CN109218250A - DDOS defence method and system based on failure Autonomic Migration Framework system - Google Patents

DDOS defence method and system based on failure Autonomic Migration Framework system Download PDF

Info

Publication number
CN109218250A
CN109218250A CN201710514072.1A CN201710514072A CN109218250A CN 109218250 A CN109218250 A CN 109218250A CN 201710514072 A CN201710514072 A CN 201710514072A CN 109218250 A CN109218250 A CN 109218250A
Authority
CN
China
Prior art keywords
vip
ddos
cluster
address
failure
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710514072.1A
Other languages
Chinese (zh)
Inventor
樊富春
王大力
闫庆宏
韩哲
杜菁菁
曹洪军
黄玉丹
彭聪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Duodian Online Technology Co Ltd
Original Assignee
Beijing Duodian Online Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Duodian Online Technology Co Ltd filed Critical Beijing Duodian Online Technology Co Ltd
Priority to CN201710514072.1A priority Critical patent/CN109218250A/en
Publication of CN109218250A publication Critical patent/CN109218250A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0654Management of faults, events, alarms or notifications using network fault recovery
    • H04L41/0663Performing the actions predefined by failover planning, e.g. switching to standby network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to technical field of network security, and in particular to a kind of DDOS defence method and system based on failure Autonomic Migration Framework system, wherein DDOS defence method includes: to judge that whether each address VIP is by DDOS attack in VIP cluster in domain name mapping;If the determination result is YES, then it will be abandoned by the address VIP of DDOS attack, and flow guided to the address VIP that do not attacked;If judging result be it is no, flow equalization is guided into VIP cluster on each address VIP.Technical solution of the present invention, the avoidance to attack traffic is realized by the technology of Autonomic Migration Framework, attacker attacks generally directed to VIP, VIP by DDOS attack will be abandoned automatically, and normal discharge is guided to other VIP not attacked, to avoiding server from being attacked, the problem of effective solution DDOS attack and significantly reduces cost and use difficulty.

Description

DDOS defence method and system based on failure Autonomic Migration Framework system
Technical field
The present invention relates to technical field of network security, and in particular to a kind of DDOS defence based on failure Autonomic Migration Framework system Method and system.
Background technique
With the universal and development of Internet application, everybody increasingly payes attention to user experience, so having in the market very much DDOS (distributed denial of service attack) product is taken advantage of a situation.Currently, be generally used high anti-IP, behind plus a powerful place Cluster is managed, the cluster is by the analysis to flow, using technologies such as man-machine identification, abnormality detections, is cleaned to flow, mistake Filter, clearance legitimate traffic, and shielding or discard processing mode are taken to malicious traffic stream, to realize the protection to DDOS.It is existing DDOS means of defence disadvantage is more obvious:
It is at high cost: to purchase the DDOS protection service of profession, monthly cost tens of thousands of members easily need to spend tens over a year Ten thousand, it can't bear the heavy load for small-to-medium business, venture company.
Performance is low: industry common practices be do flow cleaning, filtering, as soon as it is done so that more layers of processing, more one Layer time loss, finally will affect service response duration, influences user experience.
Have an erroneous judgement: DDOS protection generally has the technologies such as man-machine identification, abnormality detection, although technology relatively at It is ripe, but still have erroneous judgement, the access of shielded segment real user, lead to that part real user can be accidentally injured, influences user experience.
Summary of the invention
Aiming at the shortcomings existing in the above problems, the present invention provides a kind of DDOS based on failure Autonomic Migration Framework system Defence method and system.
To achieve the above object, the present invention provides a kind of DDOS defence method based on failure Autonomic Migration Framework system, comprising:
In domain name mapping, judge that whether each address VIP is by DDOS attack in VIP (Virtual IP) cluster;
If the determination result is YES, then it will be abandoned by the address VIP of DDOS attack, and flow will be guided to not attacked On the address VIP;
If judging result be it is no, flow equalization is guided into the VIP cluster on each address VIP.
Above-mentioned DDOS system of defense, it is described before domain name mapping, further includes:
User requests access to Web (World Wide Web) website or API (Application Programming Interface) website.
The technical scheme provided by this disclosed embodiment can include the following benefits: by the technology of Autonomic Migration Framework come Realizing the avoidance to attack traffic, attacker attacks generally directed to VIP, and the VIP by DDOS attack will be abandoned automatically, And normal discharge is guided to other VIP not attacked, so that server be avoided to be attacked, effective solution DDOS The problem of attack, simultaneously significantly reduces cost and uses difficulty.
The above-mentioned DDOS defence method based on failure Autonomic Migration Framework system, the VIP each in judging VIP cluster Whether location is specifically included by DDOS attack:
Using health examination module to each address VIP real-time detection in the VIP cluster.
The above-mentioned DDOS defence method based on failure Autonomic Migration Framework system,
It further include multiple main frames server, the request that each address VIP is forwarded each falls within the host clothes It is engaged on device.
Technical solution according to a second aspect of the present invention proposes a kind of DDOS system of defense, comprising:
Judging unit, for judging that whether each address VIP is by DDOS attack in VIP cluster in domain name mapping;
First device output unit then will be by DDOS attack when being for the judging result in the judging unit The address VIP abandons, and flow is guided to the address VIP that do not attacked;
Second device output unit, for the judging result in the judging unit be it is no when, then flow equalization is guided To each address VIP in the VIP cluster.
The technical scheme provided by this disclosed embodiment can include the following benefits: by the technology of Autonomic Migration Framework come Realizing the avoidance to attack traffic, attacker attacks generally directed to VIP, and the VIP by DDOS attack will be abandoned automatically, And normal discharge is guided to other VIP not attacked, so that server be avoided to be attacked, effective solution DDOS The problem of attack, simultaneously significantly reduces cost and uses difficulty.
Above-mentioned DDOS system of defense, further includes:
Request unit requests access to Web site or API website for user.
Above-mentioned DDOS system of defense,
Health examination unit, for each address VIP real-time detection in the VIP cluster.
Above-mentioned DDOS system of defense,
Converting unit, for requesting to be forwarded to via VIP cluster and form collection by multiple main frames server the user On a host server in group.
Detailed description of the invention
Fig. 1 is the flow chart one of the DDOS defence method based on failure Autonomic Migration Framework system in one embodiment of the invention.
Fig. 2 is the structural block diagram one of DDOS system of defense in one embodiment of the invention.
Fig. 3 is the flowchart 2 of the DDOS defence method based on failure Autonomic Migration Framework system in one embodiment of the invention.
Fig. 4 is the structural block diagram two of DDOS system of defense in one embodiment of the invention.
Specific embodiment
The present invention is described in further detail below by specific embodiment combination attached drawing.
As shown in Figure 1, the DDOS defence method based on failure Autonomic Migration Framework system, comprising:
Step S1, in domain name mapping, judge that whether each address VIP is by DDOS attack in VIP cluster;
Step S2, if the determination result is YES, then will by the address VIP of DDOS attack abandon, and by flow guide to not by On the address VIP of attack;
If step S3, judging result is no, flow equalization is guided into VIP cluster on each address VIP.
DDOS defence method according to an embodiment of the present invention based on failure Autonomic Migration Framework system, using the skill of Autonomic Migration Framework Art realizes the avoidance to attack traffic, and attacker attacks generally directed to VIP, and the VIP by DDOS attack will quilt automatically It abandons, and normal discharge is guided to other VIP not attacked, so that server is avoided to be attacked, effective solution The problem of DDOS attack, simultaneously significantly reduces cost and uses difficulty.
In addition, the DDOS defence method based on failure Autonomic Migration Framework system provided according to that above embodiment of the present invention also has There is following technical characteristic:
In the above-mentioned technical solutions, before domain name mapping, further includes: user requests access to Web site or API website.
In the technical scheme, user accesses Web site or API website and sends access request, is convenient in next step Operation.
In the above-mentioned technical solutions, it is preferred that whether each address VIP is specific by DDOS attack in judging VIP cluster It include: using health examination module to each address VIP real-time detection in VIP cluster.
In the technical scheme, real-time detection is carried out to the address VIP each in VIP cluster by health examination module, visited Measure the availability that each address VIP can service, discovery failure VIP masks the address VIP attacked at once, not by flow It gets on failure VIP.
Further, it is also possible to real-time detection be carried out to the address VIP each in VIP cluster using detection module, with health examination Functions of modules is identical.
In the technical scheme, the agreement that IP is interconnected between networks is namely that computer network interconnection is led to The agreement of letter and design.In the internet, it is that all computer networks that can make to connect on the net realize one be in communication with each other Set rule is, it is specified that the rule that computer should abide by when being communicated on the internet.The department of computer science of any producer's production System interconnects as long as abiding by IP agreement with internet.IP address has uniqueness, according to the difference of user's property, Multiclass can be divided into.In addition, there are also enter protection, intellectual property, the meanings such as pointer register by IP.
It in the above-mentioned technical solutions, further include multiple main frames server, the request that each address VIP is forwarded each falls within one On platform host server.
In the technical scheme, host server is really to provide the clusters of machines of service to user, is turned every time via VIP The request of hair can all be eventually fallen on a host server, and aforesaid operations are based on host server.
As shown in figure 3,
101: user accesses Web site/API request.
102: intelligent DNS can according to availability detection result, by the getting on VIP cluster of flow equalization (Virtual IP, That is virtual IP address).
102-1: availability detection needs a health examination module, real-time detection to realize timely failure transfer The availability of each VIP service of VIP cluster, discovery failure VIP are masked at once, are no longer got to flow on failure VIP.
103:VIP cluster is the core of the program, in order to share attack traffic, so using VIP cluster, accordingly even when portion Divide VIP to be attacked, can still keep other VIP available, still can provide service to user.Each DNS (domain name of user System) analysis request, it is eventually resolved on a VIP.
104:RealServer (host) cluster is really to provide the clusters of machines of service to user, every time via VIP points The request of hair can all be eventually fallen on a RealServer server.
As shown in Fig. 2, embodiment according to a second aspect of the present invention, proposes a kind of DDOS system of defense, comprising: judgement Unit, for judging that whether each address VIP is by DDOS attack in VIP cluster in domain name mapping;First device output is single Member, for the judging result in judging unit be when, then will by the address VIP of DDOS attack abandon, and by flow guide to On the address VIP that do not attacked;Second device output unit, for the judging result in judging unit be it is no when, then by flow Equilibrium guidance is into VIP cluster on each address VIP.
DDOS system of defense according to an embodiment of the present invention, returns attack traffic to realize using the technology of Autonomic Migration Framework It keeps away, attacker attacks generally directed to VIP, and the VIP by DDOS attack will be abandoned automatically, and normal discharge is guided To on other VIP not attacked, so that server be avoided to be attacked, drop the problem of effective solution DDOS attack and substantially Low cost and use difficulty.
In addition, the DDOS system of defense provided according to that above embodiment of the present invention also has following technical characteristic:
In the above-described embodiments, further includes: request unit requests access to Web site or API website for user.
In the technical scheme, user accesses Web site or API website and sends access request, is convenient in next step Operation.
In the above-mentioned technical solutions, health examination unit, for each address VIP real-time detection in VIP cluster.
In the technical scheme, real-time detection is carried out to the address VIP each in VIP cluster by health examination module, visited Measure the availability that each address VIP can service, discovery failure VIP masks the address VIP attacked at once, not by flow It gets on failure VIP.
Further, it is also possible to real-time detection be carried out to the address VIP each in VIP cluster using detection module, with health examination Functions of modules is identical.
In the above-mentioned technical solutions, converting unit is forwarded to multiple main frames service via VIP cluster for requesting user On device.
In the above-mentioned technical solutions, further includes: multiple main frames server, the request that each address VIP is forwarded are each fallen within On one host server.
In the technical scheme, host server is really to provide the clusters of machines of service to user, is turned every time via VIP The request of hair can all be eventually fallen on a host server, and aforesaid operations are based on host server.
As shown in figure 4, product mainly consists of three parts.
Intelligent DNS parsing: load balancing and availability mainly detect two submodules, the former realizes flow equalization It gets on VIP below, the latter is used for as detecting VIP service fault caused by the reasons such as attack, and timely notification payload is balanced, negative Balanced realization is carried only on the normal VIP of the flow service of getting to, and ignores the abnormal VIP of service automatically.
VIP cluster: the core of scheme, for dispersing flow, large area service paralysis, can will be attacked when avoiding being attacked Impaired flow is hit to minimize.Can the VIP of pre-configured backup abandon the VIP that is attacked when attack traffic is come, open With spare VIP, attacker is allowed to come back after a vain attempt.In order to improve availability, the program has load balancing and availability detection, two sons Module realizes, one for the availability inspection to RealServer, one is used for flow equalization, while automatic shield failure RealServer。
RealServer cluster: this belongs to basic guarantee module, if none RealServer cluster, not only DDOS attack, slightly a little bigger normal discharge, it is possible to RealServer be played paralysis, DDOS protection is not known where to begin then.It should Module is used for the handling capacity of the service of improving itself, provides possibility for DDOS protection.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, made any to repair Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.

Claims (8)

1. a kind of DDOS defence method based on failure Autonomic Migration Framework system characterized by comprising
In domain name mapping, judge that whether each address VIP is by DDOS attack in VIP cluster;
If the determination result is YES, then it will be abandoned by the address VIP of DDOS attack, and flow guided to the VIP not attacked On location;
If judging result be it is no, flow equalization is guided into the VIP cluster on each address VIP.
2. the DDOS defence method according to claim 1 based on failure Autonomic Migration Framework system, which is characterized in that it is described Before domain name mapping, further includes:
User requests access to Web site or API website.
3. the DDOS defence method according to claim 1 based on failure Autonomic Migration Framework system, which is characterized in that it is described Judge whether each address VIP is specifically included by DDOS attack in VIP cluster:
Using health examination module to each address VIP real-time detection in the VIP cluster.
4. the DDOS defence method according to claim 1-3 based on failure Autonomic Migration Framework system, feature exist In:
It further include multiple main frames server, the request that each address VIP is forwarded each falls within the host server On.
5. a kind of DDOS system of defense characterized by comprising
Judging unit, for judging that whether each address VIP is by DDOS attack in VIP cluster in domain name mapping;
First device output unit then will by the VIP of DDOS attack when being for the judging result in the judging unit Location abandons, and flow is guided to the address VIP that do not attacked;
Second device output unit, for the judging result in the judging unit be it is no when, then flow equalization is guided to institute It states in VIP cluster on each address VIP.
6. DDOS system of defense according to claim 5, which is characterized in that further include:
Request unit requests access to Web site or API website for user.
7. DDOS system of defense according to claim 5, it is characterised in that:
Health examination unit, for each address VIP real-time detection in the VIP cluster.
8. according to the described in any item DDOS systems of defense of claim 5-7, it is characterised in that:
Converting unit, for requesting to be forwarded to via VIP cluster by the formed cluster of multiple main frames server the user A host server on.
CN201710514072.1A 2017-06-29 2017-06-29 DDOS defence method and system based on failure Autonomic Migration Framework system Pending CN109218250A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710514072.1A CN109218250A (en) 2017-06-29 2017-06-29 DDOS defence method and system based on failure Autonomic Migration Framework system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710514072.1A CN109218250A (en) 2017-06-29 2017-06-29 DDOS defence method and system based on failure Autonomic Migration Framework system

Publications (1)

Publication Number Publication Date
CN109218250A true CN109218250A (en) 2019-01-15

Family

ID=64976455

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710514072.1A Pending CN109218250A (en) 2017-06-29 2017-06-29 DDOS defence method and system based on failure Autonomic Migration Framework system

Country Status (1)

Country Link
CN (1) CN109218250A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110012038A (en) * 2019-05-29 2019-07-12 中国人民解放军战略支援部队信息工程大学 A kind of network attack defence method and system
CN112165495A (en) * 2020-10-13 2021-01-01 北京计算机技术及应用研究所 DDoS attack prevention method and device based on super-fusion architecture and super-fusion cluster
CN113037716A (en) * 2021-02-07 2021-06-25 杭州又拍云科技有限公司 Attack defense method based on content distribution network

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1812344A (en) * 2006-03-09 2006-08-02 杭州华为三康技术有限公司 Method and system for realizing load balancing
CN101640620A (en) * 2009-09-01 2010-02-03 杭州华三通信技术有限公司 Method and device for health detection for equalized equipment
WO2012011070A1 (en) * 2010-07-21 2012-01-26 Seculert Ltd. Network protection system and method
CN106210147A (en) * 2016-09-13 2016-12-07 郑州云海信息技术有限公司 A kind of load-balancing method based on poll and device
CN106302313A (en) * 2015-05-14 2017-01-04 阿里巴巴集团控股有限公司 DDoS defence method based on dispatching patcher and DDoS system of defense
CN106411910A (en) * 2016-10-18 2017-02-15 上海优刻得信息科技有限公司 Defense method and system for distributed denial of service (DDoS) attacks
US20170111389A1 (en) * 2015-10-18 2017-04-20 NxLabs Limited Method and system for protecting domain name system servers against distributed denial of service attacks

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1812344A (en) * 2006-03-09 2006-08-02 杭州华为三康技术有限公司 Method and system for realizing load balancing
CN101640620A (en) * 2009-09-01 2010-02-03 杭州华三通信技术有限公司 Method and device for health detection for equalized equipment
WO2012011070A1 (en) * 2010-07-21 2012-01-26 Seculert Ltd. Network protection system and method
CN106302313A (en) * 2015-05-14 2017-01-04 阿里巴巴集团控股有限公司 DDoS defence method based on dispatching patcher and DDoS system of defense
US20170111389A1 (en) * 2015-10-18 2017-04-20 NxLabs Limited Method and system for protecting domain name system servers against distributed denial of service attacks
CN106210147A (en) * 2016-09-13 2016-12-07 郑州云海信息技术有限公司 A kind of load-balancing method based on poll and device
CN106411910A (en) * 2016-10-18 2017-02-15 上海优刻得信息科技有限公司 Defense method and system for distributed denial of service (DDoS) attacks

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110012038A (en) * 2019-05-29 2019-07-12 中国人民解放军战略支援部队信息工程大学 A kind of network attack defence method and system
CN112165495A (en) * 2020-10-13 2021-01-01 北京计算机技术及应用研究所 DDoS attack prevention method and device based on super-fusion architecture and super-fusion cluster
CN113037716A (en) * 2021-02-07 2021-06-25 杭州又拍云科技有限公司 Attack defense method based on content distribution network
CN113037716B (en) * 2021-02-07 2021-12-21 杭州又拍云科技有限公司 Attack defense method based on content distribution network

Similar Documents

Publication Publication Date Title
EP3304824B1 (en) Policy-driven compliance
EP3270564B1 (en) Distributed security provisioning
US9984241B2 (en) Method, apparatus, and system for data protection
KR100800370B1 (en) Network attack signature generation
CN109962903A (en) A kind of home gateway method for safety monitoring, device, system and medium
CN105282169A (en) DDoS attack warning method and system based on SDN controller threshold
CN104509034A (en) Pattern consolidation to identify malicious activity
WO2016191232A1 (en) Mitigation of computer network attacks
WO2020171410A1 (en) Method, apparatus and computer program for collecting data from multiple domains
CN106850647B (en) Malicious domain name detection algorithm based on DNS request period
CN103297433A (en) HTTP botnet detection method and system based on net data stream
TWI492090B (en) System and method for guarding against dispersive blocking attacks
CN109218250A (en) DDOS defence method and system based on failure Autonomic Migration Framework system
Somani et al. DDoS victim service containment to minimize the internal collateral damages in cloud computing
CN110896386A (en) Method, device, storage medium, processor and terminal for identifying security threat
CN107426132A (en) The detection method and device of network attack
Suthar et al. A signature-based botnet (emotet) detection mechanism
Sultana et al. Detecting and preventing ip spoofing and local area network denial (land) attack for cloud computing with the modification of hop count filtering (hcf) mechanism
Li et al. A hierarchical mobile‐agent‐based security operation center
TW201815142A (en) Method for detecting domain flux botnets through proxy server logs capable of detecting hostile networks that do not belong to websites of the normal application program or CDN connection
Jin et al. Mitigating HTTP GET Flooding attacks through modified NetFPGA reference router
Leu et al. A DoS/DDoS attack detection system using chi-square statistic approach
US20220394059A1 (en) Lightweight tuned ddos protection
Tang Vulnerability evaluation of multimedia subsystem based on complex network
TWI772832B (en) Information security blind spot detection system and method for normal network behavior

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190115

RJ01 Rejection of invention patent application after publication