CN107493276A - A kind of method and device of network safety prevention - Google Patents

A kind of method and device of network safety prevention Download PDF

Info

Publication number
CN107493276A
CN107493276A CN201710672623.7A CN201710672623A CN107493276A CN 107493276 A CN107493276 A CN 107493276A CN 201710672623 A CN201710672623 A CN 201710672623A CN 107493276 A CN107493276 A CN 107493276A
Authority
CN
China
Prior art keywords
network
attack source
group
attack
protection equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710672623.7A
Other languages
Chinese (zh)
Other versions
CN107493276B (en
Inventor
杨雪皎
赵跃明
叶晓虎
李明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nsfocus Technologies Inc
Nsfocus Technologies Group Co Ltd
Original Assignee
NSFOCUS Information Technology Co Ltd
Beijing NSFocus Information Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NSFOCUS Information Technology Co Ltd, Beijing NSFocus Information Security Technology Co Ltd filed Critical NSFOCUS Information Technology Co Ltd
Priority to CN201710672623.7A priority Critical patent/CN107493276B/en
Publication of CN107493276A publication Critical patent/CN107493276A/en
Application granted granted Critical
Publication of CN107493276B publication Critical patent/CN107493276B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

A kind of method and device of network safety prevention, the network attack information that this method reports for reception network monitor equipment are disclosed in the embodiment of the present application;According to the IP address of each attack source, each attack source is grouped according to area distribution, and based on the IP address for each network protection equipment being locally stored, determines the nearest network protection equipment of each group of attack source respectively;The type of service of packet based on each group attack source and nearest network protection equipment, according to default allocation rule, the optimal network safeguard of each group of attack source is determined respectively;The packet that each group attack source is sent, corresponding optimal network safeguard is forwarded to, triggering optimal network safeguard carries out filtration treatment to the packet of reception, and the packet after filtration treatment is sent to corresponding client server.So, the broadband of each node of backbone network and each node of other convergences has been saved, has reduced network congestion, has improved the security of network.

Description

A kind of method and device of network safety prevention
Technical field
The application is related to network safety filed, more particularly to a kind of method and device of network protection safety.
Background technology
With the development of Internet technology and the popularization of network, network attack, e.g., distributed denial of service (Distributed Denial of Service, DDOS) is attacked, and is also growed in intensity.Wherein, so-called DDOS attack refers to utilize Rational service request takes excessive Service Source, so that server can not handle the instruction of validated user, and obtains clothes The control of business device, and steal the information of user etc., this greatly compromises network security, and inconvenience is brought to user.
Under prior art, network safety prevention is carried out, mainly using following two modes:
First way is:By anti-DDOS equipment, the Web portal of server is deployed in, and passes through network monitor equipment pair DDOS attack is detected, it is determined that when there is DDOS attack, the mass data bag comprising attack data is forwarded into anti-DDOS and set It is standby, and the packet received using anti-DDOS equipment interconnections carries out filtration treatment, and the packet after filtering is sent to corresponding Client server.
The second way is:Anti- DDOS services are bought to operator or internet cloud service provider, pass through network monitor equipment Testing result, it is determined that when there is DDOS attack, each mass data bag comprising attack data is forwarded to operator or mutually The anti-DDOS servers for cloud service provider of networking, and filtration treatment is carried out to the packet of reception by anti-DDOS servers, and Packet after each filtering is sent to corresponding client server.
But no matter using first way, or using the second way, the mass data bag comprising attack data is all Client server can be reached by backbone network, this can take the broadband of a large amount of backbone networks and the node of other convergences, cause tight The network congestion of weight.
The content of the invention
The embodiment of the present application provides a kind of method and device of network safety prevention, for carrying out network safety prevention When, according to Internet protocol (Internet Protocol, IP) address of attack source, using the network distance with attack source most Near network protection equipment carries out filtration treatment, suppresses network attack from source, saves the broadband of each node of backbone network, subtract Few network congestion, improve the security of network.
The concrete technical scheme that the embodiment of the present application provides is as follows:
A kind of method of network safety prevention, including:
The network attack information that network monitor equipment reports is received, wherein, each attack source is included in network attack information Internet protocol address and each attack source packet type of service;
According to the IP address of each attack source, each attack source is grouped according to area distribution, and deposited based on local The IP address of each network protection equipment of storage, and the IP address of each attack source, determine each group of attack source most respectively Nearly network protection equipment;
The type of service of packet based on each group attack source and the nearest network protection equipment of each group attack source, according to pre- If allocation rule, determine the optimal network safeguard of each group of attack source respectively, wherein, allocation rule is used for according to attack The type of service of the packet in source, corresponding network protection equipment recently is selected as optimal network safeguard;
The packet that each group attack source is sent, is forwarded to corresponding optimal network safeguard, and triggering optimal network is prevented Protect the packet that equipment interconnection is received and carry out filtration treatment, and the packet after filtration treatment is sent to corresponding customer service Device.
Preferably, the IP address based on each network protection equipment being locally stored, and the IP address of each attack source, The nearest network protection equipment of each group of attack source is determined respectively, is specifically included:
Respectively following operate is performed for each group of attack source:
Integrated network distance of one group of attack source respectively between each network protection equipment is determined, wherein, one group is attacked The integrated network distance hit between source and a network protection equipment represents each attack source and one included in one group of attack source Network distance between individual network protection equipment plus and;
It is determined that the minimum value of each integrated network distance obtained, and using network protection equipment corresponding to minimum value as one The nearest network protection equipment of group attack source.
Preferably, the type of service of the packet based on each group attack source and the nearest network protection of each group attack source are set It is standby, according to default allocation rule, the optimal network safeguard of each group of attack source is determined respectively, is specifically included:
When determining that the type of service of the packet of attack source accesses class business for website, respectively by each group of attack source most Nearly network protection equipment is as itself corresponding optimal network safeguard;Or
When determining that the type of service of the packet of attack source accesses class business for non-website, obtain in network attack information also Comprising each attack source attack traffic, and calculate respectively the attack traffic of each attack source in each group of attack source plus With, and using it is each plus and in maximum corresponding to one group of attack source nearest network protection equipment as each group attack source most Excellent network protection equipment.
Preferably, further comprise:
If the type of service of the packet of attack source, which is website, accesses class business, performed respectively for each group of attack source Operate below:
Receive the flow status information that each network protection equipment reports according to preset duration;
When determining that the flow status information of the optimal network safeguard of one group of attack source characterizes flow saturation, one group is obtained Attack source characterizes the integrated network distance between unsaturated network protection equipment with each flow status information respectively;
By network protection equipment corresponding to the minimum value in each integrated network of acquisition distance, as one group of attack source more Optimal network safeguard after new.
Preferably, further comprise:
Receive the flow status information that each network protection equipment reports according to preset duration;
Determine that the type of service of the packet of attack source accesses class business, and the optimal net of each group attack source for non-website When the flow status information of network safeguard characterizes flow saturation, the attack of each attack source in each group of attack source is calculated respectively Flow plus and, and calculate it is each plus and in maximum corresponding to one group of attack source respectively with each flow status sign not The integrated network distance of the network protection equipment of saturation, and network corresponding to the minimum value in each integrated network distance is prevented Protect the optimal network safeguard after equipment updates as each group attack source.
A kind of device of network safety prevention, including:
Receiving unit, the network attack information reported for receiving network monitor equipment, wherein, wrapped in network attack information The type of service of the packet of internet protocol address and each attack source containing each attack source;
First determining unit, for the IP address according to each attack source, each attack source is carried out according to area distribution Packet, and based on the IP address for each network protection equipment being locally stored, and the IP address of each attack source, determine respectively The nearest network protection equipment of each group of attack source;
Second determining unit, for the type of service of the packet based on each group attack source and the nearest net of each group attack source Network safeguard, according to default allocation rule, the optimal network safeguard of each group of attack source is determined respectively, wherein, point It is used for the type of service of the packet according to attack source with rule, selects corresponding network protection equipment recently as optimal network Safeguard;
Processing unit, for the packet for sending each group attack source, corresponding optimal network safeguard is forwarded to, touched Send out optimal network safeguard and filtration treatment is carried out to the packet of reception, and the packet after filtration treatment is sent to corresponding Client server.
Preferably, in the IP address based on each network protection equipment being locally stored, and the IP of each attack source Location, when determining the nearest network protection equipment of each group of attack source respectively, the first determining unit is specifically used for:
Respectively following operate is performed for each group of attack source:
Integrated network distance of one group of attack source respectively between each network protection equipment is determined, wherein, one group is attacked The integrated network distance hit between source and a network protection equipment represents each attack source and one included in one group of attack source Network distance between individual network protection equipment plus and;
It is determined that the minimum value of each integrated network distance obtained, and using network protection equipment corresponding to minimum value as one The nearest network protection equipment of group attack source.
Preferably, set in the type of service of the packet based on each group attack source and the nearest network protection of each group attack source It is standby, according to default allocation rule, when determining the optimal network safeguard of each group of attack source respectively, the second determining unit tool Body is used for:
When determining that the type of service of the packet of attack source accesses class business for website, respectively by each group of attack source most Nearly network protection equipment is as itself corresponding optimal network safeguard;Or
When determining that the type of service of the packet of attack source accesses class business for non-website, obtain in network attack information also Comprising each attack source attack traffic, and calculate respectively the attack traffic of each attack source in each group of attack source plus With, and using it is each plus and in maximum corresponding to one group of attack source nearest network protection equipment as each group attack source most Excellent network protection equipment.
Preferably, processing unit is additionally operable to:
If the type of service of the packet of attack source, which is website, accesses class business, performed respectively for each group of attack source Operate below:
Receive the flow status information that each network protection equipment reports according to preset duration;
When determining that the flow status information of the optimal network safeguard of one group of attack source characterizes flow saturation, one group is obtained Attack source characterizes the integrated network distance between unsaturated network protection equipment with each flow status information respectively;
By network protection equipment corresponding to the minimum value in each integrated network of acquisition distance, as one group of attack source more Optimal network safeguard after new.
Preferably, processing unit is additionally operable to:
Receive the flow status information that each network protection equipment reports according to preset duration;
Determine that the type of service of the packet of attack source accesses class business, and the optimal net of each group attack source for non-website When the flow status information of network safeguard characterizes flow saturation, the attack of each attack source in each group of attack source is calculated respectively Flow plus and, and calculate it is each plus and in maximum corresponding to one group of attack source respectively with each flow status sign not The integrated network distance of the network protection equipment of saturation, and network corresponding to the minimum value in each integrated network distance is prevented Protect the optimal network safeguard after equipment updates as each group attack source.
In the embodiment of the present application, the network attack information that network monitor equipment reports is received, wherein, in network attack information The type of service of internet protocol address comprising each attack source and the packet of each attack source;According to each attack source IP address, each attack source is grouped according to area distribution, and based on each network protection equipment being locally stored IP address, and the IP address of each attack source, the nearest network protection equipment of each group of attack source is determined respectively;Based on each group The type of service of the packet of attack source and the nearest network protection equipment of each group attack source, according to default allocation rule, divide The optimal network safeguard of each group of attack source is not determined, wherein, allocation rule is used for the industry of the packet according to attack source Service type, corresponding network protection equipment recently is selected as optimal network safeguard;The data that each group attack source is sent Bag, is forwarded to corresponding optimal network safeguard, and triggering optimal network safeguard is carried out at filtering to the packet of reception Reason, and the packet after filtration treatment is sent to corresponding client server.In this manner it is possible to prevented according to attack source and network The type of service of the packet of device network distance and attack source is protected, determines the optimal network safeguard of attack source, and use The packet that above-mentioned optimal network safeguard is sent to attack source carries out filtration treatment, suppresses network attack from source, saves The broadband of each node of backbone network and each node of other convergences, reduces network congestion, improves the peace of network Quan Xing.
Brief description of the drawings
Fig. 1 is the configuration diagram of the system of network safety prevention in the embodiment of the present application one;
Fig. 2 a are the flow chart of the method for network safety prevention in the embodiment of the present application one;
Fig. 2 b are the schematic diagram of the method for network safety prevention in the embodiment of the present application one;
Fig. 3 is the flow chart of the method for network safety prevention in the embodiment of the present application two;
Fig. 4 is the structural representation of the device of network safety prevention in the embodiment of the present application.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present application, the technical scheme in the embodiment of the present application is carried out clear, complete Site preparation describes, it is clear that described embodiment is only some embodiments of the present application, is not whole embodiments.It is based on The embodiment of the present application, the every other implementation that those of ordinary skill in the art are obtained under the premise of creative work is not made Example, belong to the scope of the application protection.
In order to when carrying out network safety prevention, save the broadband of each node of backbone network, reduce network congestion, improve The security of network, in the embodiment of the present application, a kind of method of network safety prevention is devised, this method is according to attack source With network protection device network distance and the type of service of the packet of attack source, determine that the optimal network protection of attack source is set It is standby, and the packet sent using above-mentioned optimal network safeguard to attack source carries out filtration treatment, further, will filter Packet after processing is sent to corresponding client server.
The application preferred embodiment is described in detail below in conjunction with the accompanying drawings.
As shown in fig.1, the configuration diagram of the system for network safety prevention, including dispatch server, network monitor Equipment, core routing device, routing device, client and network protection equipment.Before network safety prevention is carried out, to net The idiographic flow that network monitoring device is configured is as follows:
First, network monitor equipment is disposed, following two modes can be used:
First way is:Can distributed deployment, i.e., each network monitor equipment is deployed in the network of client respectively Porch, and be connected with the routing device of porch.
The second way is:Centralized deployment, i.e., by network monitor deployed with devices in backbone network, and with the core of backbone network Routing device connects.
Then, dispatch server issues configuration information to each network monitor equipment.Wherein, configuration information includes what is reported Preset duration, attack alarm threshold etc..
Further, network monitor equipment receives the configuration information that dispatch server issues, and according to configuration information to this Ground is configured.
After being disposed to each network monitor equipment, it is possible to by each network monitor equipment to network attack It is monitored, determines the attack source of network attack, and the packet of attack source is carried out accordingly by network protection equipment Processing.
Because the type of service of the packet of attack source is divided into website access class business and non-website access class business, because This, in the embodiment of the present application, according to the type of service of the packet of attack source, is respectively adopted two application scenarios to network security The idiographic flow of protection illustrates.First application scenarios be:The type of service of the packet of attack source is that class is accessed in website Business.Second application scenarios be:The type of service of the packet of attack source is that class business is accessed in non-website.
Refering to shown in Fig. 2 a, in the embodiment of the present application one, the tool of the network safety prevention to above-mentioned first application scenarios Body flow is further elaborated:
Step 200:Network monitor equipment periodically carries out sampling point according to preset duration to each packet of transmission Analysis, obtain analysis result.
Step 201:Network monitor equipment is based on analysis result, determines existing network attack.
Step 202:Network monitor equipment is by network attack information reporting to dispatch server.
Specifically, when performing step 202, the IP address of multiple attack sources is included in network attack information.So-called attack source For the network equipment of illegal molecule control, e.g., computer.
Step 203:Dispatch server determines the nearest network protection equipment of attack source.
Specifically, first, dispatch service obtains the IP address of each attack source included in network attack information, and obtains Take the IP address for each network protection equipment being locally stored.
Then, dispatch server is divided each attack source according to area distribution according to the IP address of each attack source Group.
Wherein, each attack source is grouped according to area distribution, can be in the following ways:
Each attack source corresponding to the IP address of the same region network segment is divided into one group by dispatch server, or, adjust Each attack source corresponding to the IP address of adjacent multiple region network segments is divided into one group by degree server.
In this manner it is possible to according to the IP address of attack source, the area distribution of attack source is determined, and according to each attack source Area distribution is divided.
For example, the IP address that dispatch server obtains each attack source is respectively:192.168.1.0/24、 192.168.2.0/24、192.168.3.0/24、192.168.4.0/24、192.168.5.0/24、192.126.1.0/24、 192.126.2.0/24、192.126.3.0/24、192.126.4.0/24、192.126.5.0/24.Then dispatch server will be each Individual attack source is divided into two groups, and first group of G1 includes:192.168.1.0/24、192.168.2.0/24、192.168.3.0/24、 192.168.4.0/24、192.168.5.0/24.Second group of G2 includes:192.126.1.0/24、192.126.2.0/24、 192.126.3.0/24、192.126.4.0/24、192.126.5.0/24。
Then, the IP address of IP address of the dispatch server based on each attack source and each network protection equipment, respectively Calculate the network distance between each attack source and each network protection equipment.
Finally, network distance of the dispatch server based on acquisition, the nearest network protection equipment of each group of attack source is determined. Network protection equipment is used to filter the packet comprising attack data, realizes network safety prevention.
Wherein, by taking one group of attack source as an example, the nearest network protection equipment of pair each group of attack source of determination, illustrate:
First, dispatch server is determined between each attack source included in one group of attack source and a network protection equipment Network distance plus and, as the integrated network distance between above-mentioned one group of attack source and said one network protection equipment.
For example, between each attack source included in one group of attack source and a network protection equipment network distance (d1, D2, d3, d4, d5) value is (1,3,2,1,3).Then determine between above-mentioned one group of attack source and said one network protection equipment Network synthesis distance s1=1+3+2+1+3=10.
Based on identical principle, dispatch server determine respectively above-mentioned one group of attack source and each network protection equipment it Between integrated network distance, will not be repeated here.
Then, dispatch server determines the minimum value of each integrated network distance obtained, and by corresponding to the minimum value Nearest network protection equipment of the network protection equipment as above-mentioned one group of attack source.
For example, attack source group G1 integrated network distance respectively s1=10, the s2=7 with 3 network protection equipment respectively, S3=9, then the minimum value for each network synthesis distance that dispatch server determination obtains is 7, and corresponding second network protection is set It is standby, and the nearest network protection equipment using second network protection equipment as attack source group G1.
In the embodiment of the present application, only to be illustrated exemplified by determining the nearest network protection equipment of one group of attack source, it is based on Identical principle, it may be determined that the nearest network protection equipment of each group attack source, will not be repeated here.In this manner it is possible to determine The network protection equipment nearest with the network distance of each group of attack source.
Step 204:Dispatch server determines that the type of service of the packet of attack source accesses class business for website.
Specifically, dispatch server obtains the service class of the packet of each attack source included in network attack information Type, determine that the type of service of the packet of attack source accesses class business for website.Wherein, access class business in website refers to that client takes Business device provides the network service based on dns resolution.
Step 205:Dispatch server receives each network protection equipment according to the flow status information periodically reported.
Step 206:Dispatch server determines the optimal network safeguard of attack source.
Specifically, dispatch server is respectively by the nearest network protection equipment of each group of attack source directly as accordingly most Excellent network protection equipment.
Further, the flow status information of each network protection equipment of the dispatch server based on periodic receipt, really Surely when the flow status information that the optimal network safeguard of one group of attack source be present characterizes flow saturation, to the optimal of attack source Network protection equipment is adjusted.
Wherein, the optimal network safeguard of attack source is adjusted, can be in the following ways:
First, obtain one group of attack source characterized respectively with each flow status information unsaturated network protection equipment it Between integrated network distance.
Then, by network protection equipment corresponding to the minimum value in each integrated network distance of acquisition, attacked as one group The optimal network safeguard hit after the renewal of source.
For example, refer to shown in Fig. 2 b, the schematic diagram of the method for network safety prevention.Dispatch server determines attack source group 1 With attack source group 3 corresponding to optimal network safeguard be network protection device A, corresponding to attack source group 2 optimal network protect Equipment is network protection equipment B, and optimal network safeguard corresponding to the group N of attack source is network protection equipment C.
In this manner it is possible in the flow saturation of optimal network safeguard, by the optimal network safeguard of attack source It is adjusted, is adjusted to the suboptimum network protection equipment of relative free, realize the load balancing of network protection equipment, improves net The efficiency of network security protection.
Step 207:IP address of the dispatch server based on optimal network safeguard corresponding to attack source, to attack source The URL of packet corresponds to IP address and is adjusted.
So, class business is accessed for website, it is possible to pointed to by adjusting DNS, be distributed and distribute according to packet source IP Analysis results of the IP of different network protection equipment as DNS, allow different packets using the IP forwardings after adjustment To different network protection equipment.
Step 208:The packet of each group attack source after adjustment is forwarded to corresponding optimal network and prevented by dispatch server Protect equipment.
Further, the packet that dispatch server sends non-attack source is also forwarded to corresponding network protection recently and set It is standby, in subsequent steps, all packets are all filtered by network protection equipment.Improve the security of network.
In this manner it is possible to the packet of each attack source is sent to the network protection equipment nearest apart from attack source, from And network attack is protected on source, and the broadband of backbone network and other aggregation nodes has been saved, avoid network Obstruction.
Step 209:Each packet of reception is carried out filtration treatment by network protection equipment.
Step 210:Packet after filtration treatment is forwarded to corresponding client server by network protection equipment.
Step 211:Packet of the client server based on reception, complete service request.
As shown in fig.3, in the embodiment of the present application two, network safety prevention to above-mentioned second application scenarios it is specific Flow is further elaborated:
Step 300:Network monitor equipment periodically carries out sampling point according to preset duration to each packet of transmission Analysis, obtain analysis result.
Step 301:Network monitor equipment is based on analysis result, determines existing network attack.
Step 302:Network monitor equipment is by network attack information reporting to dispatch server.
Specifically, when performing step 302, the IP address of multiple attack sources is included in network attack information.So-called attack source For the network equipment of illegal molecule control.
Step 303:Dispatch server is based on network attack information, and each attack source included in network attack information is entered Row packet.
Specifically, first, dispatch service obtains the IP address of each attack source included in network attack information, and obtains Take the IP address for each network protection equipment being locally stored.
Then, dispatch server is divided each attack source according to area distribution according to the IP address of each attack source Group.
Wherein, each attack source is grouped according to area distribution, can be in the following ways:
Each attack source corresponding to the IP address of the same region network segment is divided into one group by dispatch server, or, adjust Each attack source corresponding to the IP address of adjacent multiple region network segments is divided into one group by degree server.
In this manner it is possible to according to the IP address of attack source, the area distribution of attack source is determined, and according to each attack source Area distribution is divided.
Step 304:Dispatch server determines that the type of service of the packet of attack source accesses class business for non-website.
Specifically, dispatch server obtains the service class of the packet of each attack source included in network attack information Type, determine that the type of service of the packet of attack source accesses class business for non-website.Wherein, non-website access class business, i.e., not Network based on dns resolution transmission.
Step 305:Dispatch server receives each network protection equipment according to the flow status information periodically reported.
Step 306:Dispatch server determines an optimal network safeguard.
Specifically, first, dispatch server obtains the attack traffic of each attack source also included in network attack information, And calculate respectively the attack traffic of each attack source in each group of attack source plus and.
Then, dispatch server based on it is each plus and in maximum corresponding to one group of attack source IP address and each net The IP address of network safeguard, calculate respectively integrated network between above-mentioned one group of attack source and each network protection equipment away from From determining the nearest network that network protection equipment corresponding to the minimum value in each integrated network distance is above-mentioned one group of attack source Safeguard.Wherein, the integrated network distance between one group of attack source and a network protection equipment is represented in one group of attack source Comprising each attack source and a network protection equipment between network distance plus and.
Finally, dispatch server is set the nearest network protection equipment of acquisition as the optimal network protection of each group attack source It is standby.
Further, the flow status information of each network protection equipment of the dispatch server based on periodic receipt, really When determining the flow status information sign flow saturation of optimal network safeguard, each attack in each group of attack source is calculated respectively The attack traffic in source plus and, and calculate it is each plus and in maximum corresponding to one group of attack source respectively with each flow shape State characterizes the integrated network distance of unsaturated network protection equipment, and the minimum value in each integrated network distance is corresponding Network protection equipment as each group attack source update after optimal network safeguard.
In this manner it is possible in the flow saturation of optimal network safeguard, by the optimal network safeguard of attack source It is adjusted, is adjusted to the suboptimum network protection equipment of relative free.
Step 307:IP address of the dispatch server based on optimal network safeguard, issues instruction:To each in network The routing table information of routing device is modified.
So, for non-website access class business, due to can not by packet adjust DNS point to by way of to data The purpose IP of bag is modified, therefore, it is impossible to be transmitted to each packet using directly optimal corresponding to each attack source packet Network protection device IP, but by the way that the routing table in each routing device in network is modified, so that each data Bao Jun is transmitted according to the new routing table information in route, and because the modification of routing table is route by being sent to the whole network What bulletin was carried out, it is towards whole network, therefore, a network protection equipment can only be chosen as the optimal of each group attack source Network protection equipment, i.e., using network protection equipment corresponding to a maximum attack source packet of attack traffic as each group attack source Optimal network safeguard.
Step 308:The packet of each group attack source after adjustment is forwarded to optimal network protection and set by dispatch server It is standby.
Specifically, dispatch server by route according to amended routing table information, by the packet of each group attack source It is forwarded to optimal network safeguard.
Further, the packet in non-attack source is forwarded to the nearest network protection of each group attack source and set by dispatch server It is standby, so as in subsequent steps, all be filtered to all packets by network protection equipment, improve the safety of network Property.
Step 309:Each packet of reception is carried out filtration treatment by network protection equipment.
Step 310:Packet after filtration treatment is forwarded to corresponding client server by network protection equipment.
Step 311:Packet of the client server based on reception, complete service request.
Based on above-described embodiment, as shown in fig.4, the structural representation of the device of network safety prevention, the application is implemented In example, the device of network safety prevention specifically includes:
Receiving unit 40, the network attack information reported for receiving network monitor equipment, wherein, in network attack information The type of service of internet protocol address comprising each attack source and the packet of each attack source;
First determining unit 41, for the IP address according to each attack source, each attack source is entered according to area distribution Row packet, and based on the IP address for each network protection equipment being locally stored, and the IP address of each attack source, it is true respectively The nearest network protection equipment of fixed each group of attack source;
Second determining unit 42, for the packet based on each group attack source type of service and each group attack source it is nearest Network protection equipment, according to default allocation rule, the optimal network safeguard of each group of attack source is determined respectively, wherein, Allocation rule is used for the type of service of the packet according to attack source, selects corresponding network protection equipment recently as optimal net Network safeguard;
Processing unit 43, for the packet for sending each group attack source, corresponding optimal network safeguard is forwarded to, Trigger optimal network safeguard and filtration treatment is carried out to the packet of reception, and the packet after filtration treatment is sent to phase The client server answered.
Preferably, in the IP address based on each network protection equipment being locally stored, and the IP of each attack source Location, when determining the nearest network protection equipment of each group of attack source respectively, the first determining unit 41 is specifically used for:
Respectively following operate is performed for each group of attack source:
Integrated network distance of one group of attack source respectively between each network protection equipment is determined, wherein, one group is attacked The integrated network distance hit between source and a network protection equipment represents each attack source and one included in one group of attack source Network distance between individual network protection equipment plus and;
It is determined that the minimum value of each integrated network distance obtained, and using network protection equipment corresponding to minimum value as one The nearest network protection equipment of group attack source.
Preferably, set in the type of service of the packet based on each group attack source and the nearest network protection of each group attack source It is standby, according to default allocation rule, when determining the optimal network safeguard of each group of attack source respectively, the second determining unit 42 It is specifically used for:
When determining that the type of service of the packet of attack source accesses class business for website, respectively by each group of attack source most Nearly network protection equipment is as itself corresponding optimal network safeguard;Or
When determining that the type of service of the packet of attack source accesses class business for non-website, obtain in network attack information also Comprising each attack source attack traffic, and calculate respectively the attack traffic of each attack source in each group of attack source plus With, and using it is each plus and in maximum corresponding to one group of attack source nearest network protection equipment as each group attack source most Excellent network protection equipment.
Preferably, processing unit 43 is additionally operable to:
If the type of service of the packet of attack source, which is website, accesses class business, performed respectively for each group of attack source Operate below:
Receive the flow status information that each network protection equipment reports according to preset duration;
When determining that the flow status information of the optimal network safeguard of one group of attack source characterizes flow saturation, one group is obtained Attack source characterizes the integrated network distance between unsaturated network protection equipment with each flow status information respectively;
By network protection equipment corresponding to the minimum value in each integrated network of acquisition distance, as one group of attack source more Optimal network safeguard after new.
Preferably, processing unit 43 is additionally operable to:
Receive the flow status information that each network protection equipment reports according to preset duration;
Determine that the type of service of the packet of attack source accesses class business, and the optimal net of each group attack source for non-website When the flow status information of network safeguard characterizes flow saturation, the attack of each attack source in each group of attack source is calculated respectively Flow plus and, and calculate it is each plus and in maximum corresponding to one group of attack source respectively with each flow status sign not The integrated network distance of the network protection equipment of saturation, and network corresponding to the minimum value in each integrated network distance is prevented Protect the optimal network safeguard after equipment updates as each group attack source.
In the embodiment of the present application, the network attack information that network monitor equipment reports is received, wherein, in network attack information The type of service of internet protocol address comprising each attack source and the packet of each attack source;According to each attack source IP address, each attack source is grouped according to area distribution, and based on each network protection equipment being locally stored IP address, and the IP address of each attack source, the nearest network protection equipment of each group of attack source is determined respectively;Based on each group The type of service of the packet of attack source and the nearest network protection equipment of each group attack source, according to default allocation rule, divide The optimal network safeguard of each group of attack source is not determined, wherein, allocation rule is used for the industry of the packet according to attack source Service type, corresponding network protection equipment recently is selected as optimal network safeguard;The data that each group attack source is sent Bag, is forwarded to corresponding optimal network safeguard, and triggering optimal network safeguard is carried out at filtering to the packet of reception Reason, and the packet after filtration treatment is sent to corresponding client server.In this manner it is possible to prevented according to attack source and network The type of service of the packet of device network distance and attack source is protected, determines the optimal network safeguard of attack source, and use The packet that above-mentioned optimal network safeguard is sent to attack source carries out filtration treatment, suppresses network attack from source, saves The broadband of each node of backbone network and each node of other convergences, reduces network congestion, improves the peace of network Quan Xing.
It should be understood by those skilled in the art that, the embodiment in the embodiment of the present application can be provided as method, system or meter Calculation machine program product.Therefore, complete hardware embodiment, complete software embodiment can be used in the embodiment of the present application or is combined soft The form of the embodiment of part and hardware aspect.Wherein include meter in one or more moreover, can be used in the embodiment of the present application The computer-usable storage medium of calculation machine usable program code (includes but is not limited to magnetic disk storage, CD-ROM, optical memory Deng) on the form of computer program product implemented.
It is with reference to according to the method for embodiment, equipment (system) and calculating in the embodiment of the present application in the embodiment of the present application The flow chart and/or block diagram of machine program product describes.It should be understood that can by computer program instructions implementation process figure and/or Each flow and/or square frame in block diagram and the flow in flow chart and/or block diagram and/or the combination of square frame.It can carry For the processing of these computer program instructions to all-purpose computer, special-purpose computer, Embedded Processor or other programmable datas The processor of equipment is to produce a machine so that passes through computer or the computing device of other programmable data processing devices Instruction produce for realize refer in one flow of flow chart or multiple flows and/or one square frame of block diagram or multiple square frames The device of fixed function.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in individual square frame or multiple square frames.
Although having been described for the preferred embodiment in the embodiment of the present application, those skilled in the art once know Basic creative concept, then other change and modification can be made to these embodiments.So appended claims are intended to explain To include preferred embodiment and fall into being had altered and changing for scope in the embodiment of the present application.
Obviously, those skilled in the art can in the embodiment of the present application embodiment carry out it is various change and modification without Depart from the spirit and scope of embodiment in the embodiment of the present application.So, if in the embodiment of the present application embodiment these modification Within the scope of belonging in the embodiment of the present application claim and its equivalent technologies with modification, then it is also intended in the embodiment of the present application Including these changes and modification.

Claims (10)

  1. A kind of 1. method of network safety prevention, it is characterised in that including:
    The network attack information that network monitor equipment reports is received, wherein, each attack source is included in the network attack information Internet protocol address and each attack source packet type of service;
    According to the IP address of each attack source, each attack source is grouped according to area distribution, and based on being locally stored The IP address of each network protection equipment, and the IP address of each attack source, the nearest net of each group of attack source is determined respectively Network safeguard;
    The type of service of packet based on each group attack source and the nearest network protection equipment of each group attack source, according to default Allocation rule, the optimal network safeguard of each group of attack source is determined respectively, wherein, the allocation rule is used for according to attack The type of service of the packet in source, corresponding network protection equipment recently is selected as optimal network safeguard;
    The packet that each group attack source is sent, is forwarded to corresponding optimal network safeguard, and triggering optimal network protection is set The standby packet to reception carries out filtration treatment, and the packet after filtration treatment is sent to corresponding client server.
  2. 2. the method as described in claim 1, it is characterised in that the IP based on each network protection equipment being locally stored Location, and the IP address of each attack source, the nearest network protection equipment of each group of attack source is determined respectively, is specifically included:
    Respectively following operate is performed for each group of attack source:
    Integrated network distance of one group of attack source respectively between each network protection equipment is determined, wherein, one group of attack source Integrated network distance between a network protection equipment represents each attack source and the institute included in one group of attack source State the network distance between a network protection equipment plus and;
    It is determined that the minimum value of each integrated network distance obtained, and using network protection equipment corresponding to the minimum value as institute State the nearest network protection equipment of one group of attack source.
  3. 3. method as claimed in claim 2, it is characterised in that the type of service and each group of the packet based on each group attack source The nearest network protection equipment of attack source, according to default allocation rule, determine that the optimal network of each group of attack source is prevented respectively Equipment is protected, is specifically included:
    When determining that the type of service of the packet of attack source accesses class business for website, respectively by the nearest net of each group of attack source Network safeguard is as itself corresponding optimal network safeguard;Or
    When determining that the type of service of the packet of attack source accesses class business for non-website, obtain and also included in network attack information Each attack source attack traffic, and calculate respectively the attack traffic of each attack source in each group of attack source plus and, and Optimal net using the nearest network protection equipment of one group of attack source corresponding to each maximum added with as each group attack source Network safeguard.
  4. 4. method as claimed in claim 2 or claim 3, it is characterised in that further comprise:
    If the type of service of the packet of attack source, which is website, accesses class business, performed respectively for each group of attack source following Operation:
    Receive the flow status information that each network protection equipment reports according to preset duration;
    When determining that the flow status information of the optimal network safeguard of one group of attack source characterizes flow saturation, described one group is obtained Attack source characterizes the integrated network distance between unsaturated network protection equipment with each flow status information respectively;
    By network protection equipment corresponding to the minimum value in each integrated network of acquisition distance, as one group of attack source more Optimal network safeguard after new.
  5. 5. method as claimed in claim 2 or claim 3, it is characterised in that further comprise:
    Receive the flow status information that each network protection equipment reports according to preset duration;
    Determine that the type of service of the packet of attack source accesses class business for non-website, and the optimal network of each group attack source is prevented When protecting the flow status information sign flow saturation of equipment, the attack traffic of each attack source in each group of attack source is calculated respectively Plus and, and calculate it is each plus and in maximum corresponding to one group of attack source respectively with each flow status characterize unsaturation Network protection equipment integrated network distance, and by each integrated network distance in minimum value corresponding to network protection set Optimal network safeguard after the standby renewal as each group attack source.
  6. A kind of 6. device of network safety prevention, it is characterised in that including:
    Receiving unit, the network attack information reported for receiving network monitor equipment, wherein, wrapped in the network attack information The type of service of the packet of internet protocol address and each attack source containing each attack source;
    First determining unit, for the IP address according to each attack source, each attack source is grouped according to area distribution, And based on the IP address for each network protection equipment being locally stored, and the IP address of each attack source, determine respectively each The nearest network protection equipment of group attack source;
    Second determining unit, prevent for the type of service of the packet based on each group attack source and the nearest network of each group attack source Equipment is protected, according to default allocation rule, determines the optimal network safeguard of each group of attack source respectively, wherein, described point It is used for the type of service of the packet according to attack source with rule, selects corresponding network protection equipment recently as optimal network Safeguard;
    Processing unit, for the packet for sending each group attack source, corresponding optimal network safeguard is forwarded to, triggering is most The packet that excellent network protection equipment interconnection is received carries out filtration treatment, and the packet after filtration treatment is sent to corresponding visitor Family server.
  7. 7. device as claimed in claim 6, it is characterised in that in the IP based on each network protection equipment being locally stored Location, and the IP address of each attack source, when determining the nearest network protection equipment of each group of attack source respectively, described first is true Order member is specifically used for:
    Respectively following operate is performed for each group of attack source:
    Integrated network distance of one group of attack source respectively between each network protection equipment is determined, wherein, one group of attack source Integrated network distance between a network protection equipment represents each attack source and the institute included in one group of attack source State the network distance between a network protection equipment plus and;
    It is determined that the minimum value of each integrated network distance obtained, and using network protection equipment corresponding to the minimum value as institute State the nearest network protection equipment of one group of attack source.
  8. 8. device as claimed in claim 7, it is characterised in that in the type of service of the packet based on each group attack source and each The nearest network protection equipment of group attack source, according to default allocation rule, the optimal network of each group of attack source is determined respectively During safeguard, second determining unit is specifically used for:
    When determining that the type of service of the packet of attack source accesses class business for website, respectively by the nearest net of each group of attack source Network safeguard is as itself corresponding optimal network safeguard;Or
    When determining that the type of service of the packet of attack source accesses class business for non-website, obtain and also included in network attack information Each attack source attack traffic, and calculate respectively the attack traffic of each attack source in each group of attack source plus and, and Optimal net using the nearest network protection equipment of one group of attack source corresponding to each maximum added with as each group attack source Network safeguard.
  9. 9. device as claimed in claim 7 or 8, it is characterised in that the processing unit is additionally operable to:
    If the type of service of the packet of attack source, which is website, accesses class business, performed respectively for each group of attack source following Operation:
    Receive the flow status information that each network protection equipment reports according to preset duration;
    When determining that the flow status information of the optimal network safeguard of one group of attack source characterizes flow saturation, described one group is obtained Attack source characterizes the integrated network distance between unsaturated network protection equipment with each flow status information respectively;
    By network protection equipment corresponding to the minimum value in each integrated network of acquisition distance, as one group of attack source more Optimal network safeguard after new.
  10. 10. device as claimed in claim 7 or 8, it is characterised in that the processing unit is additionally operable to:
    Receive the flow status information that each network protection equipment reports according to preset duration;
    Determine that the type of service of the packet of attack source accesses class business for non-website, and the optimal network of each group attack source is prevented When protecting the flow status information sign flow saturation of equipment, the attack traffic of each attack source in each group of attack source is calculated respectively Plus and, and calculate it is each plus and in maximum corresponding to one group of attack source respectively with each flow status characterize unsaturation Network protection equipment integrated network distance, and by each integrated network distance in minimum value corresponding to network protection set Optimal network safeguard after the standby renewal as each group attack source.
CN201710672623.7A 2017-08-08 2017-08-08 Network security protection method and device Active CN107493276B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710672623.7A CN107493276B (en) 2017-08-08 2017-08-08 Network security protection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710672623.7A CN107493276B (en) 2017-08-08 2017-08-08 Network security protection method and device

Publications (2)

Publication Number Publication Date
CN107493276A true CN107493276A (en) 2017-12-19
CN107493276B CN107493276B (en) 2020-04-07

Family

ID=60644022

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710672623.7A Active CN107493276B (en) 2017-08-08 2017-08-08 Network security protection method and device

Country Status (1)

Country Link
CN (1) CN107493276B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108156079A (en) * 2017-12-29 2018-06-12 深信服网络科技(深圳)有限公司 A kind of data packet forwarding system and method based on cloud service platform
CN110336801A (en) * 2019-06-20 2019-10-15 杭州安恒信息技术股份有限公司 A kind of method of anti-DDoS equipment selection
CN111131239A (en) * 2019-12-23 2020-05-08 杭州安恒信息技术股份有限公司 Network security device, method, equipment and medium
CN113132308A (en) * 2019-12-31 2021-07-16 华为技术有限公司 Network security protection method and protection equipment
CN113783884A (en) * 2021-09-16 2021-12-10 杭州安恒信息技术股份有限公司 Synflood attack protection method, device, equipment and storage medium
CN113905058A (en) * 2021-10-18 2022-01-07 杭州安恒信息技术股份有限公司 WAF and DDoS high-protection-based protection method, device and medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242415A (en) * 2001-12-10 2008-08-13 思科技术公司 Method and device for filtering and analyzing communication traffic based on packet
CN102111394A (en) * 2009-12-28 2011-06-29 成都市华为赛门铁克科技有限公司 Network attack protection method, equipment and system
CN102271068A (en) * 2011-09-06 2011-12-07 电子科技大学 Method for detecting DOS/DDOS (denial of service/distributed denial of service) attack
CN103491076A (en) * 2013-09-09 2014-01-01 杭州华三通信技术有限公司 Method and system for defending against network attacks
US20150271056A1 (en) * 2014-03-18 2015-09-24 Telefonaktiebolaget L M Ericsson (Publ) OPTIMIZED APPROACH TO IS-IS lFA COMPUTATION WITH PARALLEL LINKS
CN104967588A (en) * 2014-05-26 2015-10-07 腾讯科技(深圳)有限公司 Protection method, apparatus and system for distributed denial of service DDoS (distributed denial of service) attack
US20150365271A1 (en) * 2014-06-13 2015-12-17 Telefonaktiebolaget L M Ericsson (Publ) Optimization to expand is-is leaf nodes during lfa computation
CN106161333A (en) * 2015-03-24 2016-11-23 华为技术有限公司 DDOS attack means of defence based on SDN, Apparatus and system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242415A (en) * 2001-12-10 2008-08-13 思科技术公司 Method and device for filtering and analyzing communication traffic based on packet
CN102111394A (en) * 2009-12-28 2011-06-29 成都市华为赛门铁克科技有限公司 Network attack protection method, equipment and system
CN102271068A (en) * 2011-09-06 2011-12-07 电子科技大学 Method for detecting DOS/DDOS (denial of service/distributed denial of service) attack
CN103491076A (en) * 2013-09-09 2014-01-01 杭州华三通信技术有限公司 Method and system for defending against network attacks
US20150271056A1 (en) * 2014-03-18 2015-09-24 Telefonaktiebolaget L M Ericsson (Publ) OPTIMIZED APPROACH TO IS-IS lFA COMPUTATION WITH PARALLEL LINKS
CN104967588A (en) * 2014-05-26 2015-10-07 腾讯科技(深圳)有限公司 Protection method, apparatus and system for distributed denial of service DDoS (distributed denial of service) attack
US20150365271A1 (en) * 2014-06-13 2015-12-17 Telefonaktiebolaget L M Ericsson (Publ) Optimization to expand is-is leaf nodes during lfa computation
CN106161333A (en) * 2015-03-24 2016-11-23 华为技术有限公司 DDOS attack means of defence based on SDN, Apparatus and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李国军: "大流量DDoS攻击防护方案探讨", 《邮电设计技术》 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108156079A (en) * 2017-12-29 2018-06-12 深信服网络科技(深圳)有限公司 A kind of data packet forwarding system and method based on cloud service platform
CN108156079B (en) * 2017-12-29 2021-08-13 深信服科技股份有限公司 Data packet forwarding system and method based on cloud service platform
CN110336801A (en) * 2019-06-20 2019-10-15 杭州安恒信息技术股份有限公司 A kind of method of anti-DDoS equipment selection
CN110336801B (en) * 2019-06-20 2021-07-06 杭州安恒信息技术股份有限公司 Method for selecting anti-DDoS (distributed denial of service) equipment
CN111131239A (en) * 2019-12-23 2020-05-08 杭州安恒信息技术股份有限公司 Network security device, method, equipment and medium
CN111131239B (en) * 2019-12-23 2022-03-22 杭州安恒信息技术股份有限公司 Network security device, method, equipment and medium
CN113132308A (en) * 2019-12-31 2021-07-16 华为技术有限公司 Network security protection method and protection equipment
CN113132308B (en) * 2019-12-31 2022-05-17 华为技术有限公司 Network security protection method and protection equipment
CN113783884A (en) * 2021-09-16 2021-12-10 杭州安恒信息技术股份有限公司 Synflood attack protection method, device, equipment and storage medium
CN113905058A (en) * 2021-10-18 2022-01-07 杭州安恒信息技术股份有限公司 WAF and DDoS high-protection-based protection method, device and medium

Also Published As

Publication number Publication date
CN107493276B (en) 2020-04-07

Similar Documents

Publication Publication Date Title
CN107493276A (en) A kind of method and device of network safety prevention
Chen et al. Measuring TCP round-trip time in the data plane
CN108040057B (en) Working method of SDN system suitable for guaranteeing network security and network communication quality
Wang et al. Mitigating bandwidth-exhaustion attacks using congestion puzzles
US7120934B2 (en) System, method and apparatus for detecting, identifying and responding to fraudulent requests on a network
EP2612488B1 (en) Detecting botnets
EP1806888B1 (en) Denial-of-service attack detecting system, and denial-of-service attack detecting method
WO2017107780A1 (en) Method, device and system for recognizing illegitimate proxy for charging fraud
CN104333529B (en) The detection method and system of HTTP dos attacks under a kind of cloud computing environment
CN102801738B (en) Distributed DoS (Denial of Service) detection method and system on basis of summary matrices
CN107360184B (en) Terminal equipment authentication method and device
CN106131031B (en) Method and device for cleaning and processing DDoS (distributed denial of service) flow
CN101505219B (en) Method and protecting apparatus for defending denial of service attack
CN106713216A (en) Flow processing method, device and system
CN106357685A (en) Method and device for defending distributed denial of service attack
CN108322417A (en) Processing method, device and system and the safety equipment of network attack
EP1678615A2 (en) Policy-based network security management
CN109005175A (en) Network protection method, apparatus, server and storage medium
Seo et al. APFS: adaptive probabilistic filter scheduling against distributed denial-of-service attacks
CN105812318B (en) For preventing method, controller and the system of attack in a network
CN113992539B (en) Network security dynamic route hopping method and system
CN107426241A (en) A kind of method and device of network safety prevention
CN110213214A (en) A kind of attack guarding method, system, device and storage medium
CN109617753A (en) A kind of platform management method, system and electronic equipment and storage medium
KR101039092B1 (en) Method for protecting and isolating host in internet protocol version 6 network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building

Patentee after: NSFOCUS Technologies Group Co.,Ltd.

Patentee after: NSFOCUS TECHNOLOGIES Inc.

Address before: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building

Patentee before: NSFOCUS INFORMATION TECHNOLOGY Co.,Ltd.

Patentee before: NSFOCUS TECHNOLOGIES Inc.

CP01 Change in the name or title of a patent holder