CN104158799A - HTTP DDOS defense method based on URL dynamic mapping - Google Patents
HTTP DDOS defense method based on URL dynamic mapping Download PDFInfo
- Publication number
- CN104158799A CN104158799A CN201410342795.4A CN201410342795A CN104158799A CN 104158799 A CN104158799 A CN 104158799A CN 201410342795 A CN201410342795 A CN 201410342795A CN 104158799 A CN104158799 A CN 104158799A
- Authority
- CN
- China
- Prior art keywords
- mapping
- url
- mapping address
- address
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses an HTTP DDOS defense method based on URL dynamic mapping. The HTTP DDOS defense method comprises the following steps: when a user visits a protected page, the IP and URL addresses are taken as parameters, real-time interaction with a database is carried out, and the mapping address is obtained from the database; the mapping address is sent to the client; the client uses the mapping address to request a dynamic URL defense server to re-visit; a WEB server receives the request, analyzes the mapping address, visits through the mapping address generated in real time, and the resource response is acquired if the mapping address corresponds. Compared with the prior art, through the URL dynamic mapping technology, when an attacker attacks, the attack resource cannot be accurately located, so that a normal user can effectively visit the application-level source, and the attack resistance of application-level HTTP service is improved; the attacker is prevented from attacking through a unitary code.
Description
Technical field
The present invention is directed to the common and obvious HTTP service of attack effect DDOS attack, proposed a kind of defence method based on URL dynamic mapping.
Background technology
Along with network application develops rapidly, assailant has turned to target of attack application or the service on network gradually, initiates application layer distributed denial of service attack (APP-DDOS).Because application layer protocol has diversity and complexity, application layer distributed denial of service attack is difficult to detect and defence.Therefore, APP-DDOS attacks the harm producing and attacks much larger than traditional DDOS, and in current application layer distributed denial of service attack, the most commonly HTTPDDOS attacks.
The research of most defense techniques of attacking for above-mentioned APP-DDOS at present; identification and filtration while focusing on attack stream arrival; less for the research of target of attack defence (reserved resource of taking measures on customs clearance before attack stream arrives, make assailant cannot accurately seat offence target).
Summary of the invention
The problem existing in order to overcome above-mentioned prior art, therefore, the present invention proposes a kind of HTTP-DDOS defence method based on URL dynamic mapping, utilize with dynamic mapping URL address, make the assailant cannot accurately seat offence target, reach the object that stops attack stream to occur.
A kind of HTTPDDOS defence method based on URL dynamic mapping that the present invention proposes, the method comprises the following steps:
When user accesses the protected page, using User IP, URL address as parameter, with a database real-time, interactive, from this database, obtain mapping address;
Mapping address is sent to client;
Client is used above-mentioned mapping address, and new access is thought highly of in request dynamic URL defence service;
WEB server receives this request, resolves mapping address, and the mapping address by real-time generation conducts interviews, and mapping address can obtain resource response in corresponding side.
Described mapping address is the cryptographic Hash of the User IP, URL parameter and the local time stamp that receive.
Described User IP adopts turing test algorithm to detect in real time, and the user by module testing just can obtain mapping address.
Take described each mapping address as major key, using described each User IP, URL as map field, form a mapping table in order to user rs authentication.
Compared with prior art, the present invention has following beneficial effect:
1), by URL dynamic mapping technology, make the assailant cannot accurately seat offence resource when launching a offensive, thereby guarantee the effective access of normal users to application layer resource, improved the attack tolerant of application layer HTTP service;
2) feature of, attacking for HTTPDDOS, from hiding the angle of real resource address, dynamic mapping is carried out in URL address, make the mapping address of the same page of different clients request all not identical, stoped assailant to launch a offensive by unified code.In the method, the query performance of mapping table is excellent, and client with WEB server end without for defending algorithm to make extra change, there is certain practical value.
Accompanying drawing explanation
Fig. 1 is the HTTPDDOS defence method schematic flow sheet that the present invention is based on URL dynamic mapping;
Fig. 2 is the HTTPDDOS defence method method schematic diagram that the present invention is based on URL dynamic mapping.
Embodiment
Initiate HTTP-DDOS attack need one correct, meet the URL address defining in internet standard RFC1738; Of the present invention is mainly for this URL address is proposed to a kind of protection mechanism, is attacked avoiding.
Below in conjunction with accompanying drawing, the embodiment of the present invention is further described.
As shown in Figure 2, a kind of HTTPDDOS defence method based on URL dynamic mapping, this flow process is summarized as follows:
When user accesses the protected page, trigger the JavaScript script of page link; Script is usingd User IP, URL address as parameter, by AJAX technology and database real-time, interactive, obtains mapping address; ;
Take this mapping address as major key, and User IP, URL deposit in a mapping table and prepare against and verify as field, and mapping address is sent to client;
Client is used above-mentioned mapping address, and request URL is accessed again;
Server receives this request, while resolving mapping address, only needs the record in question blank can determine real resource address, and each client only has the mapping address by real-time generation to conduct interviews could obtain resource response.
HTTPDDOS defence method based on URL dynamic mapping provided by the invention makes the mapping address that assailant cannot each puppet's machine of Real-time Obtaining, can not by unified attack code, mobilize DDOS to attack.And the present invention is in order to prevent program flood model attack defending algorithm, whether normally adopt turing test module to detect each IP, only have the user by module testing just can obtain mapping address, thereby guaranteed the effective access of normal users to application layer resource, greatly improved the attack tolerant of application layer HTTP service.
HTTPDDOS defence method based on URL dynamic mapping as shown in Figure 2; when accessing the protected page, user obtains mapping address by real-time, interactive; dynamically URL defence server is using the mapping address receiving as input value; with hash function, generate cryptographic Hash as output mapping address, and send to client.Client is used above-mentioned mapping address request dynamic URL defence service to think highly of new access, when dynamic URL defence server parses mapping address, according to the record in mapping table, resource address corresponding to mapping address extracted and send to rear end WEB server zone, thereby Gains resources address response, is further responded and is replied to client by mapping address.
The above, it is only preferred embodiment of the present invention, be used for helping to understand method of the present invention and core concept, for one of ordinary skill in the art, according to thought of the present invention, this description all will change in specific embodiments and applications, so should not be construed as limitation of the present invention.
Claims (4)
1. the HTTPDDOS defence method based on URL dynamic mapping, is characterized in that, the method comprises the following steps:
When user accesses the protected page, using User IP, URL address as parameter, with a database real-time, interactive, from this database, obtain mapping address;
Mapping address is sent to client;
Client is used above-mentioned mapping address, and new access is thought highly of in request dynamic URL defence service;
WEB server receives this request, resolves mapping address, and the mapping address by real-time generation conducts interviews, and mapping address can obtain resource response in corresponding side.
2. a kind of HTTPDDOS defence method based on URL dynamic mapping as claimed in claim 1, is characterized in that, described mapping address is the cryptographic Hash of the User IP, URL parameter and the local time stamp that receive.
3. a kind of HTTPDDOS defence method based on URL dynamic mapping as claimed in claim 1, is characterized in that, described User IP adopts turing test algorithm to detect in real time, and the user by module testing just can obtain mapping address.
4. a kind of HTTPDDOS defence method based on URL dynamic mapping as claimed in claim 1, is characterized in that, take described each mapping address as major key, using described each User IP, URL as map field, form a mapping table in order to user rs authentication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410342795.4A CN104158799A (en) | 2014-07-17 | 2014-07-17 | HTTP DDOS defense method based on URL dynamic mapping |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410342795.4A CN104158799A (en) | 2014-07-17 | 2014-07-17 | HTTP DDOS defense method based on URL dynamic mapping |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104158799A true CN104158799A (en) | 2014-11-19 |
Family
ID=51884204
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410342795.4A Pending CN104158799A (en) | 2014-07-17 | 2014-07-17 | HTTP DDOS defense method based on URL dynamic mapping |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104158799A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104954384A (en) * | 2015-06-24 | 2015-09-30 | 浙江大学 | Url (uniform resource locator) pseudo method for protecting Web application security |
| CN106657074A (en) * | 2016-12-26 | 2017-05-10 | 上海斐讯数据通信技术有限公司 | URL camouflage and hidden parameter transmission method and system |
| CN106657044A (en) * | 2016-12-12 | 2017-05-10 | 杭州电子科技大学 | Webpage address hopping method for improving security defense of website system |
| CN105429953B (en) * | 2015-10-30 | 2018-11-13 | 上海红神信息技术有限公司 | A kind of methods, devices and systems for accessing website |
| CN109309677A (en) * | 2018-09-28 | 2019-02-05 | 杭州电子科技大学 | A kind of Web application dynamic security method based on semanteme collaboration |
| CN109561102A (en) * | 2018-12-26 | 2019-04-02 | 国网思极网安科技(北京)有限公司 | Dynamic security method is virtualized for the URL of automation attack |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070022479A1 (en) * | 2005-07-21 | 2007-01-25 | Somsubhra Sikdar | Network interface and firewall device |
| CN102638474A (en) * | 2012-05-08 | 2012-08-15 | 山东大学 | Application layer DDOS (distributed denial of service) attack and defense method |
-
2014
- 2014-07-17 CN CN201410342795.4A patent/CN104158799A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070022479A1 (en) * | 2005-07-21 | 2007-01-25 | Somsubhra Sikdar | Network interface and firewall device |
| CN102638474A (en) * | 2012-05-08 | 2012-08-15 | 山东大学 | Application layer DDOS (distributed denial of service) attack and defense method |
Non-Patent Citations (3)
| Title |
|---|
| PING DU ET AL: "DDoS Defense as a Network Service", 《2010 IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM》 * |
| PING DU ET AL: "Mantlet Trilogy: DDoS Defense Deployable with", 《COMPUTER COMMUNICATIONS AND NETWORKS》 * |
| 魏冰等: "基于验证机制的应用层DDoS 攻击防御方法", 《计算机工程与设计》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104954384A (en) * | 2015-06-24 | 2015-09-30 | 浙江大学 | Url (uniform resource locator) pseudo method for protecting Web application security |
| CN104954384B (en) * | 2015-06-24 | 2018-04-27 | 浙江大学 | A kind of url mimicry methods of protection Web applications safety |
| CN105429953B (en) * | 2015-10-30 | 2018-11-13 | 上海红神信息技术有限公司 | A kind of methods, devices and systems for accessing website |
| CN106657044A (en) * | 2016-12-12 | 2017-05-10 | 杭州电子科技大学 | Webpage address hopping method for improving security defense of website system |
| CN106657074A (en) * | 2016-12-26 | 2017-05-10 | 上海斐讯数据通信技术有限公司 | URL camouflage and hidden parameter transmission method and system |
| CN109309677A (en) * | 2018-09-28 | 2019-02-05 | 杭州电子科技大学 | A kind of Web application dynamic security method based on semanteme collaboration |
| CN109561102A (en) * | 2018-12-26 | 2019-04-02 | 国网思极网安科技(北京)有限公司 | Dynamic security method is virtualized for the URL of automation attack |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11122067B2 (en) | Methods for detecting and mitigating malicious network behavior and devices thereof | |
| Kührer et al. | Going wild: Large-scale classification of open DNS resolvers | |
| Passerini et al. | Fluxor: Detecting and monitoring fast-flux service networks | |
| CN104158799A (en) | HTTP DDOS defense method based on URL dynamic mapping | |
| US7620733B1 (en) | DNS anti-spoofing using UDP | |
| Yang et al. | Defense of DDoS attack for cloud computing | |
| US8561188B1 (en) | Command and control channel detection with query string signature | |
| WO2018121331A1 (en) | Attack request determination method, apparatus and server | |
| US8578468B1 (en) | Multi-factor client authentication | |
| Arukonda et al. | The innocent perpetrators: reflectors and reflection attacks | |
| Satam et al. | Anomaly Behavior Analysis of DNS Protocol. | |
| CN102571846A (en) | Method and device for forwarding hyper text transport protocol (HTTP) request | |
| CN103139138A (en) | Application layer denial of service (DoS) protective method and system based on client detection | |
| CN105635064B (en) | CSRF attack detection method and device | |
| CN111565203B (en) | Method, device and system for protecting service request and computer equipment | |
| Song et al. | DS‐ARP: A New Detection Scheme for ARP Spoofing Attacks Based on Routing Trace for Ubiquitous Environments | |
| Shiaeles et al. | FHSD: an improved IP spoof detection method for web DDoS attacks | |
| JP2017534110A (en) | Apparatus and method for identifying resource exhaustion attack of domain name system | |
| US10764307B2 (en) | Extracted data classification to determine if a DNS packet is malicious | |
| CN110177103B (en) | Dynamic web security protection method and system based on webpage address conversion | |
| US11658995B1 (en) | Methods for dynamically mitigating network attacks and devices thereof | |
| Satam et al. | Dns-ids: Securing dns in the cloud era | |
| CN106453598B (en) | A kind of scan agent method based on http protocol | |
| US10320784B1 (en) | Methods for utilizing fingerprinting to manage network security and devices thereof | |
| Zunnurhain | Fapa: a model to prevent flooding attacks in clouds |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20141119 |
|
| WD01 | Invention patent application deemed withdrawn after publication |