CN110620787A - Method and system for preventing DDoS attack - Google Patents
Method and system for preventing DDoS attack Download PDFInfo
- Publication number
- CN110620787A CN110620787A CN201910941168.5A CN201910941168A CN110620787A CN 110620787 A CN110620787 A CN 110620787A CN 201910941168 A CN201910941168 A CN 201910941168A CN 110620787 A CN110620787 A CN 110620787A
- Authority
- CN
- China
- Prior art keywords
- target
- server
- traction
- data request
- ddos attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a system for preventing DDoS attack, and relates to the technical field of network security. The method comprises the following steps: the switch acquires data request information according to the data request and sends the data request information to the traction server; the traction server generates a network state information table according to all the received data request information; the traction server determines a target IP of the DDoS attack according to the network state information table; the traction server sets a protection route according to the target IP and sends the protection route to the switch; and the switch carries out protection processing on the data request of which the destination IP is the target IP according to the protection route. The invention can reduce the protection processing time of DDoS attack and improve the protection efficiency.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a method and a system for preventing DDoS attack.
Background
Distributed Denial of Service (DDoS) attacks refer to a malicious network behavior in which one or more attackers control a large number of computers as attack sources and send a large amount of data to a certain target, thereby finally causing target paralysis.
In the prior art, DDoS attacks can be prevented by adding a D-resistant firewall, increasing bandwidth, purchasing traffic cleaning services of an operator, and the like. However, most data centers, due to the limitations of bandwidth and device performance, after a DDoS attack, can only be protected by manually blocking the attacked IP by operation and maintenance personnel or applying blocking by an operator.
In the process of implementing the invention, the inventor finds that at least the following problems exist in the prior art:
when the DDoS attack is faced, the time consumed by the operation and maintenance personnel for manually protecting is long, and the protection efficiency is low.
Disclosure of Invention
In order to solve the problems in the prior art, embodiments of the present invention provide a method and a system for preventing DDoS attacks. The technical scheme is as follows:
in a first aspect, a DDoS attack protection method is provided, where the method is applied to a DDoS attack protection system, where the DDoS attack protection system includes a switch and a traction server, and the method includes:
the switch acquires data request information according to the data request and sends the data request information to the traction server;
the traction server generates a network state information table according to all the received data request information;
the traction server determines a target IP of the DDoS attack according to the network state information table;
the traction server sets a protection route according to the target IP and sends the protection route to the switch;
and the switch carries out protection processing on the data request of which the destination IP is the target IP according to the protection route.
Further, after the generating the network state information table, the method further includes:
the traction server groups the data request information according to a target IP in the network state information table and calculates the total bandwidth of the grouped target IP;
and the traction server arranges the groups in the network state information table according to the total bandwidth of the target IP from large to small.
Further, the step of determining, by the traction server, a target IP of the DDoS attack according to the network state information table includes:
the traction server sequentially selects the packets from the network state information table, and compares the total bandwidth of the target IP of the packets with a bandwidth threshold;
and if the total bandwidth of the target IP is greater than the bandwidth threshold, the traction server takes the target IP corresponding to the packet as the target IP of the DDoS attack.
Further, after the determining the target IP of the DDoS attack, the method further includes:
the traction server determines site information corresponding to a target IP of the DDoS attack;
the traction server judges whether the current moment is within a preset maintenance time range;
and if the current moment is not within the preset maintenance time range, the traction server generates alarm information according to the target IP attacked by the DDoS and the corresponding site information, and sends the alarm information to a manager.
Further, the step of setting a protection route by the traction server according to the target IP includes:
the traction server sets a preset protection route IP as a next hop IP of the target IP;
and the traction server sets a black hole route of the preset protection route IP.
In a second aspect, a DDoS attack protection system is provided, which includes a switch and a traction server:
the switch is used for acquiring data request information according to a data request and sending the data request information to the traction server;
the traction server is used for generating a network state information table according to all the received data request information;
the traction server is used for determining a target IP of the DDoS attack according to the network state information table;
the traction server is used for setting a protection route according to the target IP and sending the protection route to the switch;
and the switch is used for carrying out protection processing on the data request of which the destination IP is the target IP according to the protection route.
Further, the traction server is further configured to:
grouping the data request information according to a target IP in the network state information table, and calculating the total bandwidth of the grouped target IP;
and arranging the packets in the network state information table according to the total bandwidth of the target IP from large to small.
Further, the traction server is specifically configured to:
sequentially selecting the packets from the network state information table, and comparing the target IP total bandwidth of the packets with a bandwidth threshold value;
and if the total bandwidth of the target IP is larger than the bandwidth threshold, taking the target IP corresponding to the packet as the target IP of the DDoS attack.
Further, the traction server is further configured to:
determining site information corresponding to the target IP of the DDoS attack;
judging whether the current time is within a preset maintenance time range;
and if the current moment is not within the preset maintenance time range, generating alarm information according to the target IP attacked by the DDoS and the corresponding site information, and sending the alarm information to a manager.
Further, the traction server is further configured to:
setting a preset protection route IP as a next hop IP of the target IP;
and setting the black hole route of the preset protection route IP.
The technical scheme provided by the embodiment of the invention has the following beneficial effects:
in the embodiment of the invention, the switch acquires data request information according to a data request and sends the data request information to the traction server; the traction server generates a network state information table according to all the received data request information; the traction server determines a target IP of the DDoS attack according to the network state information table; the traction server sets a protection route according to the target IP and sends the protection route to the switch; and the switch carries out protection processing on the data request of which the destination IP is the target IP according to the protection route. Thus, the traction server determines the target IP of DDoS attack, sets corresponding protection route, and the exchanger performs protection processing on the data request of the target IP. The automatic monitoring, the quick recognition and the automatic defense of the DDoS attack are realized, the whole protection process is automatically completed, operation and maintenance personnel are not needed to participate, manual operation is avoided, the protection processing time of the DDoS attack is reduced, and the protection efficiency is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a DDoS attack protection method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a DDoS attack protection system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
The embodiment of the invention provides a DDoS attack protection method, which can be realized by a switch and a traction server together. The switch can receive a data request sent by the client, and send the data request to the corresponding IP according to a preset routing table. The traction server can monitor the data requests received and sent by the switch, judge the target IP of DDoS attack and set the route. The switch and the traction server can be connected through BGP and transmit information. The application scenario of this embodiment may be: and after receiving or sending the data request, the switch acquires the data request information and sends the data request information to the traction server. And the traction server generates a network state information table according to all the received data request information, and then determines whether a target IP of DDoS attack exists according to the network state information table. If the target IP of the DDoS attack can be determined, the traction server sets a protection route for the target IP of the DDoS attack and sends the protection route to the switch. Then, when receiving the data request, the switch can determine whether the destination IP of the data request is the target IP, and if the destination IP is the target IP, the switch processes the data request according to the protection route; if not, the data request is sent to the corresponding destination IP.
The following will describe in detail a protection flow of DDoS attack shown in fig. 1 with reference to a specific embodiment, and the contents may be as follows:
step 101: and the switch acquires data request information according to the data request and sends the data request information to the traction server.
In an implementation, a switch may receive a large number of data requests from different clients (different source IPs) and send a large number of data requests to different servers (different destination IPs). The switch may determine a next-hop IP corresponding to the data request from a locally configured routing table according to the destination IP included in the data request, and send the data request. In DDos attack, both attack source and attack target are uncertain, so that in order to determine which data requests are DDos attack data requests from a large number of data requests and perform corresponding protection processing, the switch can acquire data request information such as source IP, destination IP and occupied bandwidth of the data requests during the process of transmitting and receiving the data requests, and then send the acquired data request information to the traction server. Sflow (sampled flow) can be configured on the switch to collect the data request information. The switch and the traction server may establish an EBGP neighbor and transmit messages through BGP (Border Gateway Protocol).
Step 102: and the traction server generates a network state information table according to all the received data request information.
In implementation, after receiving the data request information sent by the switch, the traction server sorts and summarizes all the received data request information to generate a network state information table. The network status information table may be as shown in table 1, and includes information of source IP, destination IP, occupied bandwidth, and the like.
Table 1 network status information table
| Source IP | Destination IP | Occupied bandwidth (bps) |
| 200.207.81.182 | 10.0.0.131 | 2 |
| 220.232.32.110 | 10.0.0.131 | 1 |
| 200.207.81.182 | 10.1.1.0 | 4 |
| …… | …… | …… |
Optionally, after generating the network status information table, in order to facilitate observation and performing subsequent protection processing, corresponding processing may be as follows: the traction server groups the data request information according to the target IP in a network state information table and calculates the total bandwidth of the grouped target IP; and the traction server arranges the packets in the network state information table according to the total bandwidth of the target IP from large to small.
In implementation, after the traction server generates the network state information table, the data request information in the network state information table may be grouped according to the destination IP, and the data request information with the same destination IP may be grouped into one group. After the grouping is completed, the traction server can also calculate the target IP total bandwidth of each grouping according to the occupied bandwidth of all the data request information in each grouping. Then, the traction server arranges all the packets in the network state information table according to the sequence of the total bandwidth of the target IP from large to small.
Step 103: and the traction server determines a target IP of the DDoS attack according to the network state information table.
In implementation, after the traction server obtains the network state information table, if a DDoS attack exists, a target IP of the DDoS attack can be determined according to data request information in the network state information table.
Optionally, the processing in step 103 may specifically be as follows: the traction server sequentially selects packets from the network state information table, and compares the target IP total bandwidth of the packets with a preset bandwidth threshold; and if the total bandwidth of the target IP is larger than the preset bandwidth threshold, the traction server takes the target IP corresponding to the packet as the target IP of the DDoS attack.
In implementation, after grouping and sorting the network state information table, the traction server sequentially selects packets from the packet with the largest target IP total bandwidth in the network state information table, and compares the target IP total bandwidth of the packets with the bandwidth threshold value one by one. If the total bandwidth of the destination IP of the packet is greater than the bandwidth threshold, the traction server can determine the destination IP corresponding to the packet as the target IP of the DDoS attack.
It should be noted that the bandwidth threshold may be preset in the traction server, or may be obtained in various other manners, and the specific manner of determining the target IP of the DDoS attack is also different according to the obtained bandwidth thresholds in different manners.
For example: the data request information may further include a transceiving state, and the traction server may acquire the transceiving state as the received data request information from the network state information table, and calculate a total receiving bandwidth. And then, the traction server calculates to obtain an abnormal bandwidth threshold according to a preset abnormal bandwidth coefficient and the total receiving bandwidth. Finally, the traction server selects the packets in sequence from the packet with the maximum target IP total bandwidth in the network state information table, and compares the target IP total bandwidth of the packets with the abnormal bandwidth threshold value one by one; if the total bandwidth of the target IP is larger than the abnormal bandwidth threshold value, the traction server takes the target IP as a target IP of DDoS attack.
Or when the data request information includes a receiving and sending state, the traction server can also acquire the data request information with the receiving and sending state as receiving from the network state information table, and calculate the receiving total bandwidth; and acquiring data request information with a transmitting and receiving state as transmission, and calculating the total transmission bandwidth. And then, the traction server calculates a sending total bandwidth threshold according to a preset sending total bandwidth coefficient and a sending total bandwidth. And the traction server compares the total receiving bandwidth with the total sending bandwidth threshold, and selects a preset number of packets from the packets with the maximum total destination IP bandwidth in the network state information table if the total receiving bandwidth is greater than the total sending bandwidth threshold. And the traction server sequentially selects the packets and compares the target IP total bandwidth of the packets with the sending total bandwidth threshold value one by one. If the total bandwidth of the target IP is larger than the threshold value of the total sending bandwidth, the traction server further judges whether the target IP corresponding to the packet belongs to the VIP group; if the target IP does not belong to the VIP group, the traction server takes the target IP as a target IP of DDoS attack; if the destination IP belongs to the VIP group, the pull server continues to compare the destination IP total bandwidth of the next packet to the send total bandwidth threshold. And if the target IP corresponding to the preset number of packets belongs to the VIP group, the traction server takes the target IP corresponding to the packet with the maximum total bandwidth of the target IP as the target IP of the DDoS attack.
Optionally, in order to notify operation and maintenance personnel of the DDoS attack in time, after determining a target IP of the DDoS attack, corresponding processing may be as follows: the traction server determines site information corresponding to a target IP of DDoS attack; the traction server judges whether the current moment is within a preset maintenance time range; and if the current moment is not within the preset maintenance time range, the traction server generates alarm information according to the target IP attacked by the DDoS and the corresponding site information, and sends the alarm information to a manager.
In implementation, in order to enable the operation and maintenance personnel to grasp the DDoS attack situation in time and flexibly determine the corresponding protection processing, the traction server may send alarm information to the operation and maintenance personnel after determining the target IP of the DDoS attack. Meanwhile, in order to avoid triggering an alarm during system maintenance, the traction server is also preset with maintenance time. After determining a target IP of the DDoS attack, the traction server may also determine corresponding site information according to the target IP. And then, the traction server determines whether the current time is within a preset maintenance time range, if the current time is within the preset maintenance time range, the currently occurring DDoS attack may be intentionally caused by actions of maintenance, testing and the like of operation and maintenance personnel, or the operation and maintenance personnel find the attack because the operation and maintenance personnel are maintaining, so that the operation and maintenance personnel do not need to send alarm information. If the current moment is not within the preset maintenance time range, the DDoS attack which occurs at present is not intentionally caused by the maintenance of the operation and maintenance personnel, the operation and maintenance personnel are not informed of the attack, and the operation and maintenance personnel need to be informed of an alarm. Accordingly, the towing server may generate alert information to notify the operation and maintenance personnel. The alarm information may include a target IP of DDoS attack, corresponding site information, content information of DDoS attack, characteristic information (attack type, attack magnitude, attack time) and the like, which is beneficial for operation and maintenance personnel to quickly and clearly know the specific situation of the DDoS attack, so as to judge whether manual operation is needed for protection, and make a subsequent protection processing or recovery processing scheme. The traction server can send the alarm information to a preset monitoring terminal in the form of mails and the like so as to give an alarm to the operation and maintenance personnel, and can attach alarm modes in other forms such as sound alarm and the like while sending the alarm information so as to remind the operation and maintenance personnel to pay attention. It can be understood that the traction server can also display the alarm information through a webpage, so that operation and maintenance personnel can conveniently view the alarm information.
Step 104: and the traction server sets a protection route according to the target IP and sends the protection route to the switch.
In implementation, after determining a target IP of DDoS attack, the traction server may set a protection route for the target IP to protect against DDoS attack. As described above, the traction server and the switch are connected through the BGP, so that the traction server announces the protection route after setting the protection route of the target IP, and the switch can learn the protection route.
Optionally, the traction server sets a protection route according to the target IP, and the specific processing may be as follows: the traction server sets a preset protection route IP as a next hop IP of a target IP; and the traction server sets a black hole route of a preset protection route IP.
In implementation, in order to better protect against DDoS attacks, the traction server mainly includes two aspects of IP blocking and black hole routing when setting a protection route for a target IP of the DDoS attack. The traction server sets the next hop IP of the target IP as a preset protection route IP, so that the DDoS attack data requests originally sent to the target IP are all guided to the preset protection route IP, and the purpose of blocking the target IP is achieved. When the DDoS attack data request of the target IP is guided to the preset protection route IP, the traction server further sets a black hole route of the preset protection route IP, so that the guided DDoS attack data request is discarded through the black hole route.
For example, the IP of the protection route is preset on the traction server to 192.0.2.1, and when the target IP of the DDoS attack is determined to be 10.0.0.131, the traction server sets the IP of the next hop of 10.0.0.131 to 192.0.2.1, sets a black hole route for 192.0.2.1, and announces the next hop IP to the switch.
Step 105: and the switch carries out protection processing on the data request of which the destination IP is the target IP according to the protection route.
In implementation, after the switch learns the protection route announced by the traction server, the local routing table of the switch is correspondingly modified, the next-hop IP of the target IP is modified into the preset protection route IP, and then the black hole route is set for the preset protection route IP.
For example, in the switch local routing table, the next hop IP of the destination IP10.0.0.131 is 192.168.1.1, and as described above, after the switch learns the guard route announced by the traction server, the switch modifies the next hop IP of the destination IP10.0.0.131 in the switch local routing table to 192.0.2.1 by commanding IP route-static 10.0.0.131255.255.255192.0.2.1, and configures a black hole route of 192.0.2.1 by commanding IP route-static192.0.2.1255.255.255.255null 0, and directs the next hop of 192.0.2.1 to null. Thus, when the switch receives a data request with destination IP10.0.0.131, it sends the data request to 192.0.2.1, and since 192.0.2.1 has a null next hop address, the switch discards the data request.
In the embodiment of the invention, the switch acquires data request information according to a data request and sends the data request information to the traction server; the traction server generates a network state information table according to all the received data request information; the traction server determines a target IP of the DDoS attack according to the network state information table; the traction server sets a protection route according to the target IP and sends the protection route to the switch; and the switch carries out protection processing on the data request of which the destination IP is the target IP according to the protection route. Thus, the traction server determines the target IP of DDoS attack, sets corresponding protection route, and the exchanger performs protection processing on the data request of the target IP. The realization is to DDoS automatic monitoring, quick discernment and the automatic defense of attacking, and whole protective process is automatic to be accomplished, need not operation and maintenance personnel and participates in, avoids artifical manually operation, reduces the protection processing time that DDoS attacked, has improved protection efficiency, is favorable to the quick automatic recovery after the DDoS attack ends, reduces the loss that DDoS attack caused the website.
Based on the same technical concept, an embodiment of the present invention further provides a protection system for DDoS attack, as shown in fig. 2, including a switch and a traction server:
the switch is used for acquiring data request information according to a data request and sending the data request information to the traction server;
the traction server is used for generating a network state information table according to all the received data request information;
the traction server is used for determining a target IP of the DDoS attack according to the network state information table;
the traction server is used for setting a protection route according to the target IP and sending the protection route to the switch;
and the switch is used for carrying out protection processing on the data request of which the destination IP is the target IP according to the protection route.
Optionally, the traction server is further configured to:
grouping the data request information according to a target IP in the network state information table, and calculating the total bandwidth of the grouped target IP;
and arranging the packets in the network state information table according to the total bandwidth of the target IP from large to small.
Optionally, the traction server is specifically configured to:
sequentially selecting the packets from the network state information table, and comparing the target IP total bandwidth of the packets with a bandwidth threshold value;
and if the total bandwidth of the target IP is larger than the bandwidth threshold, taking the target IP corresponding to the packet as the target IP of the DDoS attack.
Optionally, the traction server is further configured to:
determining site information corresponding to the target IP of the DDoS attack;
judging whether the current time is within a preset maintenance time range;
and if the current moment is not within the preset maintenance time range, generating alarm information according to the target IP attacked by the DDoS and the corresponding site information, and sending the alarm information to a manager.
Optionally, the traction server is further configured to:
setting a preset protection route IP as a next hop IP of the target IP;
and setting the black hole route of the preset protection route IP.
It should be noted that: the DDoS attack protection system and the DDoS attack protection method provided by the above embodiments belong to the same concept, and specific implementation processes thereof are described in detail in the method embodiments and are not described herein again.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute the methods of the various embodiments or some parts of the embodiments.
The present invention is not limited to the above preferred embodiments, and any modifications, equivalent replacements, improvements, etc. within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A DDoS attack protection method is characterized in that the method is suitable for a DDoS attack protection system, the DDoS attack protection system comprises a switch and a traction server, and the method comprises the following steps:
the switch acquires data request information according to the data request and sends the data request information to the traction server;
the traction server generates a network state information table according to all the received data request information;
the traction server determines a target IP of the DDoS attack according to the network state information table;
the traction server sets a protection route according to the target IP and sends the protection route to the switch;
and the switch carries out protection processing on the data request of which the destination IP is the target IP according to the protection route.
2. The method of claim 1, wherein after the traction server generates the network state information table, the method further comprises:
the traction server groups the data request information according to a target IP in the network state information table and calculates the total bandwidth of the grouped target IP;
and the traction server arranges the groups in the network state information table according to the total bandwidth of the target IP from large to small.
3. The method of claim 2, wherein the determining, by the traction server, the target IP of the DDoS attack according to the network status information table comprises:
the traction server sequentially selects the packets from the network state information table, and compares the total bandwidth of the target IP of the packets with a bandwidth threshold;
and if the total bandwidth of the target IP is greater than the bandwidth threshold, the traction server takes the target IP corresponding to the packet as the target IP of the DDoS attack.
4. The method of claim 1, wherein after the determining the target IP for the DDoS attack, the method further comprises:
the traction server determines site information corresponding to a target IP of the DDoS attack;
the traction server judges whether the current moment is within a preset maintenance time range;
and if the current moment is not within the preset maintenance time range, the traction server generates alarm information according to the target IP attacked by the DDoS and the corresponding site information, and sends the alarm information to a manager.
5. The method of claim 1, wherein the pulling server sets a protection route according to the target IP, and comprises:
the traction server sets a preset protection route IP as a next hop IP of the target IP;
and the traction server sets a black hole route of the preset protection route IP.
6. The utility model provides a DDoS attacks's protection system which characterized in that, DDoS attacks protection system includes the switch and pulls the server:
the switch is used for acquiring data request information according to a data request and sending the data request information to the traction server;
the traction server is used for generating a network state information table according to all the received data request information;
the traction server is used for determining a target IP of the DDoS attack according to the network state information table;
the traction server is used for setting a protection route according to the target IP and sending the protection route to the switch;
and the switch is used for carrying out protection processing on the data request of which the destination IP is the target IP according to the protection route.
7. The system of claim 6, wherein the pull server is further configured to:
grouping the data request information according to a target IP in the network state information table, and calculating the total bandwidth of the grouped target IP;
and arranging the packets in the network state information table according to the total bandwidth of the target IP from large to small.
8. The system of claim 7, wherein the pull server is specifically configured to:
sequentially selecting the packets from the network state information table, and comparing the target IP total bandwidth of the packets with a bandwidth threshold value;
and if the total bandwidth of the target IP is larger than the bandwidth threshold, taking the target IP corresponding to the packet as the target IP of the DDoS attack.
9. The system of claim 6, wherein the pull server is further configured to:
determining site information corresponding to the target IP of the DDoS attack;
judging whether the current time is within a preset maintenance time range;
and if the current moment is not within the preset maintenance time range, generating alarm information according to the target IP attacked by the DDoS and the corresponding site information, and sending the alarm information to a manager.
10. The system of claim 6, wherein the pull server is further configured to:
setting a preset protection route IP as a next hop IP of the target IP;
and setting the black hole route of the preset protection route IP.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910941168.5A CN110620787A (en) | 2019-09-30 | 2019-09-30 | Method and system for preventing DDoS attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910941168.5A CN110620787A (en) | 2019-09-30 | 2019-09-30 | Method and system for preventing DDoS attack |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110620787A true CN110620787A (en) | 2019-12-27 |
Family
ID=68925164
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910941168.5A Pending CN110620787A (en) | 2019-09-30 | 2019-09-30 | Method and system for preventing DDoS attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110620787A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112583850A (en) * | 2020-12-27 | 2021-03-30 | 杭州迪普科技股份有限公司 | Network attack protection method, device and system |
| CN113114682A (en) * | 2021-04-14 | 2021-07-13 | 杭州安恒信息技术股份有限公司 | Information transmission method, device, equipment and medium based on DDoS attack |
| CN114124419A (en) * | 2020-08-27 | 2022-03-01 | 北京秦淮数据有限公司 | DDOS attack defense method and device |
| CN116667536A (en) * | 2023-06-26 | 2023-08-29 | 江苏科能电力工程咨询有限公司 | Whole process management method, device and equipment for transformer substation monitoring information and storage medium |
| CN117914687A (en) * | 2024-03-20 | 2024-04-19 | 深圳市派勤电子技术有限公司 | Management method and system of industrial computer server |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103701795A (en) * | 2013-12-20 | 2014-04-02 | 北京奇虎科技有限公司 | Identification method and device for attack source of denial of service attack |
| CN106330951A (en) * | 2016-09-14 | 2017-01-11 | 北京神州绿盟信息安全科技股份有限公司 | Network protection method, network protection device and network protection system |
| CN107171867A (en) * | 2017-06-30 | 2017-09-15 | 环球智达科技(北京)有限公司 | The guard system of ddos attack |
| US20180020016A1 (en) * | 2016-07-15 | 2018-01-18 | Alibaba Group Holding Limited | Processing network traffic to defend against attacks |
| CN108111548A (en) * | 2018-03-08 | 2018-06-01 | 华东师范大学 | A kind of domain name system attack detection method, apparatus and system |
| CN110225037A (en) * | 2019-06-12 | 2019-09-10 | 广东工业大学 | A kind of ddos attack detection method and device |
-
2019
- 2019-09-30 CN CN201910941168.5A patent/CN110620787A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103701795A (en) * | 2013-12-20 | 2014-04-02 | 北京奇虎科技有限公司 | Identification method and device for attack source of denial of service attack |
| US20180020016A1 (en) * | 2016-07-15 | 2018-01-18 | Alibaba Group Holding Limited | Processing network traffic to defend against attacks |
| CN106330951A (en) * | 2016-09-14 | 2017-01-11 | 北京神州绿盟信息安全科技股份有限公司 | Network protection method, network protection device and network protection system |
| CN107171867A (en) * | 2017-06-30 | 2017-09-15 | 环球智达科技(北京)有限公司 | The guard system of ddos attack |
| CN108111548A (en) * | 2018-03-08 | 2018-06-01 | 华东师范大学 | A kind of domain name system attack detection method, apparatus and system |
| CN110225037A (en) * | 2019-06-12 | 2019-09-10 | 广东工业大学 | A kind of ddos attack detection method and device |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114124419A (en) * | 2020-08-27 | 2022-03-01 | 北京秦淮数据有限公司 | DDOS attack defense method and device |
| CN112583850A (en) * | 2020-12-27 | 2021-03-30 | 杭州迪普科技股份有限公司 | Network attack protection method, device and system |
| CN112583850B (en) * | 2020-12-27 | 2023-02-24 | 杭州迪普科技股份有限公司 | Network attack protection method, device and system |
| CN113114682A (en) * | 2021-04-14 | 2021-07-13 | 杭州安恒信息技术股份有限公司 | Information transmission method, device, equipment and medium based on DDoS attack |
| CN116667536A (en) * | 2023-06-26 | 2023-08-29 | 江苏科能电力工程咨询有限公司 | Whole process management method, device and equipment for transformer substation monitoring information and storage medium |
| CN117914687A (en) * | 2024-03-20 | 2024-04-19 | 深圳市派勤电子技术有限公司 | Management method and system of industrial computer server |
| CN117914687B (en) * | 2024-03-20 | 2024-05-14 | 深圳市派勤电子技术有限公司 | Management method and system of industrial computer server |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110620787A (en) | Method and system for preventing DDoS attack | |
| CN108040057B (en) | Working method of SDN system suitable for guaranteeing network security and network communication quality | |
| US10798060B2 (en) | Network attack defense policy sending method and apparatus, and network attack defending method and apparatus | |
| US8001601B2 (en) | Method and apparatus for large-scale automated distributed denial of service attack detection | |
| Mahajan et al. | Controlling high bandwidth aggregates in the network | |
| US7882556B2 (en) | Method and apparatus for protecting legitimate traffic from DoS and DDoS attacks | |
| US10931711B2 (en) | System of defending against HTTP DDoS attack based on SDN and method thereof | |
| US20100153537A1 (en) | Method and apparatus for providing detection of internet protocol address hijacking | |
| US9800593B2 (en) | Controller for software defined networking and method of detecting attacker | |
| CN108810008B (en) | Transmission control protocol flow filtering method, device, server and storage medium | |
| CN111092900B (en) | Method and device for monitoring abnormal connection and scanning behavior of server | |
| CN109831455B (en) | Method for relieving hidden interest packet flooding attack in named data network | |
| Huang et al. | Countering denial-of-service attacks using congestion triggered packet sampling and filtering | |
| CN112583850B (en) | Network attack protection method, device and system | |
| Ahmed et al. | Filtration model for the detection of malicious traffic in large-scale networks | |
| Hong et al. | Dynamic threshold for DDoS mitigation in SDN environment | |
| CN106487790A (en) | Cleaning method and system that a kind of ACK FLOOD is attacked | |
| Peng et al. | Detecting distributed denial of service attacks by sharing distributed beliefs | |
| Wang et al. | Credibility-based countermeasure against slow HTTP DoS attacks by using SDN | |
| CN108667829A (en) | A kind of means of defence of network attack, device and storage medium | |
| Xiao et al. | An autonomous defense against SYN flooding attacks: Detect and throttle attacks at the victim side independently | |
| CN110505249A (en) | The recognition methods of ddos attack and device | |
| CN109889470B (en) | Method and system for defending DDoS attack based on router | |
| Peng et al. | Detecting reflector attacks by sharing beliefs | |
| Cheng et al. | Detecting and mitigating a sophisticated interest flooding attack in NDN from the network-wide view |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191227 |