CN106357661B - A kind of distributed refusal service attack defending method based on interchanger rotation - Google Patents

A kind of distributed refusal service attack defending method based on interchanger rotation Download PDF

Info

Publication number
CN106357661B
CN106357661B CN201610867684.4A CN201610867684A CN106357661B CN 106357661 B CN106357661 B CN 106357661B CN 201610867684 A CN201610867684 A CN 201610867684A CN 106357661 B CN106357661 B CN 106357661B
Authority
CN
China
Prior art keywords
interchanger
rotation
attacker
layer switch
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610867684.4A
Other languages
Chinese (zh)
Other versions
CN106357661A (en
Inventor
武泽慧
麻荣宽
魏强
柳晓龙
曹琰
张连成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PLA Information Engineering University
Original Assignee
PLA Information Engineering University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PLA Information Engineering University filed Critical PLA Information Engineering University
Priority to CN201610867684.4A priority Critical patent/CN106357661B/en
Publication of CN106357661A publication Critical patent/CN106357661A/en
Application granted granted Critical
Publication of CN106357661B publication Critical patent/CN106357661B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of distributed refusal service attack defending methods based on interchanger rotation, overcome in the prior art, the insufficient problem of distributed denial of service attack attacker's isolating power.1) invention, which contains, to be acted on behalf of layer switch and receives network packet, judge whether network flow generates exception;2) exception is not generated, then is forwarded according to next address in data packet header by hiding layer switch;Exception is generated, then is executed " 3) ";3) layer switch starting interchanger rotation engine processing all-network flow is acted on behalf of;4) attacker's number possibility predication is carried out according to " user-interchanger " connection;5) attacker's screening is carried out by interchanger rotation process;6) if attacker is isolated by complete screening, rotation process terminates;Otherwise it continues to execute " 5) ".The technology realizes the dynamic mapping of " user-interchanger " connection with greedy algorithm, isolates attacker by mostly rotation.

Description

A kind of distributed refusal service attack defending method based on interchanger rotation
Technical field
The present invention relates to a kind of network attack defence methods, refuse more particularly, to a kind of distribution based on interchanger rotation Exhausted service attack defence method.
Background technique
Distributed denial of service attack is a kind of attack technology derived by Denial of Service attack.Attacker is by a large amount of Compromised slave is launched a offensive to target, the one-to-one attack pattern of Denial of Service attack is extended to many-one, therefore endanger more Greatly and it is more difficult to take precautions against.Ddos attack is difficult to the root eliminated in its design defect in traditional network: the original intention of network design is to protect Card communicates end to end, it is of interest that realizes QoS (Quality of Service) by transmitting terminal and receiving end, stablizes biography Defeated, safety assurance etc. causes network both ends very complicated, and network itself is relatively easy, is merely responsible for data forwarding.Therefore, net There is malicious act in any one end at network both ends, can all damage to other side, and network itself does not have the task of traffic management And ability.In terms of being in particular in following four:
(1) network security high dependency.Safety height relies between network element in network, therefore even if promotes victim System, but since, there are still other fragile nodes, ddos attack still is able to success in network.This problem is solved, is needed The security system of the whole network is established, is eliminated " wooden barrel short slab ".
(2) finiteness of Internet resources.Entity in network, such as host, server, bandwidth resource have the upper limit, this Also attack basis is provided for ddos attack.
(3) the not equity of information and resource.Only in moneys such as information, the services of end node storage network in traditional network Source, the acquired Limited information of network itself, such as local topology.In the case of this resource is not reciprocity, attacker can be with Under the premise of network " non-perception ", peer node sends prior data bank.
(4) responsibility is without legal.It, can not be to this if IP Spoofing attack allows attacker to distort attack Class behavior is qualitative, and similar also has reflection attack, such as smurf.
(4) dispersibility managed.The method that the differences such as structure, the demand of traditional network make network use distributed management Whole network is managed, both limited by localized network strategy, management dispersion cannot achieve effective defence for the behavior of network.
Based on the defect of above four aspects, researcher has done various effort and has been attacked with solving distributed denial of service The problem hit successively proposes different defence methods.It can be mainly divided into traffic filtering, ability control, three type of load migration Type.
Defence method based on traffic filtering arranges a large amount of filter in a network, in such a way that traffic filtering is blocked Fight attack.But this method be assuming that attack traffic and normal discharge are realized under the premise of having apparent difference, Currently generally start no longer to be applicable in the environment of distributed denial of service attack using Botnet.
Defence method based on ability control improves the passivity of above-mentioned traffic filtering, it is desirable that sender send data it The preceding license for needing to obtain recipient, and different senders can the person of being received assign different priority.It is this to pass through limit The method that recipient processed accesses resource is a kind of method of Initiative Defense, but on the one hand this method faces the difficulty that license is forged Topic, on the other hand the processing capacity dependent on router in network, is limited to the performance of bottom physical facility.
For the limitation for breaking through physical facility, Security Officer forwards safely network using third party, such as Tor and SDN, completes stream Amount detection, filtering and redirection function, while introducing redundant server reduction attack load.The core of this method is by negative Migration is carried come when reducing the influence of attack, but facing the attack of greater flow, load migration ability will appear bottleneck.
Above-mentioned traffic filtering faces wrong report and fails to report unstable problem, and ability control is also only to migrate target of attack Onto certificate server, front does not solve the problems, such as distributed denial of service attack, and there are traffic bottlenecks for load migration.This Outside, the above method has not been changed the nature static of defence, and for attacker, static defence method can always be broken through or can be around It crosses.
For the defect for solving above-mentioned static defence, researcher proposes the defence method of hiding middle layer, by attacking Between the person of hitting and target deployment can the hidden layer of dynamic change carry out forwarding attack stream.Wang proposes the method for hiding agency a kind of Fight distributed denial of service attack.But due to hide agency IP address be it is fixed, attacker can be by spying Method obtains the address for hiding agency, so that defence method fails.And the method for hidden layer need to conventional network equipment into Row third party upgrading, expense cost are larger.
Summary of the invention
The present invention overcomes in the prior art, the insufficient problem of distributed denial of service attack attacker's isolating power, A kind of characteristic building OpenFlow interchanger wheel mold changing using software defined network network centralized control and dynamic management is provided The distributed refusal service attack defending method based on interchanger rotation of type.
The technical solution of the invention is as follows, provides a kind of distribution based on interchanger rotation having follow steps and refuses Exhausted service attack defence method: include the following steps:
Step 1) acts on behalf of layer switch and receives network packet, judges whether network flow generates exception;
If step 2) generation does not generate exception, according to next address in data packet header by hiding layer switch It is forwarded;If flow generates exception, " step 3) " is executed;
Step 3) acts on behalf of layer switch starting interchanger rotation engine, and all-network flow is imported interchanger rotation engine Processing;
Step 4) interchanger rotation engine carries out attacker's number possibility predication according to " user-interchanger " connection;
Step 5) interchanger rotation engine carries out attacker's screening by interchanger rotation process;
If step 6) attacker is isolated by complete screening, rotation process terminates;If do not filtered out completely, It then continues to execute " step 5) ", until attacker is screened isolates completely.
In the step 1), the execution that layer switch is responsible for Network Attack detection and interchanger rotation process is acted on behalf of, Transformation open source OpenFlow interchanger completes proxy switch function;It is examined by disposing flow detector on proxy switch The variation of instantaneous flow is surveyed, if instantaneous flow variation is more than preset value, then it is assumed that network flow produces exception.
In the step 2), hiding layer switch is responsible for the forwarding of legal data packet, and the IP address for hiding layer switch is It is private, prevent attacker from sending directionally to attack stream in the interchanger;Hiding layer switch is traditional network or SDN It is responsible for the router or interchanger of data forwarding in network.
In the step 3), interchanger rotation engine by the Agent layer group of switches in step 1) at interchanger pond, by SDN controller is responsible for scheduling according to round-robin.
In the step 4), attacker's possibility predication is theoretical estimated value, and attacker's number possibility predication is according to formulaIt completes, wherein NsumFor all numbers of users in current network, NAFor attack Person's sum, S are to act on behalf of layer switch sum, SjIt is responsible for the number of users of forwarding for interchanger j, it is assumed that all to act on behalf of in layer switch The number of switches that do not attacked is X, and when attacking generation, X=m, in primary specific attack, the value of X is handed over by acting on behalf of The flow detector of middle deployment of changing planes is learnt.
In the step 5), the round-robin of the interchanger rotation invocation of procedure is the greedy round-robin after optimization, son The time complexity of process is constant;Interchanger rotation engine calls interchanger round-robin complete by interchanger rotation process It is isolated at the screening of attacker.
Compared with prior art, the present invention is based on the distributed refusal service attack defending method of interchanger rotation have with Lower advantage: 1, proposing a kind of dynamic security method based on interchanger rotation, using software defined network network centralized control and The characteristic of dynamic management constructs OpenFlow interchanger rotation model, realizes " user-interchanger " connection using greedy algorithm Dynamic mapping isolates attacker by mostly rotation, while providing low latency persistent service to legitimate user.
2, the present invention proposes a kind of rotation model of OpenFlow interchanger, and distributed denial of service attack may be implemented Defence and positioning, it is insufficient to can solve following two o'clock existing for current method: (1) it is currently directed in the defence method of DDoS, it is general All over using the methods of static filtering, configuration, one side load too high, another aspect flexibility is poor, in face of novel distribution Denial of Service attack generally requires the upgrading of whole network and underlying hardware;(2) the current attack localization method reverse based on packet When can not realize the positioning of attacker during defence, and face the attack started using Botnet, location efficiency is too It is low.
3, the present invention is based on the characteristics of software defined network centralized control and dynamic management to propose that a kind of service is continual Distributed refusal service attack defending method.Current defence method often impacts Lawful access when to attack resistance, The network access time for postponing visitor, even results in the access that Server Restart directly breaks all visitors.The present invention makes Service is provided with controller control interchanger rotation, it is legal to what is isolated from attack stream under by attack context to may be implemented Visitor continues offer service.
Detailed description of the invention
Fig. 1 is the flow chart of the distributed refusal service attack defending method the present invention is based on interchanger rotation;
Fig. 2 is interchanger rotation engine in the distributed refusal service attack defending method the present invention is based on interchanger rotation Course of work schematic diagram;
Fig. 3 is the interchanger rotation model of the distributed refusal service attack defending method the present invention is based on interchanger rotation Schematic diagram.
Specific embodiment
With reference to the accompanying drawings and detailed description to the present invention is based on the distributed denial of service attack of interchanger rotation Defence method is described further: being included the following steps:
Step 1) acts on behalf of layer switch and receives network packet, judges whether network flow generates exception;
If step 2) generation does not generate exception, according to next address in data packet header by hiding layer switch It is forwarded;If flow generates exception, " step 3) " is executed;
Step 3) acts on behalf of layer switch starting interchanger rotation engine, and all-network flow is imported interchanger rotation engine Processing;
Step 4) interchanger rotation engine carries out attacker's number possibility predication according to " user-interchanger " connection;
Step 5) interchanger rotation engine carries out attacker's screening by interchanger rotation process;
If step 6) attacker is isolated by complete screening, rotation process terminates;If do not filtered out completely, It then continues to execute " step 5) ", until attacker is screened isolates completely.
In the step 1), the execution that layer switch is responsible for Network Attack detection and interchanger rotation process is acted on behalf of, Transformation open source OpenFlow interchanger completes proxy switch function;It is examined by disposing flow detector on proxy switch The variation of instantaneous flow is surveyed, if instantaneous flow variation is more than preset value, then it is assumed that network flow produces exception.
In the step 2), hiding layer switch is responsible for the forwarding of legal data packet, and the IP address for hiding layer switch is It is private, prevent attacker from sending directionally to attack stream in the interchanger;Hiding layer switch is traditional network or SDN It is responsible for the router or interchanger of data forwarding in network.
Wherein it is all with to act on behalf of the user that layer switch is connected be attacker, legitimate traffic is not present, if all With being isolated per family, then the ability of present invention isolation attacker can be assessed by the embodiment.
In the step 3), interchanger rotation engine by the Agent layer group of switches in step 1) at interchanger pond, by SDN controller is responsible for scheduling according to round-robin.
In the step 4), attacker's possibility predication is theoretical estimated value, and attacker's number possibility predication is according to formulaIt completes, wherein NsumFor all numbers of users in current network, NAFor attack Person's sum, S are to act on behalf of layer switch sum, SjIt is responsible for the number of users of forwarding for interchanger j, it is assumed that all to act on behalf of in layer switch The number of switches that do not attacked is X, and when attacking generation, X=m, in primary specific attack, the value of X is handed over by acting on behalf of The flow detector of middle deployment of changing planes is learnt.
In the step 5), the round-robin of the interchanger rotation invocation of procedure is the greedy round-robin after optimization, not Algorithm complexity etc. is optimized.The time complexity of its subprocess is constant;Interchanger rotation engine passes through exchange wheel Process is changed, interchanger round-robin is called to complete the screening isolation of attacker.
The rotation engine based on greedy algorithm is optimized in the present invention, by several levels again will be constant by time complexity Grade.
Referring to FIG. 1 to FIG. 2.The distributed refusal service attack defending method based on interchanger rotation, comprising:
Step 1: when act on behalf of flow throughput detector in layer switch detect throughput be more than preset threshold value when, Generate the warning message of exception of network traffic;
Step 2: executing associated script code generating abnormal acting on behalf of, start interchanger rotation engine in layer switch, Attacker is isolated by the screening of rotation engine;
Step 3: checking whether act on behalf of layer switch has still in by attack state, if assert attacker without if Isolation is completed, and attack stream is redirected to specific purpose address or discarding, reduces influence of the attack to network.
The following detailed description of Step 1: Step 2: the related content that step 3 is included:
(1) step 1:
Acting on behalf of layer switch detection exception of network traffic can be completed by disposing flow detector on proxy switch, The variation of instantaneous flow is detected, if instantaneous flow variation is more than preset value, then it is assumed that network flow produces exception.
(2) step 2:
1) interchanger rotation model
Fig. 3 show interchanger rotation illustraton of model, and (User-1 to User-7, User-3 and User5 are 7 users in figure Hiding attacker) data forwarding is completed by 3 proxy switch (S1, S2, S3) respectively, wherein and User-1,2,3 by S1 Forwarding, User-4,5 are forwarded by S2, User-6, and 7 are forwarded by S3.S1 and S2 is in by attack state, controller when attack generates Enabling round-robin and dispatching other proxy switch is User-1, and 2,3,4,5 provide services, into first round rotation, User-1, 3,5 are forwarded by S4, User-2, and 4 are responsible for forwarding by S5.At this time due to S5 connection User-2,4, and S5 is not in by attack shape State, therefore can be determined that User-2,4 be not attacker, and S4 is still within to be possible to by attack state, therefore User-1,3,5 It is attacker.By the rotation of next round, User-2,5 can be identified processing.
2) the interchanger round-robin based on greedy algorithm
NsumFor all numbers of users in current SDN network, NAFor attacker's sum, NsuSuspicious user when occurring for attack Number, NsaAfter shuffling for a wheel, it is identified as the number of users of legitimate user (saved), NusStill suspicious use after shuffling for a wheel Amount.Two equatioies as follows: N can be obtainedsum=NA+NsuAnd Nsu=Nsa+Nus.Objective function is E (Nsa) indicate that every wheel is shuffled middle quilt It is identified as the desired value of the number of legitimate user, E (N can be madesa) maximum, and the lower algorithm of time complexity is required. Fig. 3 is the interchanger round-robin realized using greedy algorithm, and algorithm GreedyShuffle is a recursive algorithm, is called MaxSwitch () function obtains meeting formulaAllocation plan, k indicates the exchange of Agent layer The number of users of machine connection, proxyAssign indicate the number for acting on behalf of layer switch needed when being allocated according to k value, ProxRem, userRem, attackRem indicate remaining Agent layer number of switches.
3) interchanger round-robin optimizes
Algorithm GreedyShuffle is a recursive algorithm, and is easy to get time complexity Θ (Nsum·NA), Work as NsumAnd NAWhen larger, complexity is too high, and calculation amount is too big.In this regard, using Stirling approximated equation hereinIn NA< < NsumWhen, it can obtainVariable x is introduced, and is madeThenTo the formula derivationIt knows as x=1, derivative 0, E (Sj) be maximized.In summaryTherefore the circulation in the MaxSwitch function of algorithm 1 can be saved, which will be 1, algorithm 1 Time complexity be reduced to Θ (NA)。
Step 3:
The main task of step 3 is to judge whether attacker's isolation is complete, on the one hand can pass through the inspection of proxy switch Situation is surveyed to determine, on the other hand can be determined according to attacker's maximal possibility estimation model.
The present invention carries out pre-estimation using number of the maximal possibility estimation to attacker.Assuming that all act on behalf of in layer switch The number of switches that do not attacked is X, and when attacking generation, X=m, in primary specific attack, the value of X is known (logical Crossing the flow detector disposed in interchanger can learn whether the interchanger is attacked).Known to
Use set U={ u1,u2,...,umIndicate not by Layer switch is acted on behalf of in attack, thenIndicate all summations for acting on behalf of layer switch that do not attacked, Indicate the number of attacker, available following equation:
N can be derived according to above-mentioned two formulaATheoretical value, in step 3 Judgement according to this theoretical value i.e. can determine that whether attacker is isolated completely.

Claims (6)

1. a kind of distributed refusal service attack defending method based on interchanger rotation, it is characterized in that: including the following steps:
Step 1) acts on behalf of layer switch and receives network packet, judges whether network flow generates exception;
If step 2) does not generate exception, turned according to next address in data packet header by hiding layer switch Hair;If flow generates exception, " step 3) " is executed;
Step 3) acts on behalf of layer switch starting interchanger rotation engine, and all-network flow is imported at interchanger rotation engine Reason;
Step 4) interchanger rotation engine carries out attacker's number possibility predication according to " user-interchanger " connection;
Step 5) interchanger rotation engine carries out attacker's screening by interchanger rotation process, and the interchanger rotation process is Refer to that interchanger rotation engine calling round-robin completes the process of the screening isolation of attacker;
If step 6) attacker is isolated by complete screening, rotation process terminates;If do not filtered out completely, after It is continuous to execute " step 5) ", until attacker is screened isolates completely.
2. the distributed refusal service attack defending method according to claim 1 based on interchanger rotation, characterized in that In the step 1), the execution that layer switch is responsible for Network Attack detection and interchanger rotation process, transformation open source are acted on behalf of OpenFlow interchanger completes proxy switch function;Instantaneous stream is detected by disposing flow detector on proxy switch The variation of amount, if instantaneous flow variation is more than preset value, then it is assumed that network flow produces exception.
3. the distributed refusal service attack defending method according to claim 1 based on interchanger rotation, characterized in that In the step 2), hiding layer switch is responsible for the forwarding of legal data packet, hide layer switch IP address be it is private, Prevent attacker from sending directionally to attack stream in the interchanger;Hiding layer switch is to bear in traditional network or SDN network Blame the router or interchanger of data forwarding.
4. the distributed refusal service attack defending method according to claim 1 based on interchanger rotation, characterized in that In the step 3), interchanger rotation engine by the Agent layer group of switches in step 1) at interchanger pond, by SDN controller It is responsible for scheduling according to round-robin.
5. the distributed refusal service attack defending method according to claim 1 based on interchanger rotation, characterized in that In the step 4), attacker's possibility predication is theoretical estimated value, and attacker's number possibility predication is according to formulaIt completes, wherein NsumFor all numbers of users in current network, NAIt is total for attacker Number, S are to act on behalf of layer switch sum, SjIt is responsible for the number of users of forwarding, set U={ u for interchanger j1,u2,...,umIndicate not That is attacked acts on behalf of layer switch, it is assumed that all number of switches that do not attacked in layer switch of acting on behalf of are X, are generated in attack When, X=m, in primary specific attack, the value of X is learnt by the flow detector disposed in proxy switch.
6. according to right want 1 described in the distributed refusal service attack defending method based on interchanger rotation, characterized in that institute It states in step 5), the round-robin of the interchanger rotation invocation of procedure is the greedy round-robin after optimization, the time of subprocess Complexity is constant;Greedy round-robin after the optimization refers to the interchanger round-robin based on greedy algorithm;It is described greedy Heart round-robin is for calculating user and acting on behalf of the allocation strategy between layer switch.
CN201610867684.4A 2016-09-30 2016-09-30 A kind of distributed refusal service attack defending method based on interchanger rotation Active CN106357661B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610867684.4A CN106357661B (en) 2016-09-30 2016-09-30 A kind of distributed refusal service attack defending method based on interchanger rotation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610867684.4A CN106357661B (en) 2016-09-30 2016-09-30 A kind of distributed refusal service attack defending method based on interchanger rotation

Publications (2)

Publication Number Publication Date
CN106357661A CN106357661A (en) 2017-01-25
CN106357661B true CN106357661B (en) 2019-09-06

Family

ID=57865698

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610867684.4A Active CN106357661B (en) 2016-09-30 2016-09-30 A kind of distributed refusal service attack defending method based on interchanger rotation

Country Status (1)

Country Link
CN (1) CN106357661B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111385235B (en) * 2018-12-27 2022-08-26 北京卫达信息技术有限公司 DDoS attack defense system and method based on dynamic transformation
CN111935152B (en) * 2020-08-11 2022-11-08 中国人民解放军战略支援部队信息工程大学 Autonomous filtering and dynamic defense method and system for DDoS (distributed denial of service) attack based on agent controller
CN112383549A (en) * 2020-11-13 2021-02-19 国网冀北电力有限公司张家口供电公司 Dynamic defense method based on dichotomy

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104125214A (en) * 2014-06-30 2014-10-29 北京邮电大学 Security architecture system for realizing software definition security and security controller
CN105100016A (en) * 2014-05-12 2015-11-25 中国民航大学 Cloud computing router platform DDoS attack defense method based on VHSAP

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140282891A1 (en) * 2013-03-15 2014-09-18 Stephen Frechette Method and system for unique computer user identification for the defense against distributed denial of service attacks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105100016A (en) * 2014-05-12 2015-11-25 中国民航大学 Cloud computing router platform DDoS attack defense method based on VHSAP
CN104125214A (en) * 2014-06-30 2014-10-29 北京邮电大学 Security architecture system for realizing software definition security and security controller

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"基于链路特征的DDoS攻击检测";孙红杰,方滨兴等;《通信学报》;20070228;第28卷(第2期);88-93页 *

Also Published As

Publication number Publication date
CN106357661A (en) 2017-01-25

Similar Documents

Publication Publication Date Title
Prasad et al. An efficient detection of flooding attacks to Internet Threat Monitors (ITM) using entropy variations under low traffic
CN111431946A (en) Mimicry router execution body scheduling method and mimicry router
Chapade et al. Securing cloud servers against flooding based DDoS attacks
US9882904B2 (en) System and method for filtering network traffic
CA2540802A1 (en) Method and apparatus for traffic control of dynamic denial of service attacks within a communications network
Chen et al. DDoS defense for IoT: A Stackelberg game model-enabled collaborative framework
CN106357661B (en) A kind of distributed refusal service attack defending method based on interchanger rotation
KR20100040792A (en) A method for neutralizing the arp spoofing attack by using counterfeit mac addresses
CN113206858A (en) Mobile target defense method based on internet of things DDoS attack
CN116471064A (en) Network safety protection system, method and device based on active defense strategy
CN115051836B (en) SDN-based APT attack dynamic defense method and system
RU2576488C1 (en) METHOD OF CONSTRUCTING DATA NETWORKS WITH HIGH LEVEL OF SECURITY FROM DDoS ATTACKS
CN114115068A (en) Heterogeneous redundancy defense strategy issuing method of endogenous security switch
Feng et al. Research on the active DDoS filtering algorithm based on IP flow
Wang et al. Distributed denial of service attack defence simulation based on honeynet technology
Chen et al. Preventing DRDoS attacks in 5G networks: a new source IP address validation approach
Prasad et al. IP traceback for flooding attacks on Internet threat monitors (ITM) using Honeypots
Prasad et al. Flooding attacks to internet threat monitors (ITM): modeling and counter measures using botnet and honeypots
Zhong et al. Research on DDoS Attacks in IPv6
Salim et al. A client/server based mechanism to prevent ARP spoofing attacks
Pande et al. Prevention mechanism on DDOS attacks by using multilevel filtering of distributed firewalls
AU2021102049A4 (en) Method and system for defense against Distributed Denial-of-Service attack
Prasad et al. An efficient flash crowd attack detection to internet threat monitors (itm) using honeypots
CN113872929B (en) Web application safety protection method, system and server based on dynamic domain name
CN111431913B (en) Router advertisement protection mechanism existence detection method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant