CN103856487A - Method and system for protecting authorization DNS - Google Patents
Method and system for protecting authorization DNS Download PDFInfo
- Publication number
- CN103856487A CN103856487A CN201410071551.7A CN201410071551A CN103856487A CN 103856487 A CN103856487 A CN 103856487A CN 201410071551 A CN201410071551 A CN 201410071551A CN 103856487 A CN103856487 A CN 103856487A
- Authority
- CN
- China
- Prior art keywords
- request message
- dns
- dns request
- white list
- feature detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and system for protecting an authorization DNS. The method comprises the steps that DNS request messages are received; the DNS request messages are screened, and the DNS request messages with source IPs not located in an IP white list are discarded through an IP white list established in a traversing mode; characteristic detecting is carried out on the screened DNS request messages with the source IPs located in the IP white list; the DNS request messages passing the characteristic detecting are forwarded to a DNS server. The system comprises a DNS request message receiving unit, a DNS request message screening unit, a DNS request message detecting unit and a DNS request message forwarding unit. The DNS messages with a large number of forged source ports are primarily screened and removed through the IP white list of an ISP, then a DNS protection module is called to carry out characteristic detecting on the screened DNS messages, and therefore the protection degree for the authorization DNS is effectively improved.
Description
Technical field
The invention belongs to computer network guard technology field, be specifically related to a kind of means of defence and system to Authorized Domain dns server.
Background technology
DNS Query Flood, be that DNS inquiry is attacked, it attacks the method adopting is to send a large amount of domain name mapping requests to the server of being attacked, conventionally the domain name of request analysis be random generate or network on non-existent domain name at all, first the dns server of being attacked can be searched and whether have corresponding buffer memory in receiving domain name mapping request on server, if search less than and this domain name cannot be directly by server parses time, dns server can be to its upper strata dns server recursive query domain-name information.The process of domain name mapping has been brought very large load to server, and domain name mapping request each second exceedes certain quantity and will cause dns server parsing domain name overtime.
At present, all can carry out the flow process of DNS Query Flood feature detection to the DNS message of any source IP, to improve the reliability to the protection of Authorized Domain dns server.But because the attack pattern of DNS Query Flood is normally attacked dns server by the DNS attack message that sends a large amount of forgery source ports, therefore the protection method that the DNS message of any source IP is carried out to feature detection will certainly increase the data processing amount of DNS system, and then greatly reduces the disposal ability to DNS Query Flood.
Therefore, be necessary to provide a kind of means of defence and system to Authorized Domain dns server, can first carry out preliminary screening eliminating to the DNS attack message of a large amount of forgery source ports, thereby alleviate the data processing pressure of DNS system, improve the protection dynamics to Authorized Domain dns server.
Summary of the invention
The object of this invention is to provide a kind of means of defence and system to Authorized Domain dns server, first the DNS attack message of a large amount of forgery source ports being carried out to preliminary screening gets rid of, again garbled DNS attack message is carried out to feature detection, alleviate the data processing pressure of DNS system, and effectively improved the protection dynamics to Authorized Domain dns server.
According to an aspect of the present invention, provide a kind of means of defence to Authorized Domain dns server, comprise the following steps: receive DNS request message; Screening DNS request message, the IP white list table of setting up by traversal, whether the source IP that judges described DNS request message is in described IP white list table, and the source IP of abandoning is the DNS request message in IP white list table not; The DNS request message of the source IP that screening is passed through in IP white list table carries out feature detection; DNS request message by described feature detection is transmitted to described dns server.
Wherein, in foregoing invention, the IP white list table of described foundation comprises all ISP supplier's IP white list.
Wherein, in foregoing invention, described in abandon the not DNS request message in IP white list table of source IP, comprising: the source IP of abandoning is the DNS request message in IP white list table not, and this DNS request message carried out to alarm log recording processing.
Wherein, in foregoing invention, the DNS request message of the described source IP that screening is passed through in IP white list table carries out feature detection, comprising: the DNS request message to source IP in IP white list table carries out DNS threshold values statistics; If the message amount of statistics exceedes the threshold values of initial setting in the unit interval, show that this DNS request message does not pass through feature detection; If the message amount of statistics does not exceed the threshold values of initial setting in the unit interval, show that this DNS request message passes through feature detection.
Wherein, in foregoing invention, to not by the DNS request message of feature detection, carry out discard processing, and this DNS request message is carried out to alarm log recording processing.
Wherein, in foregoing invention, the screening of described DNS request message is completed by DNS fire compartment wall, and the feature detection of described DNS request message is completed by DNS protection module.
According to another aspect of the present invention, provide a kind of guard system to Authorized Domain dns server, comprising: DNS request message receiving element, for receiving the DNS request message that mails to described dns server; DNS request message screening unit, for the IP white list table of setting up by traversal, the source IP of abandoning is the DNS request message in IP white list table not; DNS request message detecting unit, carries out feature detection for the source IP that DNS request message screening sieve unit gating is crossed at the DNS request message of IP white list table; DNS request message retransmission unit, for being transmitted to described dns server by the DNS request message detecting by DNS request message detecting unit.
Wherein, in foregoing invention, the IP white list table of described DNS request message screening unit traversal comprises all ISP supplier's IP white list.
Wherein, in foregoing invention, described DNS request message detecting unit carries out feature detection by the mode of the DNS threshold values of statistics DNS request message to it; If the message amount of statistics exceedes the threshold values of initial setting in the unit interval, show that this DNS request message does not pass through feature detection; If the message amount of statistics does not exceed the threshold values of initial setting in the unit interval, show that this DNS request message passes through feature detection.
Wherein, in foregoing invention, described DNS request message screening unit comprises DNS fire compartment wall, and DNS fire compartment wall is for screening DNS request message, and by not carrying out discard processing by the DNS request message of screening, carried out alarm log recording processing simultaneously.Described DNS request message detecting unit comprises DNS protection module, and DNS protection module is for carrying out feature detection to DNS request message, and the DNS request message by feature detection is not carried out to discard processing, is carried out alarm log recording processing simultaneously.
According to a kind of means of defence and system to Authorized Domain dns server of the present invention, first utilize ISP supplier's IP white list table to carry out preliminary screening eliminating to the DNS message of a large amount of forgery source ports, call again DNS protection module and carry out feature detection to screening the DNS message passing through, feature detection by rear just can be by DNS message repeating to dns server, alleviate the data processing pressure of DNS system, and effectively improved the protection dynamics to Authorized Domain dns server.
Brief description of the drawings
Fig. 1 has shown the schematic diagram of the means of defence to Authorized Domain dns server of the embodiment of the present invention;
Fig. 2 has shown the flow chart of the means of defence to Authorized Domain dns server of the embodiment of the present invention;
Fig. 3 has shown the flow chart of the detection DNS request message of the embodiment of the present invention;
Fig. 4 has shown the block diagram of the guard system to Authorized Domain dns server of the embodiment of the present invention.
Embodiment
For making the object, technical solutions and advantages of the present invention more cheer and bright, below in conjunction with embodiment and with reference to accompanying drawing, the present invention is described in more detail.Should be appreciated that, these descriptions are exemplary, and do not really want to limit the scope of the invention.In addition, in the following description, omitted the description to known features and technology, to avoid unnecessarily obscuring concept of the present invention.
Below the technical term the present invention relates to is given an explaination.
DNS:DNS is name server (Domain Name server), on Internet, between domain name and IP address, be one to one, although domain name is convenient to people's memory, but can only be familiar with mutually IP address between machine, conversion work between them is called domain name mapping, domain name mapping need to be completed by special domain name resolution server, and DNS is exactly the server that carries out domain name mapping.
ISP supplier: ISP is the abbreviation of Internet server Provider, and ISP supplier comprehensively provides Internet access business, information service and value-added service to users.
Fig. 1 has shown the schematic diagram of the means of defence to Authorized Domain dns server of the embodiment of the present invention.
As shown in Figure 1, the DNS request message that is sent to Authorized Domain dns server is tackled after acceptance by fire compartment wall, first carry out Screening Treatment, utilize the IP white list table being formed by all ISP supplier's IP white list to investigate DNS request message, and then by protection module to by screening DNS request message carry out feature detection investigation, the DNS request message that feature detection is passed through just can be forwarded to dns server, by dns server, DNS is asked to make corresponding processing, this protection method to Authorized Domain dns server has reduced the resource consumption of the DNS message aggression of a large amount of stochastic source ports, there is efficient protective capacities.
Fig. 2 has shown the flow chart of the means of defence to Authorized Domain dns server of the embodiment of the present invention.
As shown in Figure 2, the means of defence to Authorized Domain dns server of the embodiment of the present invention, comprises the following steps:
Step S1, receives DNS request message.
Conventionally, first the request message that mails to Authorized Domain dns server can be authorized to territory DNS fire compartment wall interception, by DNS fire compartment wall, DNS request message is carried out to preliminary safety detection, detect by after mail to again special protection module and detect or directly mail to dns server.In network, attacker can pass through software, sends the DNS attack message of a large amount of stochastic source IP, and DNS fire compartment wall can receive these DNS request messages, and it is carried out to safety detection.
Step S2, screening DNS request message, the IP white list table of setting up by traversal, whether the source IP that judges described DNS request message is in described IP white list table, and the source IP of abandoning is the DNS request message in IP white list table not.
After DNS fire compartment wall receives the DNS request message that mails to dns server, can travel through the IP white list table of foundation, whether the source IP that judges DNS request message is in described IP white list table, and IP white list table is the summation of all ISP supplier's IP white list.According to traversing result, DNS request message is screened, specifically, the DNS request message of reservation source IP on IP white list table, the source IP of abandoning is the DNS request message on IP white list table not, preferably, not in the DNS request message in IP white list table, charged to alarm log at the source IP of abandoning.
By the screening to DNS request message, can screen out the DNS request message of a large amount of stochastic source IP, reduce the data processing amount of the DNS request message of DNS system.
Step S3, the DNS request message of the source IP that screening is passed through in IP white list table carries out feature detection.
Through the screening of DNS request message in step S2, the DNS request message of a large amount of stochastic source IP is dropped.But the DNS request message that still exists some to pass through screening, the DNS request message to these by screening must be got rid of by feature detection, to improve the protection reliability of dns server.
Step S4, is transmitted to dns server by the DNS request message by described feature detection.
After the screening of step S2DNS request message and the feature detection of step S3DNS request message, the DNS request message not being dropped can be determined and is not attack message, the DNS request message of these reservations will be forwarded to dns server, complete request task.
Adopt above-mentioned flow process, can in step S2, tentatively screen out the DNS request message of a large amount of stochastic source IP, alleviate the data processing pressure of DNS system, thereby improved the data-handling capacity of dns server, realized high efficiency protection dns server.
Fig. 3 has shown the flow chart of the detection DNS request message of the embodiment of the present invention.
As shown in Figure 3, in the step of the detection DNS of embodiment of the present invention request message, the DNS request message that DNS protection module passes through screening carries out DNS threshold values statistics, the threshold values of the statistical value of DNS threshold values and systemic presupposition is compared, and determine according to comparison value whether DNS request message passes through feature detection.
Specifically, if the message amount of statistics exceedes the threshold values of initial setting in the unit interval, show that this DNS request message is not by the feature detection of DNS protection module, it is carried out discard processing, preferably, when the unsanctioned DNS request message of feature detection is carried out to discard processing, this DNS request message is carried out to alarm log recording processing; If the message amount of statistics does not exceed the threshold values of initial setting in the unit interval, show that this DNS request message, by the feature detection of DNS protection module, can be forwarded to dns server.
By above-mentioned, DNS request message after screening is carried out to further feature detection, realized the effective protection to Authorized Domain dns server, prevented that DNS Query Flood from attacking.
Fig. 4 has shown the block diagram of the guard system to Authorized Domain dns server of the embodiment of the present invention.
As shown in Figure 4, the guard system to Authorized Domain dns server of the embodiment of the present invention, comprising: DNS request message receiving element 1, the screening of DNS request message unit 2, DNS request message detecting unit 3 and DNS request message retransmission unit 4.
DNS request message receiving element 1, for receiving the DNS request message that mails to dns server.
DNS request message screening unit 2, DNS request message screening unit, for the IP white list table of setting up by traversal, the source IP of abandoning is the DNS request message in IP white list table not, it comprises DNS fire compartment wall, DNS fire compartment wall is used for DNS request message to screen, and by not carrying out discard processing by the DNS request message of screening, is carried out alarm log recording processing simultaneously.Wherein, the IP white list table that DNS request message screening unit 2 travels through comprises all ISP supplier's IP white list, by the IP white list that utilizes all ISP supplier, DNS request message is investigated, and can delete the DNS request message of a large amount of stochastic source IP.
DNS request message detecting unit 3, for being screened to the source IP passing through, DNS request message screening unit 2 carries out feature detection at the DNS request message of IP white list table, it comprises DNS protection module, DNS protection module is for carrying out feature detection to DNS request message, and the DNS request message by feature detection is not carried out to discard processing, carried out alarm log recording processing simultaneously.Specifically, the DNS threshold values of DNS protection module statistics DNS request message also compares statistical value and initial set value DNS request message is carried out to feature detection, if the message amount of statistics exceedes the threshold values of initial setting in the unit interval, show that this DNS request message is not by the feature detection of DNS protection module, it is carried out discard processing and is credited to alarm log; If the message amount of adding up in the unit interval does not exceed the threshold values of initial setting, show that this DNS request message passes through the feature detection of DNS protection module, can determine that it is not attack message.
DNS request message retransmission unit 4, for being transmitted to dns server by the DNS request message detecting by DNS request message detecting unit.DNS request message must, after the screening screening of unit 2 of DNS request message and the detection of DNS request message detecting unit 3, can be forwarded to dns server.
As mentioned above, according to a kind of means of defence and system to Authorized Domain dns server of the present invention, first utilize ISP supplier's IP white list table to carry out preliminary screening eliminating to the DNS message of a large amount of forgery source ports, call again DNS protection module and carry out feature detection to screening the DNS message passing through, feature detection by rear just can be by DNS message repeating to dns server, alleviate the data processing pressure of DNS system, and effectively improved the protection dynamics to Authorized Domain dns server.
Should be noted that, means of defence of the present invention and system are only for specific Authorized Domain DNS firewall configuration, if the above-mentioned means of defence of DNS firewall configuration or the system in unauthorized territory, thereby can cause the DNS request of local address or other non-ISP source IP to think that attack message is abandoned, but for Authorized Domain dns server, but greatly improve the protective capacities of dns server.
Should be understood that, above-mentioned embodiment of the present invention is only for exemplary illustration or explain principle of the present invention, and is not construed as limiting the invention.Therefore any amendment of, making, be equal to replacement, improvement etc., within protection scope of the present invention all should be included in without departing from the spirit and scope of the present invention in the situation that.In addition, claims of the present invention are intended to contain whole variations and the modification in the equivalents that falls into claims scope and border or this scope and border.
Claims (10)
1. the means of defence to Authorized Domain dns server, is characterized in that, comprises the following steps:
Receive DNS request message;
Screening DNS request message, the IP white list table of setting up by traversal, whether the source IP that judges described DNS request message is in described IP white list table, and the source IP of abandoning is the DNS request message in IP white list table not;
The DNS request message of the source IP that screening is passed through in IP white list table carries out feature detection;
DNS request message by described feature detection is transmitted to described dns server.
2. means of defence according to claim 1, is characterized in that, the IP white list table of described foundation comprises all ISP supplier's IP white list.
3. means of defence according to claim 1, it is characterized in that, the described not DNS request message in IP white list table of source IP that abandons, comprising: the source IP of abandoning is the DNS request message in IP white list table not, and this DNS request message is carried out to alarm log recording processing.
4. means of defence according to claim 1, is characterized in that, the DNS request message of the described source IP that screening is passed through in IP white list table carries out feature detection, comprising:
DNS request message to source IP in IP white list table carries out DNS threshold values statistics;
If the message amount of statistics exceedes the threshold values of initial setting in the unit interval, show that this DNS request message does not pass through feature detection;
If the message amount of statistics does not exceed the threshold values of initial setting in the unit interval, show that this DNS request message passes through feature detection.
5. means of defence according to claim 4, is characterized in that, to not by the DNS request message of feature detection, carries out discard processing, and this DNS request message is carried out to alarm log recording processing.
6. according to the means of defence described in any one in claim 1 to 5, it is characterized in that, the screening of described DNS request message is completed by DNS fire compartment wall, and the feature detection of described DNS request message is completed by DNS protection module.
7. the guard system to Authorized Domain dns server, is characterized in that, comprising:
DNS request message receiving element (1), for receiving the DNS request message that mails to described dns server;
DNS request message screening unit (2), for the IP white list table of setting up by traversal, the source IP of abandoning is the DNS request message in IP white list table not;
DNS request message detecting unit (3), carries out feature detection for DNS request message screening unit (2) is screened to the source IP passing through at the DNS request message of IP white list table;
DNS request message retransmission unit (4), for being transmitted to described dns server by the DNS request message detecting by DNS request message detecting unit (3).
8. guard system according to claim 7, is characterized in that, the IP white list table of described DNS request message screening unit (2) traversal comprises all ISP supplier's IP white list.
9. guard system according to claim 7, is characterized in that, described DNS request message detecting unit (3) carries out feature detection by the mode of the DNS threshold values of statistics DNS request message to it;
If the message amount of statistics exceedes the threshold values of initial setting in the unit interval, show that this DNS request message does not pass through feature detection;
If the message amount of statistics does not exceed the threshold values of initial setting in the unit interval, show that this DNS request message passes through feature detection.
10. according to the guard system described in any one in claim 7 to 9, it is characterized in that, described DNS request message screening unit (2) comprises DNS fire compartment wall, DNS fire compartment wall is for screening DNS request message, and by not carrying out discard processing by the DNS request message of screening, carried out alarm log recording processing simultaneously.
Described DNS request message detecting unit (3) comprises DNS protection module, and DNS protection module is for carrying out feature detection to DNS request message, and the DNS request message by feature detection is not carried out to discard processing, is carried out alarm log recording processing simultaneously.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410071551.7A CN103856487A (en) | 2014-02-28 | 2014-02-28 | Method and system for protecting authorization DNS |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410071551.7A CN103856487A (en) | 2014-02-28 | 2014-02-28 | Method and system for protecting authorization DNS |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103856487A true CN103856487A (en) | 2014-06-11 |
Family
ID=50863701
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410071551.7A Pending CN103856487A (en) | 2014-02-28 | 2014-02-28 | Method and system for protecting authorization DNS |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103856487A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104168339A (en) * | 2014-06-30 | 2014-11-26 | 汉柏科技有限公司 | Method and device for preventing domain name from being intercepted |
| CN106130962A (en) * | 2016-06-13 | 2016-11-16 | 浙江宇视科技有限公司 | A kind of message processing method and device |
| WO2017024977A1 (en) * | 2015-08-13 | 2017-02-16 | 阿里巴巴集团控股有限公司 | Network attack prevention method, apparatus and system |
| CN106899557A (en) * | 2015-12-21 | 2017-06-27 | 北京奇虎科技有限公司 | The defence method and device of domain name system |
| CN108289084A (en) * | 2017-01-10 | 2018-07-17 | 阿里巴巴集团控股有限公司 | The blocking-up method and device and non-transient computer readable storage medium of flowing of access |
| CN110022301A (en) * | 2019-03-07 | 2019-07-16 | 北京华安普特网络科技有限公司 | Firewall is used in internet of things equipment protection |
| CN114157635A (en) * | 2020-09-07 | 2022-03-08 | 中国移动通信集团湖南有限公司 | Domain name back-source method and device for content distribution network, equipment and storage medium |
| TWI787168B (en) * | 2017-01-19 | 2022-12-21 | 香港商阿里巴巴集團服務有限公司 | Defense method, device and system for network attack |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101902456A (en) * | 2010-02-09 | 2010-12-01 | 北京启明星辰信息技术股份有限公司 | Safety defense system of Website |
| CN102045331A (en) * | 2009-10-22 | 2011-05-04 | 成都市华为赛门铁克科技有限公司 | Method, device and system for processing inquiry request message |
-
2014
- 2014-02-28 CN CN201410071551.7A patent/CN103856487A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102045331A (en) * | 2009-10-22 | 2011-05-04 | 成都市华为赛门铁克科技有限公司 | Method, device and system for processing inquiry request message |
| CN101902456A (en) * | 2010-02-09 | 2010-12-01 | 北京启明星辰信息技术股份有限公司 | Safety defense system of Website |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104168339A (en) * | 2014-06-30 | 2014-11-26 | 汉柏科技有限公司 | Method and device for preventing domain name from being intercepted |
| WO2017024977A1 (en) * | 2015-08-13 | 2017-02-16 | 阿里巴巴集团控股有限公司 | Network attack prevention method, apparatus and system |
| CN106453215A (en) * | 2015-08-13 | 2017-02-22 | 阿里巴巴集团控股有限公司 | Method, device and system for network attack defense |
| CN106453215B (en) * | 2015-08-13 | 2019-09-10 | 阿里巴巴集团控股有限公司 | A kind of defence method of network attack, apparatus and system |
| CN106899557A (en) * | 2015-12-21 | 2017-06-27 | 北京奇虎科技有限公司 | The defence method and device of domain name system |
| CN106130962A (en) * | 2016-06-13 | 2016-11-16 | 浙江宇视科技有限公司 | A kind of message processing method and device |
| CN106130962B (en) * | 2016-06-13 | 2020-01-14 | 浙江宇视科技有限公司 | Message processing method and device |
| CN108289084A (en) * | 2017-01-10 | 2018-07-17 | 阿里巴巴集团控股有限公司 | The blocking-up method and device and non-transient computer readable storage medium of flowing of access |
| TWI787168B (en) * | 2017-01-19 | 2022-12-21 | 香港商阿里巴巴集團服務有限公司 | Defense method, device and system for network attack |
| CN110022301A (en) * | 2019-03-07 | 2019-07-16 | 北京华安普特网络科技有限公司 | Firewall is used in internet of things equipment protection |
| CN114157635A (en) * | 2020-09-07 | 2022-03-08 | 中国移动通信集团湖南有限公司 | Domain name back-source method and device for content distribution network, equipment and storage medium |
| CN114157635B (en) * | 2020-09-07 | 2023-08-15 | 中国移动通信集团湖南有限公司 | Domain name back-source method and device for content distribution network, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103856487A (en) | Method and system for protecting authorization DNS | |
| CN109951500B (en) | Network attack detection method and device | |
| US11797671B2 (en) | Cyberanalysis workflow acceleration | |
| US7854001B1 (en) | Aggregation-based phishing site detection | |
| KR100800370B1 (en) | Network attack signature generation | |
| US7949716B2 (en) | Correlation and analysis of entity attributes | |
| Passerini et al. | Fluxor: Detecting and monitoring fast-flux service networks | |
| CN103152357B (en) | A kind of defence method for DNS service, device and system | |
| US7899849B2 (en) | Distributed security provisioning | |
| US7779156B2 (en) | Reputation based load balancing | |
| US9215242B2 (en) | Methods and systems for preventing unauthorized acquisition of user information | |
| US20150350229A1 (en) | Network Threat Detection and Mitigation Using a Domain Name Service and Network Transaction Data | |
| KR101217647B1 (en) | Method and apparatus for defending against denial of service attacks in IP networks based on specified source/destination IP address pairs | |
| US20110296519A1 (en) | Reputation based connection control | |
| Ganesh Kumar et al. | Improved network traffic by attacking denial of service to protect resource using Z-test based 4-tier geomark traceback (Z4TGT) | |
| US20140047543A1 (en) | Apparatus and method for detecting http botnet based on densities of web transactions | |
| US9300684B2 (en) | Methods and systems for statistical aberrant behavior detection of time-series data | |
| CN1794661A (en) | Network performance analysis report system based on IPv6 and its implementing method | |
| CN103746996A (en) | Packet filtering method for firewall | |
| CN104219200A (en) | Device and method for protection from DNS cache attack | |
| CN106850647B (en) | Malicious domain name detection algorithm based on DNS request period | |
| KR20080026122A (en) | Method for defending against denial of service attacks in ip networks by target victim self-identification and control | |
| CN106961422B (en) | Mimicry security method and device of DNS recursive server | |
| CN101217547A (en) | A flood request attaching filtering method based on the stateless of open source core | |
| Xu et al. | We know it before you do: predicting malicious domains |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140611 |
|
| RJ01 | Rejection of invention patent application after publication |