CN107493276A - A kind of method and device of network safety prevention - Google Patents
A kind of method and device of network safety prevention Download PDFInfo
- Publication number
- CN107493276A CN107493276A CN201710672623.7A CN201710672623A CN107493276A CN 107493276 A CN107493276 A CN 107493276A CN 201710672623 A CN201710672623 A CN 201710672623A CN 107493276 A CN107493276 A CN 107493276A
- Authority
- CN
- China
- Prior art keywords
- network
- attack source
- group
- attack
- protection equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
A kind of method and device of network safety prevention, the network attack information that this method reports for reception network monitor equipment are disclosed in the embodiment of the present application;According to the IP address of each attack source, each attack source is grouped according to area distribution, and based on the IP address for each network protection equipment being locally stored, determines the nearest network protection equipment of each group of attack source respectively;The type of service of packet based on each group attack source and nearest network protection equipment, according to default allocation rule, the optimal network safeguard of each group of attack source is determined respectively;The packet that each group attack source is sent, corresponding optimal network safeguard is forwarded to, triggering optimal network safeguard carries out filtration treatment to the packet of reception, and the packet after filtration treatment is sent to corresponding client server.So, the broadband of each node of backbone network and each node of other convergences has been saved, has reduced network congestion, has improved the security of network.
Description
Technical field
The application is related to network safety filed, more particularly to a kind of method and device of network protection safety.
Background technology
With the development of Internet technology and the popularization of network, network attack, e.g., distributed denial of service
(Distributed Denial of Service, DDOS) is attacked, and is also growed in intensity.Wherein, so-called DDOS attack refers to utilize
Rational service request takes excessive Service Source, so that server can not handle the instruction of validated user, and obtains clothes
The control of business device, and steal the information of user etc., this greatly compromises network security, and inconvenience is brought to user.
Under prior art, network safety prevention is carried out, mainly using following two modes:
First way is:By anti-DDOS equipment, the Web portal of server is deployed in, and passes through network monitor equipment pair
DDOS attack is detected, it is determined that when there is DDOS attack, the mass data bag comprising attack data is forwarded into anti-DDOS and set
It is standby, and the packet received using anti-DDOS equipment interconnections carries out filtration treatment, and the packet after filtering is sent to corresponding
Client server.
The second way is:Anti- DDOS services are bought to operator or internet cloud service provider, pass through network monitor equipment
Testing result, it is determined that when there is DDOS attack, each mass data bag comprising attack data is forwarded to operator or mutually
The anti-DDOS servers for cloud service provider of networking, and filtration treatment is carried out to the packet of reception by anti-DDOS servers, and
Packet after each filtering is sent to corresponding client server.
But no matter using first way, or using the second way, the mass data bag comprising attack data is all
Client server can be reached by backbone network, this can take the broadband of a large amount of backbone networks and the node of other convergences, cause tight
The network congestion of weight.
The content of the invention
The embodiment of the present application provides a kind of method and device of network safety prevention, for carrying out network safety prevention
When, according to Internet protocol (Internet Protocol, IP) address of attack source, using the network distance with attack source most
Near network protection equipment carries out filtration treatment, suppresses network attack from source, saves the broadband of each node of backbone network, subtract
Few network congestion, improve the security of network.
The concrete technical scheme that the embodiment of the present application provides is as follows:
A kind of method of network safety prevention, including:
The network attack information that network monitor equipment reports is received, wherein, each attack source is included in network attack information
Internet protocol address and each attack source packet type of service;
According to the IP address of each attack source, each attack source is grouped according to area distribution, and deposited based on local
The IP address of each network protection equipment of storage, and the IP address of each attack source, determine each group of attack source most respectively
Nearly network protection equipment;
The type of service of packet based on each group attack source and the nearest network protection equipment of each group attack source, according to pre-
If allocation rule, determine the optimal network safeguard of each group of attack source respectively, wherein, allocation rule is used for according to attack
The type of service of the packet in source, corresponding network protection equipment recently is selected as optimal network safeguard;
The packet that each group attack source is sent, is forwarded to corresponding optimal network safeguard, and triggering optimal network is prevented
Protect the packet that equipment interconnection is received and carry out filtration treatment, and the packet after filtration treatment is sent to corresponding customer service
Device.
Preferably, the IP address based on each network protection equipment being locally stored, and the IP address of each attack source,
The nearest network protection equipment of each group of attack source is determined respectively, is specifically included:
Respectively following operate is performed for each group of attack source:
Integrated network distance of one group of attack source respectively between each network protection equipment is determined, wherein, one group is attacked
The integrated network distance hit between source and a network protection equipment represents each attack source and one included in one group of attack source
Network distance between individual network protection equipment plus and;
It is determined that the minimum value of each integrated network distance obtained, and using network protection equipment corresponding to minimum value as one
The nearest network protection equipment of group attack source.
Preferably, the type of service of the packet based on each group attack source and the nearest network protection of each group attack source are set
It is standby, according to default allocation rule, the optimal network safeguard of each group of attack source is determined respectively, is specifically included:
When determining that the type of service of the packet of attack source accesses class business for website, respectively by each group of attack source most
Nearly network protection equipment is as itself corresponding optimal network safeguard;Or
When determining that the type of service of the packet of attack source accesses class business for non-website, obtain in network attack information also
Comprising each attack source attack traffic, and calculate respectively the attack traffic of each attack source in each group of attack source plus
With, and using it is each plus and in maximum corresponding to one group of attack source nearest network protection equipment as each group attack source most
Excellent network protection equipment.
Preferably, further comprise:
If the type of service of the packet of attack source, which is website, accesses class business, performed respectively for each group of attack source
Operate below:
Receive the flow status information that each network protection equipment reports according to preset duration;
When determining that the flow status information of the optimal network safeguard of one group of attack source characterizes flow saturation, one group is obtained
Attack source characterizes the integrated network distance between unsaturated network protection equipment with each flow status information respectively;
By network protection equipment corresponding to the minimum value in each integrated network of acquisition distance, as one group of attack source more
Optimal network safeguard after new.
Preferably, further comprise:
Receive the flow status information that each network protection equipment reports according to preset duration;
Determine that the type of service of the packet of attack source accesses class business, and the optimal net of each group attack source for non-website
When the flow status information of network safeguard characterizes flow saturation, the attack of each attack source in each group of attack source is calculated respectively
Flow plus and, and calculate it is each plus and in maximum corresponding to one group of attack source respectively with each flow status sign not
The integrated network distance of the network protection equipment of saturation, and network corresponding to the minimum value in each integrated network distance is prevented
Protect the optimal network safeguard after equipment updates as each group attack source.
A kind of device of network safety prevention, including:
Receiving unit, the network attack information reported for receiving network monitor equipment, wherein, wrapped in network attack information
The type of service of the packet of internet protocol address and each attack source containing each attack source;
First determining unit, for the IP address according to each attack source, each attack source is carried out according to area distribution
Packet, and based on the IP address for each network protection equipment being locally stored, and the IP address of each attack source, determine respectively
The nearest network protection equipment of each group of attack source;
Second determining unit, for the type of service of the packet based on each group attack source and the nearest net of each group attack source
Network safeguard, according to default allocation rule, the optimal network safeguard of each group of attack source is determined respectively, wherein, point
It is used for the type of service of the packet according to attack source with rule, selects corresponding network protection equipment recently as optimal network
Safeguard;
Processing unit, for the packet for sending each group attack source, corresponding optimal network safeguard is forwarded to, touched
Send out optimal network safeguard and filtration treatment is carried out to the packet of reception, and the packet after filtration treatment is sent to corresponding
Client server.
Preferably, in the IP address based on each network protection equipment being locally stored, and the IP of each attack source
Location, when determining the nearest network protection equipment of each group of attack source respectively, the first determining unit is specifically used for:
Respectively following operate is performed for each group of attack source:
Integrated network distance of one group of attack source respectively between each network protection equipment is determined, wherein, one group is attacked
The integrated network distance hit between source and a network protection equipment represents each attack source and one included in one group of attack source
Network distance between individual network protection equipment plus and;
It is determined that the minimum value of each integrated network distance obtained, and using network protection equipment corresponding to minimum value as one
The nearest network protection equipment of group attack source.
Preferably, set in the type of service of the packet based on each group attack source and the nearest network protection of each group attack source
It is standby, according to default allocation rule, when determining the optimal network safeguard of each group of attack source respectively, the second determining unit tool
Body is used for:
When determining that the type of service of the packet of attack source accesses class business for website, respectively by each group of attack source most
Nearly network protection equipment is as itself corresponding optimal network safeguard;Or
When determining that the type of service of the packet of attack source accesses class business for non-website, obtain in network attack information also
Comprising each attack source attack traffic, and calculate respectively the attack traffic of each attack source in each group of attack source plus
With, and using it is each plus and in maximum corresponding to one group of attack source nearest network protection equipment as each group attack source most
Excellent network protection equipment.
Preferably, processing unit is additionally operable to:
If the type of service of the packet of attack source, which is website, accesses class business, performed respectively for each group of attack source
Operate below:
Receive the flow status information that each network protection equipment reports according to preset duration;
When determining that the flow status information of the optimal network safeguard of one group of attack source characterizes flow saturation, one group is obtained
Attack source characterizes the integrated network distance between unsaturated network protection equipment with each flow status information respectively;
By network protection equipment corresponding to the minimum value in each integrated network of acquisition distance, as one group of attack source more
Optimal network safeguard after new.
Preferably, processing unit is additionally operable to:
Receive the flow status information that each network protection equipment reports according to preset duration;
Determine that the type of service of the packet of attack source accesses class business, and the optimal net of each group attack source for non-website
When the flow status information of network safeguard characterizes flow saturation, the attack of each attack source in each group of attack source is calculated respectively
Flow plus and, and calculate it is each plus and in maximum corresponding to one group of attack source respectively with each flow status sign not
The integrated network distance of the network protection equipment of saturation, and network corresponding to the minimum value in each integrated network distance is prevented
Protect the optimal network safeguard after equipment updates as each group attack source.
In the embodiment of the present application, the network attack information that network monitor equipment reports is received, wherein, in network attack information
The type of service of internet protocol address comprising each attack source and the packet of each attack source;According to each attack source
IP address, each attack source is grouped according to area distribution, and based on each network protection equipment being locally stored
IP address, and the IP address of each attack source, the nearest network protection equipment of each group of attack source is determined respectively;Based on each group
The type of service of the packet of attack source and the nearest network protection equipment of each group attack source, according to default allocation rule, divide
The optimal network safeguard of each group of attack source is not determined, wherein, allocation rule is used for the industry of the packet according to attack source
Service type, corresponding network protection equipment recently is selected as optimal network safeguard;The data that each group attack source is sent
Bag, is forwarded to corresponding optimal network safeguard, and triggering optimal network safeguard is carried out at filtering to the packet of reception
Reason, and the packet after filtration treatment is sent to corresponding client server.In this manner it is possible to prevented according to attack source and network
The type of service of the packet of device network distance and attack source is protected, determines the optimal network safeguard of attack source, and use
The packet that above-mentioned optimal network safeguard is sent to attack source carries out filtration treatment, suppresses network attack from source, saves
The broadband of each node of backbone network and each node of other convergences, reduces network congestion, improves the peace of network
Quan Xing.
Brief description of the drawings
Fig. 1 is the configuration diagram of the system of network safety prevention in the embodiment of the present application one;
Fig. 2 a are the flow chart of the method for network safety prevention in the embodiment of the present application one;
Fig. 2 b are the schematic diagram of the method for network safety prevention in the embodiment of the present application one;
Fig. 3 is the flow chart of the method for network safety prevention in the embodiment of the present application two;
Fig. 4 is the structural representation of the device of network safety prevention in the embodiment of the present application.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present application, the technical scheme in the embodiment of the present application is carried out clear, complete
Site preparation describes, it is clear that described embodiment is only some embodiments of the present application, is not whole embodiments.It is based on
The embodiment of the present application, the every other implementation that those of ordinary skill in the art are obtained under the premise of creative work is not made
Example, belong to the scope of the application protection.
In order to when carrying out network safety prevention, save the broadband of each node of backbone network, reduce network congestion, improve
The security of network, in the embodiment of the present application, a kind of method of network safety prevention is devised, this method is according to attack source
With network protection device network distance and the type of service of the packet of attack source, determine that the optimal network protection of attack source is set
It is standby, and the packet sent using above-mentioned optimal network safeguard to attack source carries out filtration treatment, further, will filter
Packet after processing is sent to corresponding client server.
The application preferred embodiment is described in detail below in conjunction with the accompanying drawings.
As shown in fig.1, the configuration diagram of the system for network safety prevention, including dispatch server, network monitor
Equipment, core routing device, routing device, client and network protection equipment.Before network safety prevention is carried out, to net
The idiographic flow that network monitoring device is configured is as follows:
First, network monitor equipment is disposed, following two modes can be used:
First way is:Can distributed deployment, i.e., each network monitor equipment is deployed in the network of client respectively
Porch, and be connected with the routing device of porch.
The second way is:Centralized deployment, i.e., by network monitor deployed with devices in backbone network, and with the core of backbone network
Routing device connects.
Then, dispatch server issues configuration information to each network monitor equipment.Wherein, configuration information includes what is reported
Preset duration, attack alarm threshold etc..
Further, network monitor equipment receives the configuration information that dispatch server issues, and according to configuration information to this
Ground is configured.
After being disposed to each network monitor equipment, it is possible to by each network monitor equipment to network attack
It is monitored, determines the attack source of network attack, and the packet of attack source is carried out accordingly by network protection equipment
Processing.
Because the type of service of the packet of attack source is divided into website access class business and non-website access class business, because
This, in the embodiment of the present application, according to the type of service of the packet of attack source, is respectively adopted two application scenarios to network security
The idiographic flow of protection illustrates.First application scenarios be:The type of service of the packet of attack source is that class is accessed in website
Business.Second application scenarios be:The type of service of the packet of attack source is that class business is accessed in non-website.
Refering to shown in Fig. 2 a, in the embodiment of the present application one, the tool of the network safety prevention to above-mentioned first application scenarios
Body flow is further elaborated:
Step 200:Network monitor equipment periodically carries out sampling point according to preset duration to each packet of transmission
Analysis, obtain analysis result.
Step 201:Network monitor equipment is based on analysis result, determines existing network attack.
Step 202:Network monitor equipment is by network attack information reporting to dispatch server.
Specifically, when performing step 202, the IP address of multiple attack sources is included in network attack information.So-called attack source
For the network equipment of illegal molecule control, e.g., computer.
Step 203:Dispatch server determines the nearest network protection equipment of attack source.
Specifically, first, dispatch service obtains the IP address of each attack source included in network attack information, and obtains
Take the IP address for each network protection equipment being locally stored.
Then, dispatch server is divided each attack source according to area distribution according to the IP address of each attack source
Group.
Wherein, each attack source is grouped according to area distribution, can be in the following ways:
Each attack source corresponding to the IP address of the same region network segment is divided into one group by dispatch server, or, adjust
Each attack source corresponding to the IP address of adjacent multiple region network segments is divided into one group by degree server.
In this manner it is possible to according to the IP address of attack source, the area distribution of attack source is determined, and according to each attack source
Area distribution is divided.
For example, the IP address that dispatch server obtains each attack source is respectively:192.168.1.0/24、
192.168.2.0/24、192.168.3.0/24、192.168.4.0/24、192.168.5.0/24、192.126.1.0/24、
192.126.2.0/24、192.126.3.0/24、192.126.4.0/24、192.126.5.0/24.Then dispatch server will be each
Individual attack source is divided into two groups, and first group of G1 includes:192.168.1.0/24、192.168.2.0/24、192.168.3.0/24、
192.168.4.0/24、192.168.5.0/24.Second group of G2 includes:192.126.1.0/24、192.126.2.0/24、
192.126.3.0/24、192.126.4.0/24、192.126.5.0/24。
Then, the IP address of IP address of the dispatch server based on each attack source and each network protection equipment, respectively
Calculate the network distance between each attack source and each network protection equipment.
Finally, network distance of the dispatch server based on acquisition, the nearest network protection equipment of each group of attack source is determined.
Network protection equipment is used to filter the packet comprising attack data, realizes network safety prevention.
Wherein, by taking one group of attack source as an example, the nearest network protection equipment of pair each group of attack source of determination, illustrate:
First, dispatch server is determined between each attack source included in one group of attack source and a network protection equipment
Network distance plus and, as the integrated network distance between above-mentioned one group of attack source and said one network protection equipment.
For example, between each attack source included in one group of attack source and a network protection equipment network distance (d1,
D2, d3, d4, d5) value is (1,3,2,1,3).Then determine between above-mentioned one group of attack source and said one network protection equipment
Network synthesis distance s1=1+3+2+1+3=10.
Based on identical principle, dispatch server determine respectively above-mentioned one group of attack source and each network protection equipment it
Between integrated network distance, will not be repeated here.
Then, dispatch server determines the minimum value of each integrated network distance obtained, and by corresponding to the minimum value
Nearest network protection equipment of the network protection equipment as above-mentioned one group of attack source.
For example, attack source group G1 integrated network distance respectively s1=10, the s2=7 with 3 network protection equipment respectively,
S3=9, then the minimum value for each network synthesis distance that dispatch server determination obtains is 7, and corresponding second network protection is set
It is standby, and the nearest network protection equipment using second network protection equipment as attack source group G1.
In the embodiment of the present application, only to be illustrated exemplified by determining the nearest network protection equipment of one group of attack source, it is based on
Identical principle, it may be determined that the nearest network protection equipment of each group attack source, will not be repeated here.In this manner it is possible to determine
The network protection equipment nearest with the network distance of each group of attack source.
Step 204:Dispatch server determines that the type of service of the packet of attack source accesses class business for website.
Specifically, dispatch server obtains the service class of the packet of each attack source included in network attack information
Type, determine that the type of service of the packet of attack source accesses class business for website.Wherein, access class business in website refers to that client takes
Business device provides the network service based on dns resolution.
Step 205:Dispatch server receives each network protection equipment according to the flow status information periodically reported.
Step 206:Dispatch server determines the optimal network safeguard of attack source.
Specifically, dispatch server is respectively by the nearest network protection equipment of each group of attack source directly as accordingly most
Excellent network protection equipment.
Further, the flow status information of each network protection equipment of the dispatch server based on periodic receipt, really
Surely when the flow status information that the optimal network safeguard of one group of attack source be present characterizes flow saturation, to the optimal of attack source
Network protection equipment is adjusted.
Wherein, the optimal network safeguard of attack source is adjusted, can be in the following ways:
First, obtain one group of attack source characterized respectively with each flow status information unsaturated network protection equipment it
Between integrated network distance.
Then, by network protection equipment corresponding to the minimum value in each integrated network distance of acquisition, attacked as one group
The optimal network safeguard hit after the renewal of source.
For example, refer to shown in Fig. 2 b, the schematic diagram of the method for network safety prevention.Dispatch server determines attack source group 1
With attack source group 3 corresponding to optimal network safeguard be network protection device A, corresponding to attack source group 2 optimal network protect
Equipment is network protection equipment B, and optimal network safeguard corresponding to the group N of attack source is network protection equipment C.
In this manner it is possible in the flow saturation of optimal network safeguard, by the optimal network safeguard of attack source
It is adjusted, is adjusted to the suboptimum network protection equipment of relative free, realize the load balancing of network protection equipment, improves net
The efficiency of network security protection.
Step 207:IP address of the dispatch server based on optimal network safeguard corresponding to attack source, to attack source
The URL of packet corresponds to IP address and is adjusted.
So, class business is accessed for website, it is possible to pointed to by adjusting DNS, be distributed and distribute according to packet source IP
Analysis results of the IP of different network protection equipment as DNS, allow different packets using the IP forwardings after adjustment
To different network protection equipment.
Step 208:The packet of each group attack source after adjustment is forwarded to corresponding optimal network and prevented by dispatch server
Protect equipment.
Further, the packet that dispatch server sends non-attack source is also forwarded to corresponding network protection recently and set
It is standby, in subsequent steps, all packets are all filtered by network protection equipment.Improve the security of network.
In this manner it is possible to the packet of each attack source is sent to the network protection equipment nearest apart from attack source, from
And network attack is protected on source, and the broadband of backbone network and other aggregation nodes has been saved, avoid network
Obstruction.
Step 209:Each packet of reception is carried out filtration treatment by network protection equipment.
Step 210:Packet after filtration treatment is forwarded to corresponding client server by network protection equipment.
Step 211:Packet of the client server based on reception, complete service request.
As shown in fig.3, in the embodiment of the present application two, network safety prevention to above-mentioned second application scenarios it is specific
Flow is further elaborated:
Step 300:Network monitor equipment periodically carries out sampling point according to preset duration to each packet of transmission
Analysis, obtain analysis result.
Step 301:Network monitor equipment is based on analysis result, determines existing network attack.
Step 302:Network monitor equipment is by network attack information reporting to dispatch server.
Specifically, when performing step 302, the IP address of multiple attack sources is included in network attack information.So-called attack source
For the network equipment of illegal molecule control.
Step 303:Dispatch server is based on network attack information, and each attack source included in network attack information is entered
Row packet.
Specifically, first, dispatch service obtains the IP address of each attack source included in network attack information, and obtains
Take the IP address for each network protection equipment being locally stored.
Then, dispatch server is divided each attack source according to area distribution according to the IP address of each attack source
Group.
Wherein, each attack source is grouped according to area distribution, can be in the following ways:
Each attack source corresponding to the IP address of the same region network segment is divided into one group by dispatch server, or, adjust
Each attack source corresponding to the IP address of adjacent multiple region network segments is divided into one group by degree server.
In this manner it is possible to according to the IP address of attack source, the area distribution of attack source is determined, and according to each attack source
Area distribution is divided.
Step 304:Dispatch server determines that the type of service of the packet of attack source accesses class business for non-website.
Specifically, dispatch server obtains the service class of the packet of each attack source included in network attack information
Type, determine that the type of service of the packet of attack source accesses class business for non-website.Wherein, non-website access class business, i.e., not
Network based on dns resolution transmission.
Step 305:Dispatch server receives each network protection equipment according to the flow status information periodically reported.
Step 306:Dispatch server determines an optimal network safeguard.
Specifically, first, dispatch server obtains the attack traffic of each attack source also included in network attack information,
And calculate respectively the attack traffic of each attack source in each group of attack source plus and.
Then, dispatch server based on it is each plus and in maximum corresponding to one group of attack source IP address and each net
The IP address of network safeguard, calculate respectively integrated network between above-mentioned one group of attack source and each network protection equipment away from
From determining the nearest network that network protection equipment corresponding to the minimum value in each integrated network distance is above-mentioned one group of attack source
Safeguard.Wherein, the integrated network distance between one group of attack source and a network protection equipment is represented in one group of attack source
Comprising each attack source and a network protection equipment between network distance plus and.
Finally, dispatch server is set the nearest network protection equipment of acquisition as the optimal network protection of each group attack source
It is standby.
Further, the flow status information of each network protection equipment of the dispatch server based on periodic receipt, really
When determining the flow status information sign flow saturation of optimal network safeguard, each attack in each group of attack source is calculated respectively
The attack traffic in source plus and, and calculate it is each plus and in maximum corresponding to one group of attack source respectively with each flow shape
State characterizes the integrated network distance of unsaturated network protection equipment, and the minimum value in each integrated network distance is corresponding
Network protection equipment as each group attack source update after optimal network safeguard.
In this manner it is possible in the flow saturation of optimal network safeguard, by the optimal network safeguard of attack source
It is adjusted, is adjusted to the suboptimum network protection equipment of relative free.
Step 307:IP address of the dispatch server based on optimal network safeguard, issues instruction:To each in network
The routing table information of routing device is modified.
So, for non-website access class business, due to can not by packet adjust DNS point to by way of to data
The purpose IP of bag is modified, therefore, it is impossible to be transmitted to each packet using directly optimal corresponding to each attack source packet
Network protection device IP, but by the way that the routing table in each routing device in network is modified, so that each data
Bao Jun is transmitted according to the new routing table information in route, and because the modification of routing table is route by being sent to the whole network
What bulletin was carried out, it is towards whole network, therefore, a network protection equipment can only be chosen as the optimal of each group attack source
Network protection equipment, i.e., using network protection equipment corresponding to a maximum attack source packet of attack traffic as each group attack source
Optimal network safeguard.
Step 308:The packet of each group attack source after adjustment is forwarded to optimal network protection and set by dispatch server
It is standby.
Specifically, dispatch server by route according to amended routing table information, by the packet of each group attack source
It is forwarded to optimal network safeguard.
Further, the packet in non-attack source is forwarded to the nearest network protection of each group attack source and set by dispatch server
It is standby, so as in subsequent steps, all be filtered to all packets by network protection equipment, improve the safety of network
Property.
Step 309:Each packet of reception is carried out filtration treatment by network protection equipment.
Step 310:Packet after filtration treatment is forwarded to corresponding client server by network protection equipment.
Step 311:Packet of the client server based on reception, complete service request.
Based on above-described embodiment, as shown in fig.4, the structural representation of the device of network safety prevention, the application is implemented
In example, the device of network safety prevention specifically includes:
Receiving unit 40, the network attack information reported for receiving network monitor equipment, wherein, in network attack information
The type of service of internet protocol address comprising each attack source and the packet of each attack source;
First determining unit 41, for the IP address according to each attack source, each attack source is entered according to area distribution
Row packet, and based on the IP address for each network protection equipment being locally stored, and the IP address of each attack source, it is true respectively
The nearest network protection equipment of fixed each group of attack source;
Second determining unit 42, for the packet based on each group attack source type of service and each group attack source it is nearest
Network protection equipment, according to default allocation rule, the optimal network safeguard of each group of attack source is determined respectively, wherein,
Allocation rule is used for the type of service of the packet according to attack source, selects corresponding network protection equipment recently as optimal net
Network safeguard;
Processing unit 43, for the packet for sending each group attack source, corresponding optimal network safeguard is forwarded to,
Trigger optimal network safeguard and filtration treatment is carried out to the packet of reception, and the packet after filtration treatment is sent to phase
The client server answered.
Preferably, in the IP address based on each network protection equipment being locally stored, and the IP of each attack source
Location, when determining the nearest network protection equipment of each group of attack source respectively, the first determining unit 41 is specifically used for:
Respectively following operate is performed for each group of attack source:
Integrated network distance of one group of attack source respectively between each network protection equipment is determined, wherein, one group is attacked
The integrated network distance hit between source and a network protection equipment represents each attack source and one included in one group of attack source
Network distance between individual network protection equipment plus and;
It is determined that the minimum value of each integrated network distance obtained, and using network protection equipment corresponding to minimum value as one
The nearest network protection equipment of group attack source.
Preferably, set in the type of service of the packet based on each group attack source and the nearest network protection of each group attack source
It is standby, according to default allocation rule, when determining the optimal network safeguard of each group of attack source respectively, the second determining unit 42
It is specifically used for:
When determining that the type of service of the packet of attack source accesses class business for website, respectively by each group of attack source most
Nearly network protection equipment is as itself corresponding optimal network safeguard;Or
When determining that the type of service of the packet of attack source accesses class business for non-website, obtain in network attack information also
Comprising each attack source attack traffic, and calculate respectively the attack traffic of each attack source in each group of attack source plus
With, and using it is each plus and in maximum corresponding to one group of attack source nearest network protection equipment as each group attack source most
Excellent network protection equipment.
Preferably, processing unit 43 is additionally operable to:
If the type of service of the packet of attack source, which is website, accesses class business, performed respectively for each group of attack source
Operate below:
Receive the flow status information that each network protection equipment reports according to preset duration;
When determining that the flow status information of the optimal network safeguard of one group of attack source characterizes flow saturation, one group is obtained
Attack source characterizes the integrated network distance between unsaturated network protection equipment with each flow status information respectively;
By network protection equipment corresponding to the minimum value in each integrated network of acquisition distance, as one group of attack source more
Optimal network safeguard after new.
Preferably, processing unit 43 is additionally operable to:
Receive the flow status information that each network protection equipment reports according to preset duration;
Determine that the type of service of the packet of attack source accesses class business, and the optimal net of each group attack source for non-website
When the flow status information of network safeguard characterizes flow saturation, the attack of each attack source in each group of attack source is calculated respectively
Flow plus and, and calculate it is each plus and in maximum corresponding to one group of attack source respectively with each flow status sign not
The integrated network distance of the network protection equipment of saturation, and network corresponding to the minimum value in each integrated network distance is prevented
Protect the optimal network safeguard after equipment updates as each group attack source.
In the embodiment of the present application, the network attack information that network monitor equipment reports is received, wherein, in network attack information
The type of service of internet protocol address comprising each attack source and the packet of each attack source;According to each attack source
IP address, each attack source is grouped according to area distribution, and based on each network protection equipment being locally stored
IP address, and the IP address of each attack source, the nearest network protection equipment of each group of attack source is determined respectively;Based on each group
The type of service of the packet of attack source and the nearest network protection equipment of each group attack source, according to default allocation rule, divide
The optimal network safeguard of each group of attack source is not determined, wherein, allocation rule is used for the industry of the packet according to attack source
Service type, corresponding network protection equipment recently is selected as optimal network safeguard;The data that each group attack source is sent
Bag, is forwarded to corresponding optimal network safeguard, and triggering optimal network safeguard is carried out at filtering to the packet of reception
Reason, and the packet after filtration treatment is sent to corresponding client server.In this manner it is possible to prevented according to attack source and network
The type of service of the packet of device network distance and attack source is protected, determines the optimal network safeguard of attack source, and use
The packet that above-mentioned optimal network safeguard is sent to attack source carries out filtration treatment, suppresses network attack from source, saves
The broadband of each node of backbone network and each node of other convergences, reduces network congestion, improves the peace of network
Quan Xing.
It should be understood by those skilled in the art that, the embodiment in the embodiment of the present application can be provided as method, system or meter
Calculation machine program product.Therefore, complete hardware embodiment, complete software embodiment can be used in the embodiment of the present application or is combined soft
The form of the embodiment of part and hardware aspect.Wherein include meter in one or more moreover, can be used in the embodiment of the present application
The computer-usable storage medium of calculation machine usable program code (includes but is not limited to magnetic disk storage, CD-ROM, optical memory
Deng) on the form of computer program product implemented.
It is with reference to according to the method for embodiment, equipment (system) and calculating in the embodiment of the present application in the embodiment of the present application
The flow chart and/or block diagram of machine program product describes.It should be understood that can by computer program instructions implementation process figure and/or
Each flow and/or square frame in block diagram and the flow in flow chart and/or block diagram and/or the combination of square frame.It can carry
For the processing of these computer program instructions to all-purpose computer, special-purpose computer, Embedded Processor or other programmable datas
The processor of equipment is to produce a machine so that passes through computer or the computing device of other programmable data processing devices
Instruction produce for realize refer in one flow of flow chart or multiple flows and/or one square frame of block diagram or multiple square frames
The device of fixed function.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
Although having been described for the preferred embodiment in the embodiment of the present application, those skilled in the art once know
Basic creative concept, then other change and modification can be made to these embodiments.So appended claims are intended to explain
To include preferred embodiment and fall into being had altered and changing for scope in the embodiment of the present application.
Obviously, those skilled in the art can in the embodiment of the present application embodiment carry out it is various change and modification without
Depart from the spirit and scope of embodiment in the embodiment of the present application.So, if in the embodiment of the present application embodiment these modification
Within the scope of belonging in the embodiment of the present application claim and its equivalent technologies with modification, then it is also intended in the embodiment of the present application
Including these changes and modification.
Claims (10)
- A kind of 1. method of network safety prevention, it is characterised in that including:The network attack information that network monitor equipment reports is received, wherein, each attack source is included in the network attack information Internet protocol address and each attack source packet type of service;According to the IP address of each attack source, each attack source is grouped according to area distribution, and based on being locally stored The IP address of each network protection equipment, and the IP address of each attack source, the nearest net of each group of attack source is determined respectively Network safeguard;The type of service of packet based on each group attack source and the nearest network protection equipment of each group attack source, according to default Allocation rule, the optimal network safeguard of each group of attack source is determined respectively, wherein, the allocation rule is used for according to attack The type of service of the packet in source, corresponding network protection equipment recently is selected as optimal network safeguard;The packet that each group attack source is sent, is forwarded to corresponding optimal network safeguard, and triggering optimal network protection is set The standby packet to reception carries out filtration treatment, and the packet after filtration treatment is sent to corresponding client server.
- 2. the method as described in claim 1, it is characterised in that the IP based on each network protection equipment being locally stored Location, and the IP address of each attack source, the nearest network protection equipment of each group of attack source is determined respectively, is specifically included:Respectively following operate is performed for each group of attack source:Integrated network distance of one group of attack source respectively between each network protection equipment is determined, wherein, one group of attack source Integrated network distance between a network protection equipment represents each attack source and the institute included in one group of attack source State the network distance between a network protection equipment plus and;It is determined that the minimum value of each integrated network distance obtained, and using network protection equipment corresponding to the minimum value as institute State the nearest network protection equipment of one group of attack source.
- 3. method as claimed in claim 2, it is characterised in that the type of service and each group of the packet based on each group attack source The nearest network protection equipment of attack source, according to default allocation rule, determine that the optimal network of each group of attack source is prevented respectively Equipment is protected, is specifically included:When determining that the type of service of the packet of attack source accesses class business for website, respectively by the nearest net of each group of attack source Network safeguard is as itself corresponding optimal network safeguard;OrWhen determining that the type of service of the packet of attack source accesses class business for non-website, obtain and also included in network attack information Each attack source attack traffic, and calculate respectively the attack traffic of each attack source in each group of attack source plus and, and Optimal net using the nearest network protection equipment of one group of attack source corresponding to each maximum added with as each group attack source Network safeguard.
- 4. method as claimed in claim 2 or claim 3, it is characterised in that further comprise:If the type of service of the packet of attack source, which is website, accesses class business, performed respectively for each group of attack source following Operation:Receive the flow status information that each network protection equipment reports according to preset duration;When determining that the flow status information of the optimal network safeguard of one group of attack source characterizes flow saturation, described one group is obtained Attack source characterizes the integrated network distance between unsaturated network protection equipment with each flow status information respectively;By network protection equipment corresponding to the minimum value in each integrated network of acquisition distance, as one group of attack source more Optimal network safeguard after new.
- 5. method as claimed in claim 2 or claim 3, it is characterised in that further comprise:Receive the flow status information that each network protection equipment reports according to preset duration;Determine that the type of service of the packet of attack source accesses class business for non-website, and the optimal network of each group attack source is prevented When protecting the flow status information sign flow saturation of equipment, the attack traffic of each attack source in each group of attack source is calculated respectively Plus and, and calculate it is each plus and in maximum corresponding to one group of attack source respectively with each flow status characterize unsaturation Network protection equipment integrated network distance, and by each integrated network distance in minimum value corresponding to network protection set Optimal network safeguard after the standby renewal as each group attack source.
- A kind of 6. device of network safety prevention, it is characterised in that including:Receiving unit, the network attack information reported for receiving network monitor equipment, wherein, wrapped in the network attack information The type of service of the packet of internet protocol address and each attack source containing each attack source;First determining unit, for the IP address according to each attack source, each attack source is grouped according to area distribution, And based on the IP address for each network protection equipment being locally stored, and the IP address of each attack source, determine respectively each The nearest network protection equipment of group attack source;Second determining unit, prevent for the type of service of the packet based on each group attack source and the nearest network of each group attack source Equipment is protected, according to default allocation rule, determines the optimal network safeguard of each group of attack source respectively, wherein, described point It is used for the type of service of the packet according to attack source with rule, selects corresponding network protection equipment recently as optimal network Safeguard;Processing unit, for the packet for sending each group attack source, corresponding optimal network safeguard is forwarded to, triggering is most The packet that excellent network protection equipment interconnection is received carries out filtration treatment, and the packet after filtration treatment is sent to corresponding visitor Family server.
- 7. device as claimed in claim 6, it is characterised in that in the IP based on each network protection equipment being locally stored Location, and the IP address of each attack source, when determining the nearest network protection equipment of each group of attack source respectively, described first is true Order member is specifically used for:Respectively following operate is performed for each group of attack source:Integrated network distance of one group of attack source respectively between each network protection equipment is determined, wherein, one group of attack source Integrated network distance between a network protection equipment represents each attack source and the institute included in one group of attack source State the network distance between a network protection equipment plus and;It is determined that the minimum value of each integrated network distance obtained, and using network protection equipment corresponding to the minimum value as institute State the nearest network protection equipment of one group of attack source.
- 8. device as claimed in claim 7, it is characterised in that in the type of service of the packet based on each group attack source and each The nearest network protection equipment of group attack source, according to default allocation rule, the optimal network of each group of attack source is determined respectively During safeguard, second determining unit is specifically used for:When determining that the type of service of the packet of attack source accesses class business for website, respectively by the nearest net of each group of attack source Network safeguard is as itself corresponding optimal network safeguard;OrWhen determining that the type of service of the packet of attack source accesses class business for non-website, obtain and also included in network attack information Each attack source attack traffic, and calculate respectively the attack traffic of each attack source in each group of attack source plus and, and Optimal net using the nearest network protection equipment of one group of attack source corresponding to each maximum added with as each group attack source Network safeguard.
- 9. device as claimed in claim 7 or 8, it is characterised in that the processing unit is additionally operable to:If the type of service of the packet of attack source, which is website, accesses class business, performed respectively for each group of attack source following Operation:Receive the flow status information that each network protection equipment reports according to preset duration;When determining that the flow status information of the optimal network safeguard of one group of attack source characterizes flow saturation, described one group is obtained Attack source characterizes the integrated network distance between unsaturated network protection equipment with each flow status information respectively;By network protection equipment corresponding to the minimum value in each integrated network of acquisition distance, as one group of attack source more Optimal network safeguard after new.
- 10. device as claimed in claim 7 or 8, it is characterised in that the processing unit is additionally operable to:Receive the flow status information that each network protection equipment reports according to preset duration;Determine that the type of service of the packet of attack source accesses class business for non-website, and the optimal network of each group attack source is prevented When protecting the flow status information sign flow saturation of equipment, the attack traffic of each attack source in each group of attack source is calculated respectively Plus and, and calculate it is each plus and in maximum corresponding to one group of attack source respectively with each flow status characterize unsaturation Network protection equipment integrated network distance, and by each integrated network distance in minimum value corresponding to network protection set Optimal network safeguard after the standby renewal as each group attack source.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710672623.7A CN107493276B (en) | 2017-08-08 | 2017-08-08 | Network security protection method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710672623.7A CN107493276B (en) | 2017-08-08 | 2017-08-08 | Network security protection method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107493276A true CN107493276A (en) | 2017-12-19 |
CN107493276B CN107493276B (en) | 2020-04-07 |
Family
ID=60644022
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710672623.7A Active CN107493276B (en) | 2017-08-08 | 2017-08-08 | Network security protection method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107493276B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108156079A (en) * | 2017-12-29 | 2018-06-12 | 深信服网络科技(深圳)有限公司 | A kind of data packet forwarding system and method based on cloud service platform |
CN110336801A (en) * | 2019-06-20 | 2019-10-15 | 杭州安恒信息技术股份有限公司 | A kind of method of anti-DDoS equipment selection |
CN111131239A (en) * | 2019-12-23 | 2020-05-08 | 杭州安恒信息技术股份有限公司 | Network security device, method, equipment and medium |
CN113132308A (en) * | 2019-12-31 | 2021-07-16 | 华为技术有限公司 | Network security protection method and protection equipment |
CN113783884A (en) * | 2021-09-16 | 2021-12-10 | 杭州安恒信息技术股份有限公司 | Synflood attack protection method, device, equipment and storage medium |
CN113905058A (en) * | 2021-10-18 | 2022-01-07 | 杭州安恒信息技术股份有限公司 | WAF and DDoS high-protection-based protection method, device and medium |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101242415A (en) * | 2001-12-10 | 2008-08-13 | 思科技术公司 | Method and device for filtering and analyzing communication traffic based on packet |
CN102111394A (en) * | 2009-12-28 | 2011-06-29 | 成都市华为赛门铁克科技有限公司 | Network attack protection method, equipment and system |
CN102271068A (en) * | 2011-09-06 | 2011-12-07 | 电子科技大学 | Method for detecting DOS/DDOS (denial of service/distributed denial of service) attack |
CN103491076A (en) * | 2013-09-09 | 2014-01-01 | 杭州华三通信技术有限公司 | Method and system for defending against network attacks |
US20150271056A1 (en) * | 2014-03-18 | 2015-09-24 | Telefonaktiebolaget L M Ericsson (Publ) | OPTIMIZED APPROACH TO IS-IS lFA COMPUTATION WITH PARALLEL LINKS |
CN104967588A (en) * | 2014-05-26 | 2015-10-07 | 腾讯科技(深圳)有限公司 | Protection method, apparatus and system for distributed denial of service DDoS (distributed denial of service) attack |
US20150365271A1 (en) * | 2014-06-13 | 2015-12-17 | Telefonaktiebolaget L M Ericsson (Publ) | Optimization to expand is-is leaf nodes during lfa computation |
CN106161333A (en) * | 2015-03-24 | 2016-11-23 | 华为技术有限公司 | DDOS attack means of defence based on SDN, Apparatus and system |
-
2017
- 2017-08-08 CN CN201710672623.7A patent/CN107493276B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101242415A (en) * | 2001-12-10 | 2008-08-13 | 思科技术公司 | Method and device for filtering and analyzing communication traffic based on packet |
CN102111394A (en) * | 2009-12-28 | 2011-06-29 | 成都市华为赛门铁克科技有限公司 | Network attack protection method, equipment and system |
CN102271068A (en) * | 2011-09-06 | 2011-12-07 | 电子科技大学 | Method for detecting DOS/DDOS (denial of service/distributed denial of service) attack |
CN103491076A (en) * | 2013-09-09 | 2014-01-01 | 杭州华三通信技术有限公司 | Method and system for defending against network attacks |
US20150271056A1 (en) * | 2014-03-18 | 2015-09-24 | Telefonaktiebolaget L M Ericsson (Publ) | OPTIMIZED APPROACH TO IS-IS lFA COMPUTATION WITH PARALLEL LINKS |
CN104967588A (en) * | 2014-05-26 | 2015-10-07 | 腾讯科技(深圳)有限公司 | Protection method, apparatus and system for distributed denial of service DDoS (distributed denial of service) attack |
US20150365271A1 (en) * | 2014-06-13 | 2015-12-17 | Telefonaktiebolaget L M Ericsson (Publ) | Optimization to expand is-is leaf nodes during lfa computation |
CN106161333A (en) * | 2015-03-24 | 2016-11-23 | 华为技术有限公司 | DDOS attack means of defence based on SDN, Apparatus and system |
Non-Patent Citations (1)
Title |
---|
李国军: "大流量DDoS攻击防护方案探讨", 《邮电设计技术》 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108156079A (en) * | 2017-12-29 | 2018-06-12 | 深信服网络科技(深圳)有限公司 | A kind of data packet forwarding system and method based on cloud service platform |
CN108156079B (en) * | 2017-12-29 | 2021-08-13 | 深信服科技股份有限公司 | Data packet forwarding system and method based on cloud service platform |
CN110336801A (en) * | 2019-06-20 | 2019-10-15 | 杭州安恒信息技术股份有限公司 | A kind of method of anti-DDoS equipment selection |
CN110336801B (en) * | 2019-06-20 | 2021-07-06 | 杭州安恒信息技术股份有限公司 | Method for selecting anti-DDoS (distributed denial of service) equipment |
CN111131239A (en) * | 2019-12-23 | 2020-05-08 | 杭州安恒信息技术股份有限公司 | Network security device, method, equipment and medium |
CN111131239B (en) * | 2019-12-23 | 2022-03-22 | 杭州安恒信息技术股份有限公司 | Network security device, method, equipment and medium |
CN113132308A (en) * | 2019-12-31 | 2021-07-16 | 华为技术有限公司 | Network security protection method and protection equipment |
CN113132308B (en) * | 2019-12-31 | 2022-05-17 | 华为技术有限公司 | Network security protection method and protection equipment |
CN113783884A (en) * | 2021-09-16 | 2021-12-10 | 杭州安恒信息技术股份有限公司 | Synflood attack protection method, device, equipment and storage medium |
CN113905058A (en) * | 2021-10-18 | 2022-01-07 | 杭州安恒信息技术股份有限公司 | WAF and DDoS high-protection-based protection method, device and medium |
Also Published As
Publication number | Publication date |
---|---|
CN107493276B (en) | 2020-04-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107493276A (en) | A kind of method and device of network safety prevention | |
Chen et al. | Measuring TCP round-trip time in the data plane | |
CN108040057B (en) | Working method of SDN system suitable for guaranteeing network security and network communication quality | |
Wang et al. | Mitigating bandwidth-exhaustion attacks using congestion puzzles | |
US7120934B2 (en) | System, method and apparatus for detecting, identifying and responding to fraudulent requests on a network | |
EP2612488B1 (en) | Detecting botnets | |
EP1806888B1 (en) | Denial-of-service attack detecting system, and denial-of-service attack detecting method | |
WO2017107780A1 (en) | Method, device and system for recognizing illegitimate proxy for charging fraud | |
CN104333529B (en) | The detection method and system of HTTP dos attacks under a kind of cloud computing environment | |
CN102801738B (en) | Distributed DoS (Denial of Service) detection method and system on basis of summary matrices | |
CN107360184B (en) | Terminal equipment authentication method and device | |
CN106131031B (en) | Method and device for cleaning and processing DDoS (distributed denial of service) flow | |
CN101505219B (en) | Method and protecting apparatus for defending denial of service attack | |
CN106713216A (en) | Flow processing method, device and system | |
CN106357685A (en) | Method and device for defending distributed denial of service attack | |
CN108322417A (en) | Processing method, device and system and the safety equipment of network attack | |
EP1678615A2 (en) | Policy-based network security management | |
CN109005175A (en) | Network protection method, apparatus, server and storage medium | |
Seo et al. | APFS: adaptive probabilistic filter scheduling against distributed denial-of-service attacks | |
CN105812318B (en) | For preventing method, controller and the system of attack in a network | |
CN113992539B (en) | Network security dynamic route hopping method and system | |
CN107426241A (en) | A kind of method and device of network safety prevention | |
CN110213214A (en) | A kind of attack guarding method, system, device and storage medium | |
CN109617753A (en) | A kind of platform management method, system and electronic equipment and storage medium | |
KR101039092B1 (en) | Method for protecting and isolating host in internet protocol version 6 network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP01 | Change in the name or title of a patent holder |
Address after: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building Patentee after: NSFOCUS Technologies Group Co.,Ltd. Patentee after: NSFOCUS TECHNOLOGIES Inc. Address before: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building Patentee before: NSFOCUS INFORMATION TECHNOLOGY Co.,Ltd. Patentee before: NSFOCUS TECHNOLOGIES Inc. |
|
CP01 | Change in the name or title of a patent holder |