CN106131083A - A kind of attack message detection and take precautions against method and switch - Google Patents
A kind of attack message detection and take precautions against method and switch Download PDFInfo
- Publication number
- CN106131083A CN106131083A CN201610770488.5A CN201610770488A CN106131083A CN 106131083 A CN106131083 A CN 106131083A CN 201610770488 A CN201610770488 A CN 201610770488A CN 106131083 A CN106131083 A CN 106131083A
- Authority
- CN
- China
- Prior art keywords
- attack message
- attack
- message
- acl rule
- cycle time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Embodiments provide the detection of a kind of attack message and the method taken precautions against and switch.Described method includes: is configured to mate the access control list ACL rule of attack message, and arranges statistics labelling and the initial value of packet accouter in described acl rule;Issue described acl rule in the hardware table item of exchange chip;According to described statistics labelling, the attack message matched with described acl rule received is added up and is saved in described packet accouter;According to the setting cycle time, read the current statistic value of described packet accouter and preserve, current statistic value according to described packet accouter calculates the attack strength of attack message described in the setting cycle time, issue the process strategy of attack message according to this attack strength, improve reliability attack message being detected and taking precautions against.
Description
Technical field
The present invention relates to data communication technology field, in particular to the detection of a kind of attack message and the method for strick precaution
And switch.
Background technology
Along with the increase of number of network users and the raising to business diversity requirements, the problem day of exchanger switch-in security
Benefit is prominent.Attack detecting on switch, the central processing unit (CPU) and the exchange chip that rely primarily on switch complete.Hand over
Attack message is also taken precautions against by upper record attack detecting of changing planes, it is necessary first to all of message is transferred to the CPU of switch, with
Capture the feature of message.Then analyze message by the CPU of switch and statistics is carried out output journal information and recorded daily record
Server.The method causes serious burden to the CPU of switch.Secondly, attack message is not done unified by the method
Strategy processes, and simply have recorded daily record.Additionally, the another kind of attack detection method on switch is made by the characteristic of exchange chip
Carry out the number of statistical attack message and feed back to user.The method has simply let the user know that the source of attack message and attack
Intensity, does not formulate corresponding strategies and processes attack source.
Summary of the invention
The invention provides the detection of a kind of attack message and the method taken precautions against and switch, it is intended to improve attack message is entered
Row detection accuracy and carry out the reliability taken precautions against.
First aspect, the method that a kind of attack message that the embodiment of the present invention provides detects and takes precautions against, described method includes:
It is configured to mate the access control list ACL rule of attack message, and statistics mark is set in described acl rule
Note and the initial value of packet accouter;Wherein, described statistics labelling is for identifying the attack matched with described acl rule
Message is added up, and described packet accouter is for preserving the statistical value of the attack message matched with described acl rule;
Issue described acl rule in the hardware table item of exchange chip;
According to described statistics labelling, the attack message matched with described acl rule received is added up and protected
It is stored in described packet accouter;
According to the setting cycle time, read the current statistic value of described packet accouter and preserve, according to described message meter
The current statistic value of number device calculates the attack strength of attack message described in the setting cycle time, issues attack according to this attack strength
The process strategy of message.
Preferably, the described current statistic value according to described packet accouter calculates attack message described in the setting cycle time
The step of attack strength, concrete grammar includes:
Current statistic value according to described packet accouter, is carried out with the historical statistics value of the described packet accouter preserved
Mathematic interpolation, draws the intensity of the attack message matched in the setting cycle time with described acl rule according to result of calculation.
Preferably, described in draw the intensity of the attack message matched in the setting cycle time with described acl rule, according to
This attack strength issues the process strategy of attack message, and concrete grammar includes:
When the attack message in the described setting cycle time result of calculation less than or equal to the first predetermined number time, issue by
The characteristic information of described attack message recorded local daily record and abandons the process strategy of this attack message.
Preferably, described in draw the intensity of the attack message matched in the setting cycle time with described acl rule, according to
This attack strength issues the process strategy of attack message, and concrete grammar includes:
When the result of calculation of the attack message in the described setting cycle time is less than or equal to the second predetermined number and more than institute
When stating the first predetermined number, issue and the characteristic information of described attack message is uploaded to log server carries out recording and abandoning this
The process strategy of attack message.
Preferably, described in draw the intensity of the attack message matched in the setting cycle time with described acl rule, according to
This attack strength issues the process strategy of attack message, and concrete grammar includes:
When the result of calculation of the attack message in described setting cycle is more than described second predetermined number, issue described
The characteristic information of attack message is uploaded to log server to carry out recording, abandoning this attack message and close this attack message correspondence
The process strategy of receiving port.
Second aspect, a kind of switch that the embodiment of the present invention provides, including master control processing module and packet forwarding module,
Wherein:
Described master control processing module, for being configured to mate the access control list ACL rule of attack message, and in institute
State and acl rule arranges statistics labelling and the initial value of packet accouter;Wherein, described statistics labelling for mark to institute
Stating the attack message that acl rule matches to add up, described packet accouter is for preserving and described acl rule matches
The statistical value of attack message;Issue described acl rule in the hardware table item of the exchange chip of packet forwarding module;
Described packet forwarding module, for according to the statistics labelling arranged in acl rule, to that receive with described ACL
The attack message that rule matches carries out adding up and being saved in described packet accouter;
Described master control processing module, is additionally operable to, according to the setting cycle time, read the current statistic of described packet accouter
Value also preserves, and calculates the attack of attack message described in the setting cycle time according to the current statistic value of described packet accouter strong
Degree, issues the process strategy of attack message according to this attack strength.
Preferably, described master control processing module, specifically for the current statistic value according to described packet accouter, with preservation
The historical statistics value of described packet accouter carry out mathematic interpolation, draw in the setting cycle time with described acl rule phase
The intensity of the attack message joined.
Preferably, described master control processing module, specifically for when the counting of the attack message in the described setting cycle time
When result is less than or equal to the first predetermined number, issues and the characteristic information of described attack message be recorded local daily record and abandon this
The process strategy of attack message.
Preferably, described master control processing module, specifically for:
When the attack message in the described setting cycle time result of calculation less than or equal to the first predetermined number time, issue by
The characteristic information of described attack message recorded local daily record and abandons the process strategy of this attack message.
Preferably, described master control processing module, specifically for:
When the result of calculation of the attack message in described setting cycle is more than described second predetermined number, issue described
The characteristic information of attack message is uploaded to log server to carry out recording, abandoning this attack message and close this attack message correspondence
The process strategy of receiving port.
The embodiment of the present invention provide a kind of attack message detection and take precautions against method and switch, by statistics labelling pair
The attack message matched with described acl rule carries out adding up and pass through packet accouter preservation and described acl rule phase
The statistical value of the attack message joined, and read the current statistic value of described packet accouter according to the setting cycle time and preserve,
Current statistic value according to described packet accouter calculates the attack strength of attack message described in the setting cycle time, attacks according to this
Hit intensity issues the process strategy of attack message such that it is able to improves the accuracy detecting attack message and prevents
The reliability of model.
Accompanying drawing explanation
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, below by embodiment required use attached
Figure is briefly described, it will be appreciated that the following drawings illustrate only certain embodiments of the present invention, and it is right therefore to should not be viewed as
The restriction of scope, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to according to this
A little accompanying drawings obtain other relevant accompanying drawings.
Fig. 1 is the functional block diagram of a kind of switch that embodiment of the present invention provides.
Fig. 2 is the flow chart of the method that a kind of attack message that embodiment of the present invention provides detects and takes precautions against.
Fig. 3 is a kind of cpu queue number being applied to Fig. 2 and the mapping relations figure of speed of embodiment of the present invention offer.
Figure acceptance of the bid note is respectively as follows:
Switch 100;Master control processing module 101;Packet forwarding module 102.
Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
The a part of embodiment of the present invention rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment obtained under not making creative work premise, broadly falls into the scope of protection of the invention.
It should also be noted that similar label and letter represent similar terms, therefore, the most a certain Xiang Yi in following accompanying drawing
Individual accompanying drawing is defined, then need not it be defined further and explains in accompanying drawing subsequently.Meanwhile, the present invention's
In description, term " first ", " second " etc. are only used for distinguishing and describe, and it is not intended that indicate or hint relative importance.
As it is shown in figure 1, be the functional block diagram of described switch 100.Described switch 100 can include that master control processes
Module 101 and packet forwarding module 102, described master control processing module 101 is connected to described packet forwarding module 102, so that institute
State and data communication or Signalling exchange between master control processing module 101 and described packet forwarding module 102, can be carried out.For distributed
For switch device, master control processing module 101 is positioned on main control card (MPU), and packet forwarding module 102 is positioned at line card (LPU).
Wherein, described master control processing module 101 is for being configured to mate the access control list ACL rule of attack message
Then, statistics labelling and the initial value of packet accouter and are set in described acl rule.
In the present embodiment, described switch 100 includes that the access that can carry out rule configuration controls list (Access
Control List, ACL), so that attack message is mated.Statistics labelling and message meter it is provided with in described acl rule
The initial value of number device.In detail, the acl rule for mating attack message is configured, with to described acl rule mutually
The attack message joined carries out adding up, detect and taking precautions against.It is initial that described configuration includes described statistics labelling and packet accouter
Value is configured.Wherein, the attack message matched with described acl rule is added up by described statistics labelling for mark.
Described packet accouter is for preserving the statistical value of the attack message matched with described acl rule.Described statistics mark
Note and described packet accouter are arranged in acl rule list item.This acl rule can need to configure according to user.
The statistics labelling that described packet forwarding module 102 is arranged according to acl rule, to receive with described
The attack message that acl rule matches carries out adding up and being saved in described packet accouter.
In the present embodiment, described packet forwarding module 102 is when receiving attack message, to described acl rule mutually
The legitimacy of the attack message joined detects, and according to described statistics labelling, detects attack message and enters this attack message
Row counting, and count results is stored in packet accouter.
Described master control processing module 101, is additionally operable to, according to the setting cycle time, read the current system of described packet accouter
Evaluation also preserves, and calculates the attack of attack message described in the setting cycle time according to the current statistic value of described packet accouter strong
Degree, issues the process strategy of attack message according to this attack strength.
Wherein, described master control processing module 101 periodically reads described packet accouter according to the described setting cycle time
Current statistic value also preserves, and calculates attack message described in the setting cycle time according to the current statistic value of described packet accouter
Attack strength, issues the process strategy of attack message according to this attack strength.
Further, the attack strength of described attack message is according to the counting of the attack message in the described setting cycle time
Result carries out classification.Described classification can include strongest, second-order intensity and three grades of intensity, and rank is the highest, and attack strength is more
Greatly.In the present embodiment, after described packet forwarding module 102 reads the current statistic value of described packet accouter, unite according to history
Evaluation carries out mathematic interpolation.And analysis result draw this attack message within the setting cycle time with described acl rule phase
The intensity of the attack message of coupling.Wherein, the intensity of described attack message can be the number of attack message each second.Described point
Level can carry out classification according to described attack strength, it is also possible to transfer to the default value of cpu queue to arrange according to attack message.
Wherein, when described attack message transfers to the default value of cpu queue to arrange, three ranks take cpu queue respectively
The preset ratio of default value.Such as, described strongest takes the 25% of described cpu queue default value, and described second-order intensity takes institute
Stating the 50% of cpu queue default value, described three grades of intensity take the 100% of described cpu queue default value.Different cpu queues are default
Value is as shown in Figure 3.When attack message transfers to CPU from 0 queue, then strongest is 50PPS, and second-order intensity is 100PPS, three
Level intensity is 200PPS.
In the present embodiment, when the count results of attack message is less than or equal to the first predetermined number in described setting cycle
Time (such as 50), then judge that the attack strength of described attack message is strongest.The most described packet forwarding module 102 is to described
Packet forwarding module 102 issues the process strategy corresponding with strongest.Described process strategy can be by described attack message
Characteristic information recorded local daily record, and abandon this attack message.
When the count results of attack message is less than or equal to the second predetermined number and is more than described first predetermined number, then
The attack strength judging described attack message is second-order intensity.The most described packet forwarding module 102 forwards mould to described message
Block 102 issues process strategy.Described process strategy can be that the characteristic information of described attack message is uploaded to log server
Carry out record, and abandon this attack message.
When the count results of described attack message is more than described second predetermined number, then judge attacking of described attack message
Hit intensity is three grades of intensity.The most described packet forwarding module 102 issues and these three grades of intensity to described packet forwarding module 102
Corresponding process strategy.The described strategy that processes is remembered for the characteristic information of described attack message is uploaded to log server
Record, and abandon this attack message and close the receiving port that this attack message is corresponding.Should be appreciated that in other embodiments,
Described strength grading can also be other any feasible method, and the most in other embodiments, described strength grading also may be used
Only to comprise described strongest and second-order intensity, or the other intensity of more stages can also be included.
As in figure 2 it is shown, be the flow chart of the method that a kind of attack message that embodiment of the present invention provides detects and takes precautions against.
The method comprises the following steps.
Step S101: be configured to mate the access control list ACL rule of attack message, and in described acl rule
Statistics labelling and the initial value of packet accouter are set.
Wherein, described switch 100 includes that the access that can carry out rule configuration controls list (Access Control
List, ACL), to mate attack message.Described acl rule is provided with statistics labelling and the initial value of packet accouter.This reality
Execute in example, first the acl rule being used for mating attack message is configured, with to the attack matched with described acl rule
Message carries out adding up, detect and taking precautions against.In detail, described configuration includes described statistics labelling and the initial value of packet accouter
It is configured.Wherein, the attack message matched with described acl rule is added up by described statistics labelling for mark.Institute
State packet accouter for the statistical value of the attack message matched with described acl rule is preserved.
Step S102: issue described acl rule in the hardware table item of exchange chip.
Wherein, described master control processing module 101 issues described acl rule to described packet forwarding module 102 exchange chip
Hardware table item in.
Step S103: according to described statistics labelling, is carried out the attack message matched with described acl rule received
Add up and be saved in described packet accouter.
In the present embodiment, described packet forwarding module 102 is when receiving attack message, to described acl rule mutually
The legitimacy of the attack message joined detects, and according to described statistics labelling, thus detects attack message and counts, and
Count results is stored in packet accouter.
Step S104: according to the setting cycle time, read the current statistic value of described packet accouter and preserve, according to institute
The current statistic value stating packet accouter calculates the attack strength of attack message described in the setting cycle time, according to this attack strength
Issue the process strategy of attack message.
Wherein, described master control processing module 101 periodically reads described packet accouter according to the described setting cycle time
Current statistic value also preserves, and calculates attack message described in the setting cycle time according to the current statistic value of described packet accouter
Attack strength, issues the process strategy of attack message according to this attack strength.
Further, the attack strength of described attack message is according to the counting of the attack message in the described setting cycle time
Result carries out classification.Described classification can include strongest, second-order intensity and three grades of intensity, and rank is the highest, and attack strength is more
Greatly.In the present embodiment, after described packet forwarding module 102 reads the current statistic value of described packet accouter, unite according to history
Evaluation carries out mathematic interpolation.And decomposition computation result draw this attack message within the setting cycle time with described acl rule phase
The intensity of the attack message of coupling.Wherein, the intensity of described attack message can be the number of attack message each second.Described point
Level can carry out classification according to described attack strength, it is also possible to transfer to the default value of cpu queue to arrange according to attack message.
Wherein, when described attack message transfers to the default value of cpu queue to arrange, three ranks take cpu queue respectively
The preset ratio of default value.Such as, described strongest takes the 25% of described cpu queue default value, and described second-order intensity takes institute
Stating the 50% of cpu queue default value, described three grades of intensity take the 100% of described cpu queue default value.Different cpu queues are default
Value is as shown in Figure 3.When attack message transfers to CPU from 0 queue, then strongest is 50PPS, and second-order intensity is 100PPS, three
Level intensity is 200PPS.
In the present embodiment, when the count results of attack message is less than or equal to the first predetermined number in described setting cycle
Time (such as 50), then judge that the attack strength of described attack message is strongest.The most described packet forwarding module 102 is to described
Packet forwarding module 102 issues the process strategy corresponding with strongest.Described process strategy can be by described attack message
Characteristic information recorded local daily record, and abandon this attack message.
When the count results of attack message is less than or equal to the second predetermined number and is more than described first predetermined number, then
The attack strength judging described attack message is second-order intensity.The most described packet forwarding module 102 forwards mould to described message
Block 102 issues process strategy.Described process strategy can be that the characteristic information of described attack message is uploaded to log server
Carry out record, and abandon this attack message.
When the count results of described attack message is more than described second predetermined number, then judge attacking of described attack message
Hit intensity is three grades of intensity.The most described packet forwarding module 102 issues and these three grades of intensity to described packet forwarding module 102
Corresponding process strategy.The described strategy that processes is remembered for the characteristic information of described attack message is uploaded to log server
Record, and abandon this attack message and close the receiving port that this attack message is corresponding.Should be appreciated that in other embodiments,
Described strength grading can also be other any feasible method, and the most in other embodiments, described strength grading also may be used
Only to comprise described strongest and second-order intensity, or the other intensity of more stages can also be included.
The embodiment of the present invention provide a kind of attack message detection and take precautions against method and switch, by statistics labelling pair
The attack message matched with described acl rule carries out adding up and pass through packet accouter preservation and described acl rule phase
The statistical value of the attack message joined, and read the current statistic value of described packet accouter according to the setting cycle time and preserve,
Current statistic value according to described packet accouter calculates the attack strength of attack message described in the setting cycle time, attacks according to this
Hit intensity issues the process strategy of attack message such that it is able to improves the accuracy detecting attack message and prevents
The reliability of model.
It should be noted that in embodiment provided herein, it should be understood that disclosed apparatus and method, can
To realize by another way.Device embodiment described above is only schematically, such as, and drawing of described unit
Point, it is only a kind of logic function and divides, actual can have other dividing mode when realizing.
In embodiment provided herein, it should be understood that disclosed apparatus and method, can be passed through other
Mode realizes.Device embodiment described above is only that schematically such as, flow chart and block diagram in accompanying drawing show
The device of multiple embodiments according to the present invention, the architectural framework in the cards of method and computer program product, function and
Operation.In this, each square frame in flow chart or block diagram can represent a module, program segment or a part for code,
A part for described module, program segment or code comprise one or more for realize regulation logic function perform refer to
Order.It should also be noted that at some as in the realization replaced, the function marked in square frame can also be to be different from accompanying drawing institute
The order of mark occurs.Such as, two continuous print square frames can essentially perform substantially in parallel, and they sometimes can also be by phase
Anti-order performs, and this is depending on involved function.It is also noted that each square frame in block diagram and/or flow chart, with
And the combination of the square frame in block diagram and/or flow chart, can be with performing the hardware based of the function of regulation or the special of action
System realizes, or can realize with the combination of specialized hardware with computer instruction.
The described unit illustrated as separating component can be or may not be physically separate, shows as unit
The parts shown can be or may not be physical location, i.e. may be located at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can be selected according to the actual needs to realize the mesh of the present embodiment scheme
's.
It addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it is also possible to
It is that unit is individually physically present, it is also possible to two or more unit are integrated in a unit.
The above, the only detailed description of the invention of the present invention, but protection scope of the present invention is not limited thereto, and any
Those familiar with the art, in the technical scope that the invention discloses, can readily occur in change or replace, should contain
Cover within protection scope of the present invention.Therefore, protection scope of the present invention should described be as the criterion with scope of the claims.
Claims (10)
1. an attack message detection and the method for strick precaution, it is characterised in that described method includes:
Be configured to mate attack message access control list ACL rule, and arrange in described acl rule statistics labelling with
And the initial value of packet accouter;Wherein, described statistics labelling is for identifying the attack message matched with described acl rule
Adding up, described packet accouter is for preserving the statistical value of the attack message matched with described acl rule;
Issue described acl rule in the hardware table item of exchange chip;
According to described statistics labelling, the attack message matched with described acl rule received is added up and is saved in
In described packet accouter;
According to the setting cycle time, read the current statistic value of described packet accouter and preserve, according to described packet accouter
Current statistic value calculate the attack strength of attack message described in the setting cycle time, issue attack message according to this attack strength
Process strategy.
Attack message the most according to claim 1 detection and the method taken precautions against, it is characterised in that described according to described message
The current statistic value of enumerator calculates the step of the attack strength of attack message described in the setting cycle time, and concrete grammar includes:
Current statistic value according to described packet accouter, carries out difference with the historical statistics value of the described packet accouter preserved
Calculate, draw the intensity of the attack message matched with described acl rule in the setting cycle time according to result of calculation.
Attack message the most according to claim 1 and 2 detection and take precautions against method, it is characterised in that described in draw setting
The intensity of the attack message matched with described acl rule in cycle time, issues the place of attack message according to this attack strength
Reason strategy, concrete grammar includes:
When the result of calculation of the attack message in the described setting cycle time is less than or equal to the first predetermined number, issue described
The characteristic information of attack message recorded local daily record and abandons the process strategy of this attack message.
Attack message the most according to claim 2 detection and take precautions against method, it is characterised in that described in draw setting cycle
The intensity of the attack message matched with described acl rule in the time, issues the process plan of attack message according to this attack strength
Slightly, concrete grammar includes:
When the result of calculation of the attack message in the described setting cycle time is less than or equal to the second predetermined number and more than described the
During one predetermined number, issue and the characteristic information of described attack message is uploaded to log server carries out recording and abandon this attack
The process strategy of message.
Attack message the most according to claim 2 detection and take precautions against method, it is characterised in that described in draw setting cycle
The intensity of the attack message matched with described acl rule in the time, issues the process plan of attack message according to this attack strength
Slightly, concrete grammar includes:
When the result of calculation of the attack message in described setting cycle is more than described second predetermined number, issue described attack
The characteristic information of message is uploaded to log server to carry out recording, abandoning this attack message and close corresponding the connecing of this attack message
The process strategy of receiving end mouth.
6. a switch, it is characterised in that include master control processing module and packet forwarding module, wherein:
Described master control processing module, for being configured to mate the access control list ACL rule of attack message, and described
Acl rule arranges statistics labelling and the initial value of packet accouter;Wherein, described statistics labelling is for identifying with described
The attack message that acl rule matches is added up, and described packet accouter is for preserving and attacking that described acl rule matches
Hit the statistical value of message;Issue described acl rule in the hardware table item of the exchange chip of packet forwarding module;
Described packet forwarding module, for according to the statistics labelling arranged in acl rule, to that receive with described acl rule
The attack message matched carries out adding up and being saved in described packet accouter;
Described master control processing module, is additionally operable to, according to the setting cycle time, read the current statistic value of described packet accouter also
Preserve, calculate the attack strength of attack message, root described in the setting cycle time according to the current statistic value of described packet accouter
The process strategy of attack message is issued according to this attack strength.
Switch the most according to claim 6, it is characterised in that described master control processing module, specifically for according to described
The current statistic value of packet accouter, carries out mathematic interpolation with the historical statistics value of the described packet accouter preserved, draws and set
The intensity of the attack message matched with described acl rule in the fixed cycle time.
8. according to the switch described in claim 6 or 7, it is characterised in that
Described master control processing module, specifically for being less than or equal to when the count results of the attack message in the described setting cycle time
During the first predetermined number, issue and the characteristic information of described attack message be recorded local daily record and abandon the place of this attack message
Reason strategy.
Switch the most according to claim 7, it is characterised in that described master control processing module, specifically for:
When the result of calculation of the attack message in the described setting cycle time is less than or equal to the first predetermined number, issue described
The characteristic information of attack message recorded local daily record and abandons the process strategy of this attack message.
Switch the most according to claim 7, it is characterised in that described master control processing module, specifically for:
When the result of calculation of the attack message in described setting cycle is more than described second predetermined number, issue described attack
The characteristic information of message is uploaded to log server to carry out recording, abandoning this attack message and close corresponding the connecing of this attack message
The process strategy of receiving end mouth.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610770488.5A CN106131083A (en) | 2016-08-30 | 2016-08-30 | A kind of attack message detection and take precautions against method and switch |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610770488.5A CN106131083A (en) | 2016-08-30 | 2016-08-30 | A kind of attack message detection and take precautions against method and switch |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106131083A true CN106131083A (en) | 2016-11-16 |
Family
ID=57272236
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610770488.5A Pending CN106131083A (en) | 2016-08-30 | 2016-08-30 | A kind of attack message detection and take precautions against method and switch |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106131083A (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106657126A (en) * | 2017-01-05 | 2017-05-10 | 盛科网络(苏州)有限公司 | Device and method for detecting and defending DDos attack |
CN106878078A (en) * | 2017-02-23 | 2017-06-20 | 杭州迪普科技股份有限公司 | A kind of method and apparatus for producing daily record |
CN107332732A (en) * | 2017-06-26 | 2017-11-07 | 迈普通信技术股份有限公司 | A kind of method of sampling of message flow, device and routing device |
CN107689963A (en) * | 2017-09-26 | 2018-02-13 | 杭州迪普科技股份有限公司 | A kind of detection method and device for arp reply message aggression |
CN109067585A (en) * | 2018-08-15 | 2018-12-21 | 杭州迪普科技股份有限公司 | A kind of inquiry ACL table item delivery method and device |
CN109067744A (en) * | 2018-08-08 | 2018-12-21 | 新华三技术有限公司合肥分公司 | Acl rule processing method, device and communication equipment |
CN109214173A (en) * | 2017-06-29 | 2019-01-15 | 国民技术股份有限公司 | Safety equipment and its attack resistance method |
CN110191014A (en) * | 2019-05-20 | 2019-08-30 | 杭州迪普信息技术有限公司 | A kind of the hit-count statistical method and device of rule entry |
CN112511523A (en) * | 2020-11-24 | 2021-03-16 | 超越科技股份有限公司 | Network security control method based on access control |
CN113315744A (en) * | 2020-07-21 | 2021-08-27 | 阿里巴巴集团控股有限公司 | Programmable switch, flow statistic method, defense method and message processing method |
CN113885474A (en) * | 2021-09-30 | 2022-01-04 | 株洲中车时代电气股份有限公司 | Control network and train |
CN114422178A (en) * | 2021-12-10 | 2022-04-29 | 锐捷网络股份有限公司 | Statistical result reporting method, device and medium based on access control list |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101083563A (en) * | 2007-07-20 | 2007-12-05 | 杭州华三通信技术有限公司 | Method and apparatus for preventing distributed refuse service attack |
CN101272350A (en) * | 2008-05-06 | 2008-09-24 | 北京星网锐捷网络技术有限公司 | Output access control method and output access control device |
US20100217936A1 (en) * | 2007-02-02 | 2010-08-26 | Jeff Carmichael | Systems and methods for processing access control lists (acls) in network switches using regular expression matching logic |
CN102075365A (en) * | 2011-02-15 | 2011-05-25 | 中国工商银行股份有限公司 | Method and device for locating and protecting network attack source |
CN103368909A (en) * | 2012-03-30 | 2013-10-23 | 迈普通信技术股份有限公司 | A communication equipment control layer protection apparatus and a communication equipment control layer protection method |
-
2016
- 2016-08-30 CN CN201610770488.5A patent/CN106131083A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100217936A1 (en) * | 2007-02-02 | 2010-08-26 | Jeff Carmichael | Systems and methods for processing access control lists (acls) in network switches using regular expression matching logic |
CN101083563A (en) * | 2007-07-20 | 2007-12-05 | 杭州华三通信技术有限公司 | Method and apparatus for preventing distributed refuse service attack |
CN101272350A (en) * | 2008-05-06 | 2008-09-24 | 北京星网锐捷网络技术有限公司 | Output access control method and output access control device |
CN102075365A (en) * | 2011-02-15 | 2011-05-25 | 中国工商银行股份有限公司 | Method and device for locating and protecting network attack source |
CN103368909A (en) * | 2012-03-30 | 2013-10-23 | 迈普通信技术股份有限公司 | A communication equipment control layer protection apparatus and a communication equipment control layer protection method |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106657126B (en) * | 2017-01-05 | 2019-11-08 | 盛科网络(苏州)有限公司 | The device and method of detection and defending DDoS (Distributed Denial of Service) attacks |
CN106657126A (en) * | 2017-01-05 | 2017-05-10 | 盛科网络(苏州)有限公司 | Device and method for detecting and defending DDos attack |
CN106878078A (en) * | 2017-02-23 | 2017-06-20 | 杭州迪普科技股份有限公司 | A kind of method and apparatus for producing daily record |
CN107332732A (en) * | 2017-06-26 | 2017-11-07 | 迈普通信技术股份有限公司 | A kind of method of sampling of message flow, device and routing device |
CN109214173A (en) * | 2017-06-29 | 2019-01-15 | 国民技术股份有限公司 | Safety equipment and its attack resistance method |
CN107689963A (en) * | 2017-09-26 | 2018-02-13 | 杭州迪普科技股份有限公司 | A kind of detection method and device for arp reply message aggression |
CN109067744A (en) * | 2018-08-08 | 2018-12-21 | 新华三技术有限公司合肥分公司 | Acl rule processing method, device and communication equipment |
CN109067585A (en) * | 2018-08-15 | 2018-12-21 | 杭州迪普科技股份有限公司 | A kind of inquiry ACL table item delivery method and device |
CN109067585B (en) * | 2018-08-15 | 2021-11-23 | 杭州迪普科技股份有限公司 | Method and device for issuing query ACL (access control list) table items |
CN110191014A (en) * | 2019-05-20 | 2019-08-30 | 杭州迪普信息技术有限公司 | A kind of the hit-count statistical method and device of rule entry |
CN113315744A (en) * | 2020-07-21 | 2021-08-27 | 阿里巴巴集团控股有限公司 | Programmable switch, flow statistic method, defense method and message processing method |
WO2022017249A1 (en) * | 2020-07-21 | 2022-01-27 | 阿里巴巴集团控股有限公司 | Programmable switch, traffic statistics method, defense method, and packet processing method |
CN112511523A (en) * | 2020-11-24 | 2021-03-16 | 超越科技股份有限公司 | Network security control method based on access control |
CN113885474A (en) * | 2021-09-30 | 2022-01-04 | 株洲中车时代电气股份有限公司 | Control network and train |
CN114422178A (en) * | 2021-12-10 | 2022-04-29 | 锐捷网络股份有限公司 | Statistical result reporting method, device and medium based on access control list |
CN114422178B (en) * | 2021-12-10 | 2024-04-16 | 锐捷网络股份有限公司 | Statistical result reporting method, device and medium based on access control list |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106131083A (en) | A kind of attack message detection and take precautions against method and switch | |
KR101879416B1 (en) | Apparatus and method for detecting abnormal financial transaction | |
CN108234524A (en) | Method, apparatus, equipment and the storage medium of network data abnormality detection | |
CN108282497A (en) | For the ddos attack detection method of SDN control planes | |
CN105989538B (en) | Automatic trading system and automatic trading method for financial products | |
EP3648433B1 (en) | System and method of training behavior labeling model | |
CN108540431A (en) | The recognition methods of account type, device and system | |
CN104615730B (en) | A kind of multi-tag sorting technique and device | |
CN107563757A (en) | The method and device of data risk control | |
CN107729924B (en) | Picture review probability interval generation method and picture review determination method | |
CN109635564A (en) | A kind of method, apparatus, medium and equipment detecting Brute Force behavior | |
EP3771152B1 (en) | Network analysis program, network analysis device, and network analysis method | |
CN107423278A (en) | The recognition methods of essential elements of evaluation, apparatus and system | |
CN111756760B (en) | User abnormal behavior detection method based on integrated classifier and related equipment | |
CN115357629A (en) | Processing method, system, electronic device and storage medium for financial data stream | |
CN105141637A (en) | Transmission encryption method taking flows as granularity | |
CN109150894A (en) | A kind of method and system for identifying malicious user | |
CN108600172A (en) | Hit library attack detection method, device, equipment and computer readable storage medium | |
WO2019029149A1 (en) | Insurance policy-type status information counting method, terminal apparatus and storage medium | |
CN109495291A (en) | Call abnormal localization method, device and server | |
CN103106558B (en) | Packing of product information online monitoring system and method on streamline | |
CN104883705B (en) | A kind of the problem of data service is complained localization method and device | |
CN111010599B (en) | Method and device for processing multi-scene video stream and computer equipment | |
CN108259441A (en) | It is a kind of to prevent URL from accessing the method and device to detour | |
CN108199979A (en) | Flow processing method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161116 |
|
RJ01 | Rejection of invention patent application after publication |