attack effect towards the user or the application program can be realized by using the low-bitrate denial of service attack flow.
Description
Technical field
The present invention relates to a kind of method of Denial of Service attack, especially a kind of method of the low-speed denial of service attack based on data traffic.
Background technology
The Denial of Service attack method of at present traditional flow Network Based is all the data that adopt large flow substantially, realizes the target of attack of denial of service.The basic principle of its work is all the big data quantity that surpasses the disposal ability that this computer or server can bear by sending to computer or server, make the computer attacked or server at short notice, cannot to received all packets, process timely, thereby computer or the server attacked can not be processed timely the packet of new arrival within this period of time, cause data-bag lost, cannot effectively for sending over packet, user provide respective service, thereby reach the target of Denial of Service attack.More and more ripe for the network detection of this attack pattern and the mechanism of strick precaution at present, for network being detected and the applicable following development trend of attacking of security protection software, this patent proposes a kind of Denial of Service attack method of low rate of flow Network Based, for the design of network safety prevention software and system provides a kind of important sample with reference to foundation.
Summary of the invention
The technical problem to be solved in the present invention is the defect that overcomes prior art, a kind of low-speed denial of service attack method of flow Network Based is provided, make it possible to spend minimum cost for specific user in network or application-specific, use the Denial of Service attack flow of low rate, can realize the accurate Denial of Service attack effect to this user or application program.
In order to solve the problems of the technologies described above, the invention provides following technical scheme:
The present invention is by monitoring and analyze the user of proper communication on network or data traffic, seek and get appropriate time point and on network, send a large amount of data volumes at short notice, cause the Denial of Service attack effect of moment, thereby make to be subject to the user of this Denial of Service attack impact or the data that application program is being communicated by letter, cannot correctly deliver to object recipient.Therefore and because the duration of this Denial of Service attack is very short, adopt a period of time to weigh the denial of service flow that assailant obtains to the data traffic of injecting in network very low, thereby reach the Denial of Service attack effect of low rate.According to design principle of the present invention, in implementation procedure, first the user of network service or application program are monitored, if the time interval of the communication of this user or application program is regular, add up the time interval of the data communication of this user and application program, and record time interval value.If the data that user user or application program on network send on network are randomness, count the signature identification that this user sends data, such as some the special identifier fields in user's IP address, port numbers or packet.In the time need to initiating the Denial of Service attack of low rate to this user or application program, the data traffic of network communication is monitored afterwards.When if this user or application program are regular transmission data, according to the user who collects in advance, send the time interval of data.First first packet that this user is sent to data carries out time synchronized, according to user, send afterwards the time interval of data, the regular Denial of Service attack to sending the short time on network, makes to occur on network that the time interval of Denial of Service attack effect and the time interval that this user normally sends data are in full accord.And the duration of this Denial of Service attack is very short, to meet the attack requirement of low rate.
If the data that user sends are not free interval rule, the data traffic in monitor network.Once the data that occur this user on discovering network, at current time, on network, initiate the Denial of Service attack of moment again, and after continuing a very short time interval, stop after Denial of Service attack continuing the communication flows of network to monitor.Because once user is subject to after service-denial attacks, data communication failure, according to the Design Mode of current network communication program, user all will certain interval of time after, therefore again again attempt to sending data on the net, now on network, only need to continue the communication flows in monitor network, until while again there is this user's communication data in network, again initiate the Denial of Service attack of moment, finally realize the low-speed denial of service attack effect to user or destination application.
The beneficial effect that the present invention reaches is:
(1), in attack process, needed Denial of Service attack flow is very little, the time of initiating Denial of Service attack on network is also very short, on the proper communication of network, obvious impact can be produced hardly, but the attack effect of denial of service can be reached to the user who is attacked.
(2), the attack method of application the present invention design, can for specific user or application program, launch a offensive flexibly, the Objective of attack is very accurate.
(3), the Denial of Service attack algorithm of application the present invention design; can either attack for packet or the program of some periodic communication on network; such as some network supervisors; on network, often some management packets can regularly be sent, to guarantee the normal operation of network management system.The Denial of Service attack method of application the present invention design, can be easy to realize the low-speed denial of service attack for this class application program, also can pass through the monitoring to network traffics simultaneously, the Denial of Service attack of low rate is carried out in realization to the application program of some random data that send, attack process is very flexible.
(4), the Denial of Service attack method of application the present invention design is very short in the duration of initiating Denial of Service attack, being difficult to use the conventional Denial of Service attack method based on flow to detect obtains, to the timing statistics sheet of checkout equipment, require shorter, this has also indirectly improved the difficulty detecting, and is a kind of very hidden method of Denial of Service attack cheaply.
Accompanying drawing explanation
Accompanying drawing is used to provide a further understanding of the present invention, and forms a part for specification, for explaining the present invention, is not construed as limiting the invention together with embodiments of the present invention.In the accompanying drawings:
Fig. 1 is low-speed denial of service attack stream product process schematic diagram.
Embodiment
Below in conjunction with accompanying drawing, the preferred embodiments of the present invention are described, should be appreciated that preferred embodiment described herein, only for description and interpretation the present invention, is not intended to limit the present invention.
embodiment 1
Low-speed denial of service attack for the application program in fixed communication cycle;
(1), on network the communication rule of monitoring objective application program, the fixed communication cycle of record object application program;
(2), when needs carry out low-speed denial of service attack for this application program, first set up synchronized relation with a communication data packet of this application program;
(3), Denial of Service attack program is according to synchronous timing node, with the time cycle of recording before, periodically sends Denial of Service attack data;
(4), the complete application program Denial of Service attack process for the fixed communication cycle.
embodiment 2
Application program Denial of Service attack example for irregular communication cycle.
(1), for the communication rule of destination application, analyze, determine that this application program is the unfixed application program of communication cycle;
(2), when needs carry out Denial of Service attack for this application program, first on network, monitor the field of some identifications in feature, IP address, port numbers or the packet of this application program;
(3), while there is the special identifier symbol of this destination application on network, on network, initiate the low-speed denial of service attack data of moment;
(4), Denial of Service attack program send data complete after, continue communication data stream in monitoring network, to the special identifier symbol to finding this new application program, continue to initiate the Denial of Service attack data of low rate.
Finally it should be noted that: the foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, although the present invention is had been described in detail with reference to previous embodiment, for a person skilled in the art, its technical scheme that still can record aforementioned each embodiment is modified, or part technical characterictic is wherein equal to replacement.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (2)
1. a method for the low-speed denial of service attack based on data traffic, is characterized in that, comprises the following steps:
(1) user of network service or application program are monitored: if targeted customer and application program are the fixed communication cycles, the fixed cycle of recording this signal procedure; If targeted customer or application program are irregular communication modes, record some the abnormal identification fields in abnormal IP address, port numbers or the communication data packet of this user program;
(2) data traffic of network communication is monitored: if when this targeted customer or application program are regular transmission data, according to the targeted customer who collects in advance, send the time interval of data, first first packet that this targeted customer is sent to data carries out time synchronized, according to targeted customer, send afterwards the time interval of data, the regular Denial of Service attack to sending the short time on network, makes to occur on network that the time interval of Denial of Service attack effect and the time interval that this targeted customer normally sends data are in full accord; If the data that targeted customer sends are not free interval rules, the data traffic in monitor network, once the data that occur this targeted customer on discovering network, immediately to the Denial of Service attack of initiating moment on network;
(3) stop after Denial of Service attack continuing the communication flows of network to monitor.
2. the method for a kind of low-speed denial of service attack based on data traffic according to claim 1, is characterized in that, in step (2), the time of initiating Denial of Service attack to network is less than 1ms.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310702530.6A CN103746965A (en) | 2013-12-19 | 2013-12-19 | Low-bitrate denial of service attack method based on data flow |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310702530.6A CN103746965A (en) | 2013-12-19 | 2013-12-19 | Low-bitrate denial of service attack method based on data flow |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103746965A true CN103746965A (en) | 2014-04-23 |
Family
ID=50503952
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310702530.6A Pending CN103746965A (en) | 2013-12-19 | 2013-12-19 | Low-bitrate denial of service attack method based on data flow |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103746965A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109040131A (en) * | 2018-09-20 | 2018-12-18 | 天津大学 | A kind of LDoS attack detection method under SDN environment |
| CN111444501A (en) * | 2020-03-16 | 2020-07-24 | 湖南大学 | L DoS attack detection method based on combination of Mel cepstrum and semi-space forest |
-
2013
- 2013-12-19 CN CN201310702530.6A patent/CN103746965A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109040131A (en) * | 2018-09-20 | 2018-12-18 | 天津大学 | A kind of LDoS attack detection method under SDN environment |
| CN111444501A (en) * | 2020-03-16 | 2020-07-24 | 湖南大学 | L DoS attack detection method based on combination of Mel cepstrum and semi-space forest |
| CN111444501B (en) * | 2020-03-16 | 2023-04-18 | 湖南大学 | LDoS attack detection method based on combination of Mel cepstrum and semi-space forest |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Qin et al. | DDoS attack detection using flow entropy and clustering technique | |
| CN102487339B (en) | Attack preventing method for network equipment and device | |
| Yang et al. | Intrusion detection system for IEC 60870-5-104 based SCADA networks | |
| KR101070614B1 (en) | Malicious traffic isolation system using botnet infomation and malicious traffic isolation method using botnet infomation | |
| CN1946077B (en) | System and method for detecting abnormal traffic based on early notification | |
| US8966627B2 (en) | Method and apparatus for defending distributed denial-of-service (DDoS) attack through abnormally terminated session | |
| KR100748246B1 (en) | Multi-step integrated security monitoring system and method using intrusion detection system log collection engine and traffic statistic generation engine | |
| CN100531073C (en) | Condition detection based protocol abnormity detecting method and system | |
| CN106357673A (en) | DDoS attack detecting method and DDoS attack detecting system of multi-tenant cloud computing system | |
| CN109600363A (en) | A kind of internet-of-things terminal network portrait and abnormal network access behavioral value method | |
| US8762515B2 (en) | Methods and systems for collection, tracking, and display of near real time multicast data | |
| CN101505219B (en) | Method and protecting apparatus for defending denial of service attack | |
| Agarwal et al. | Intrusion detection system for PS-Poll DoS attack in 802.11 networks using real time discrete event system | |
| CN101150586A (en) | CC attack prevention method and device | |
| CN105553974A (en) | Prevention method of HTTP slow attack | |
| CN106685984A (en) | Network threat analysis system and method based on data pocket capture technology | |
| US20110030059A1 (en) | Method for testing the security posture of a system | |
| CN105791027B (en) | A kind of detection method of industrial network abnormal interrupt | |
| CN103634166B (en) | Equipment survival detection method and equipment survival detection device | |
| CN103905456B (en) | DNS inverse solution attack detecting method based on entropy model | |
| Liu et al. | Real-time diagnosis of network anomaly based on statistical traffic analysis | |
| CN103746965A (en) | Low-bitrate denial of service attack method based on data flow | |
| CN113660216B (en) | Password attack detection method, device, electronic device and storage medium | |
| CN104660584B (en) | Analysis of Trojan Virus technology based on network session | |
| CN111654499B (en) | Method and device for identifying attack breach based on protocol stack |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140423 |