CN110830474B - Network attack protection system and method, and flow control device - Google Patents

Network attack protection system and method, and flow control device Download PDF

Info

Publication number
CN110830474B
CN110830474B CN201911086652.0A CN201911086652A CN110830474B CN 110830474 B CN110830474 B CN 110830474B CN 201911086652 A CN201911086652 A CN 201911086652A CN 110830474 B CN110830474 B CN 110830474B
Authority
CN
China
Prior art keywords
flow
network
router
backup
instruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911086652.0A
Other languages
Chinese (zh)
Other versions
CN110830474A (en
Inventor
顾庆崴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongying Youchuang Information Technology Co Ltd
Original Assignee
Zhongying Youchuang Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongying Youchuang Information Technology Co Ltd filed Critical Zhongying Youchuang Information Technology Co Ltd
Priority to CN201911086652.0A priority Critical patent/CN110830474B/en
Publication of CN110830474A publication Critical patent/CN110830474A/en
Application granted granted Critical
Publication of CN110830474B publication Critical patent/CN110830474B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/32Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Abstract

The invention provides a network attack protection system and method, flow control device, the system includes: the router is used for obtaining backup flow of the network flow and sending the backup flow to the detection device; after receiving a second flow traction instruction, drawing the network flow to a cleaning device; after receiving the flow discarding instruction, discarding the network flow; the detection device is used for analyzing the received backup flow to obtain the characteristic information of the backup flow; the flow control device is used for judging whether the network flow meets a preset discarding condition or not according to the characteristic information of the backup flow, and sending a second flow traction instruction to the router when the judgment result is that the network flow does not meet the preset discarding condition; when the judgment result is that the network traffic meets the preset discarding condition, sending a traffic discarding instruction to the router; and the cleaning device is used for carrying out attack identification and protection on the received network flow. The invention can protect the network attack before the target system is influenced, and has high protection efficiency.

Description

Network attack protection system and method, and flow control device
Technical Field
The invention relates to the field of internet, in particular to a network attack protection device and method and a flow control device.
Background
The network attack is variable, the attack time is not fixed, the attack can be discovered and processed after the system is influenced at present, and the system can be influenced unpredictably before the attack is discovered. Therefore, a method for automatically detecting and protecting against network attacks is lacking at present.
Disclosure of Invention
The embodiment of the invention provides a network attack protection system, which is used for protecting network attack before a target system is influenced and has high protection efficiency, and the system comprises:
the router is used for receiving the network flow sent to the target system; after receiving a first traction instruction of the flow control device, obtaining backup flow of network flow and sending the backup flow to the detection device; after receiving a second flow traction instruction, drawing the network flow to a cleaning device; after receiving the flow discarding instruction, discarding the network flow;
the detection device is used for analyzing the received backup flow, acquiring the characteristic information of the backup flow and sending the characteristic information of the backup flow to the flow control device;
the flow control device is used for sending a first flow traction command to the router; judging whether the network flow meets a preset discarding condition or not according to the characteristic information of the backup flow, and sending a second flow traction instruction to the router when the judgment result is that the network flow does not meet the preset discarding condition; when the judgment result is that the network traffic meets the preset discarding condition, sending a traffic discarding instruction to the router;
and the cleaning device is used for carrying out attack identification and protection on the received network flow.
The embodiment of the invention provides a flow control device, which is used for protecting network attack before a target system is influenced, and has high protection efficiency, and the flow control device comprises:
the first instruction sending module is used for sending a first flow traction instruction to the router, and the router obtains the backup flow of the network flow and sends the backup flow to the detection device after receiving the first traction instruction of the flow control device;
the judging module is used for judging whether the network flow meets a preset discarding condition or not according to the characteristic information of the backup flow, wherein the characteristic information of the backup flow is obtained after the detection device analyzes the backup flow;
the second instruction sending module is used for sending a second flow traction instruction to the router when the judgment result is that the network flow does not meet the preset discarding condition, the router draws the network flow to the cleaning device after receiving the second flow traction instruction, and the cleaning device carries out attack identification and protection on the received network flow; and when the judgment result is that the network flow meets the preset discarding condition, sending a flow discarding instruction to the router, and discarding the network flow after the router receives the flow discarding instruction.
The embodiment of the invention provides a network attack protection method, which is used for protecting network attack before a target system is influenced and has high protection efficiency, and the method comprises the following steps:
sending a first flow traction instruction to a router, wherein the router obtains the backup flow of the network flow and sends the backup flow to a detection device after receiving the first traction instruction of the flow control device;
judging whether the network flow meets a preset discarding condition or not according to the characteristic information of the backup flow, wherein the characteristic information of the backup flow is obtained after the detection device analyzes the backup flow;
when the judgment result is that the network flow does not meet the preset discarding condition, sending a second flow traction instruction to the router, wherein the router pulls the network flow to a cleaning device after receiving the second flow traction instruction, and the cleaning device carries out attack identification and protection on the received network flow;
and when the judgment result is that the network flow meets the preset discarding condition, sending a flow discarding instruction to the router, and discarding the network flow after the router receives the flow discarding instruction.
The embodiment of the invention also provides computer equipment, which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor realizes the network attack protection method when executing the computer program.
The embodiment of the invention also provides a computer readable storage medium, which stores a computer program for executing the network attack protection method.
In the embodiment of the invention, the router is used for receiving the network flow sent to the target system; after receiving a first traction instruction of the flow control device, obtaining backup flow of network flow and sending the backup flow to the detection device; after receiving a second flow traction instruction, drawing the network flow to a cleaning device; after receiving the flow discarding instruction, discarding the network flow; the detection device is used for analyzing the received backup flow, acquiring the characteristic information of the backup flow and sending the characteristic information of the backup flow to the flow control device; the flow control device is used for sending a first flow traction command to the router; judging whether the network flow meets a preset discarding condition or not according to the characteristic information of the backup flow, and sending a second flow traction instruction to the router when the judgment result is that the network flow does not meet the preset discarding condition; when the judgment result is that the network traffic meets the preset discarding condition, sending a traffic discarding instruction to the router; and the cleaning device is used for carrying out attack identification and protection on the received network flow. In the process, the flow control device automatically identifies and protects the attack by issuing the first flow traction instruction, the second flow traction instruction and the flow discarding instruction to the router, so that the protection efficiency is improved, and the risk of a target system is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts. In the drawings:
FIG. 1 is a schematic diagram of a network attack protection system according to an embodiment of the present invention;
FIG. 2 is a schematic diagram illustrating a network attack protection process according to an embodiment of the present invention;
FIG. 3 is a schematic view of a flow control device in an embodiment of the present invention;
fig. 4 is a flowchart of a network attack protection method in an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention are further described in detail below with reference to the accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention.
In the description of the present specification, the terms "comprising," "including," "having," "containing," and the like are used in an open-ended fashion, i.e., to mean including, but not limited to. Reference to the description of the terms "one embodiment," "a particular embodiment," "some embodiments," "for example," etc., means that a particular feature, structure, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. The sequence of steps involved in the embodiments is for illustrative purposes to illustrate the implementation of the present application, and the sequence of steps is not limited and can be adjusted as needed.
Fig. 1 is a schematic diagram of a network attack protection system in an embodiment of the present invention, and as shown in fig. 1, the system includes:
the router is used for receiving the network flow sent to the target system; after receiving a first traction instruction of the flow control device, obtaining backup flow of network flow and sending the backup flow to the detection device; after receiving a second flow traction instruction, drawing the network flow to a cleaning device; after receiving the flow discarding instruction, discarding the network flow;
the detection device is used for analyzing the received backup flow, acquiring the characteristic information of the backup flow and sending the characteristic information of the backup flow to the flow control device;
the flow control device is used for sending a first flow traction command to the router; judging whether the network flow meets a preset discarding condition or not according to the characteristic information of the backup flow, and sending a second flow traction instruction to the router when the judgment result is that the network flow does not meet the preset discarding condition; when the judgment result is that the network traffic meets the preset discarding condition, sending a traffic discarding instruction to the router;
and the cleaning device is used for carrying out attack identification and protection on the received network flow.
In the process, the flow control device automatically identifies and protects the attack by issuing the first flow traction instruction, the second flow traction instruction and the flow discarding instruction to the router, so that the protection efficiency is improved, and the risk of a target system is reduced.
In specific implementation, the flow control device is a core device of the network attack protection system, and controls the router, the detection device and the cleaning device to realize network attack identification and protection. The general process is that a router firstly receives network flow sent to a target system, then a flow control device sends a first flow traction instruction to the router, the router obtains backup flow of the network flow and sends the backup flow to a detection device after receiving the first traction instruction of the flow control device, and the detection device analyzes the received backup flow, obtains characteristic information of the backup flow and sends the characteristic information of the backup flow to the flow control device; then, the flow control device judges whether the network flow meets a preset discarding condition according to the characteristic information of the backup flow, and sends a second flow traction instruction to the router when the judgment result shows that the network flow does not meet the preset discarding condition, and the router draws the network flow to a cleaning device after receiving the second flow traction instruction, and the cleaning device carries out attack identification and protection on the received network flow, which is the first type of identification and protection on network attack; and the flow control device sends a flow discarding instruction to the router when the judgment result shows that the network flow meets the preset discarding condition, and discards the network flow after receiving the flow discarding instruction, which is the second type of protection against network attack and is equivalent to discarding the network flow meeting the preset discarding condition in order to avoid the large flow from disrupting the system.
In one embodiment, the characteristic information of the backup traffic includes one of a traffic type, a traffic size, a traffic source, or any combination thereof.
In the above embodiment, the characteristic information of the backup flow may be sent by the flow control device to the detection module, and the flow control device controls analysis of the backup flow, that is, supports customized detection content, and improves flexibility of detection.
In an embodiment, the preset dropping condition is that the network traffic exceeds a target system load.
In the above embodiment, since the detection device generally detects the traffic type, and the target system loads corresponding to different traffic types are different, the target system loads corresponding to different preconfigured traffic types need to be obtained first, and then the traffic control device can determine whether the network traffic exceeds the target system load, it should be understood that the preset discarding condition may also be another discarding condition customized according to the feature information of the backup traffic, and related variations should fall within the protection scope of the present invention.
In an embodiment, the router is specifically configured to:
and copying the network flow with the set proportion to generate backup flow.
In the embodiment, the network flow with the set proportion is copied to generate the backup flow, and then the backup flow is sent to the detection device, so that the original network flow of the router is not influenced, and the protection accuracy is ensured.
In one embodiment, the cleaning device is specifically configured to:
judging whether the received network traffic is attack traffic;
when the network flow is attack flow, discarding the network flow;
when the network flow is non-attack flow, the network flow is reinjected to the router;
the router is specifically configured to: and sending the network flow reinjected by the cleaning device to a target system.
In the above embodiment, a specific process of protecting the cleaning device is given, and it is first determined whether the received network traffic is attack traffic, and there are various methods for determining whether the received network traffic is attack traffic. Fig. 2 is a schematic diagram of a network attack protection process in an embodiment of the present invention, in which a router first copies a network flow of a set proportion after receiving a first pulling instruction of a flow control device, generates a backup flow, and sends the backup flow to a detection device, the detection device analyzes the received backup flow, obtains characteristic information of the backup flow, and sends the characteristic information of the backup flow to the flow control device, the flow control device determines whether the network flow satisfies a preset dropping condition according to the characteristic information of the backup flow, and sends a second flow pulling instruction to the router when the determination result indicates that the network flow does not satisfy the preset dropping condition; when the judgment result is that the network traffic meets the preset discarding condition, sending a traffic discarding instruction to the router; after receiving the second traffic traction instruction, the router pulls the network traffic to the cleaning device, and the cleaning device discards the network traffic when the network traffic is attack traffic; when the network flow is non-attack flow, the network flow is reinjected to the router; the router sends the network traffic reinjected by the cleaning device to the target system. In addition, the router discards the network traffic after receiving the traffic discarding instruction.
In one embodiment, the flow control device is further configured to:
sending configuration information to a cleaning device, wherein the configuration information comprises identification modes of various attacks;
the cleaning device is specifically used for: and judging whether the received network traffic is attack traffic or not according to the received configuration information.
In the above embodiment, the identification modes of multiple attacks are issued by the traffic control device, so that the traffic control device realizes the overall control of identifying and protecting the network attack.
In one embodiment, the system further comprises a notification module, which is used for receiving the protection result fed back by the flow control device and/or the cleaning device and sending the protection result to a protection display device to notify protection management personnel.
To sum up, in the system provided in the embodiment of the present invention, the router is configured to receive the network traffic sent to the target system; after receiving a first traction instruction of the flow control device, obtaining backup flow of network flow and sending the backup flow to the detection device; after receiving a second flow traction instruction, drawing the network flow to a cleaning device; after receiving the flow discarding instruction, discarding the network flow; the detection device is used for analyzing the received backup flow, acquiring the characteristic information of the backup flow and sending the characteristic information of the backup flow to the flow control device; the flow control device is used for sending a first flow traction command to the router; judging whether the network flow meets a preset discarding condition or not according to the characteristic information of the backup flow, and sending a second flow traction instruction to the router when the judgment result is that the network flow does not meet the preset discarding condition; when the judgment result is that the network traffic meets the preset discarding condition, sending a traffic discarding instruction to the router; and the cleaning device is used for carrying out attack identification and protection on the received network flow. In the process, the flow control device automatically identifies and protects the attack by issuing the first flow traction instruction, the second flow traction instruction and the flow discarding instruction to the router, so that the protection efficiency is improved, and the risk of a target system is reduced. In addition, the flow control device controls the analysis of the backup flow, namely supports the customized detection content and improves the flexibility of detection. And generating backup flow, and then sending the backup flow to the detection device, so that the original network flow of the router is not influenced, and the protection accuracy is ensured. The identification modes of various attacks are issued by the flow control device, so that the total control of the flow control device on the identification and protection of the network attacks is realized.
An embodiment of the present invention further provides a flow control device, and fig. 3 is a schematic diagram of the flow control device in the embodiment of the present invention, as shown in fig. 3, the flow control device includes:
the first instruction sending module is used for sending a first flow traction instruction to the router, and the router obtains the backup flow of the network flow and sends the backup flow to the detection device after receiving the first traction instruction of the flow control device;
the judging module is used for judging whether the network flow meets a preset discarding condition or not according to the characteristic information of the backup flow, wherein the characteristic information of the backup flow is obtained after the detection device analyzes the backup flow;
the second instruction sending module is used for sending a second flow traction instruction to the router when the judgment result is that the network flow does not meet the preset discarding condition, the router draws the network flow to the cleaning device after receiving the second flow traction instruction, and the cleaning device carries out attack identification and protection on the received network flow; and when the judgment result is that the network flow meets the preset discarding condition, sending a flow discarding instruction to the router, and discarding the network flow after the router receives the flow discarding instruction.
In an embodiment, the preset dropping condition is that the network traffic exceeds a target system load.
In an embodiment, the apparatus further includes a configuration information sending module, configured to:
and sending configuration information to a cleaning device, wherein the configuration information comprises a plurality of attack identification modes, and the cleaning device judges whether the received network flow is attack flow according to the received configuration information.
In summary, in the flow control device provided in the embodiment of the present invention, the first instruction sending module is configured to send a first traffic pulling instruction to the router, and after receiving the first traffic pulling instruction of the flow control device, the router obtains a backup traffic of the network traffic and sends the backup traffic to the detection device; the judging module is used for judging whether the network flow meets a preset discarding condition or not according to the characteristic information of the backup flow, wherein the characteristic information of the backup flow is obtained after the detection device analyzes the backup flow; the second instruction sending module is used for sending a second flow traction instruction to the router when the judgment result is that the network flow does not meet the preset discarding condition, the router draws the network flow to the cleaning device after receiving the second flow traction instruction, and the cleaning device carries out attack identification and protection on the received network flow; and when the judgment result is that the network flow meets the preset discarding condition, sending a flow discarding instruction to the router, and discarding the network flow after the router receives the flow discarding instruction. In the process, the flow control device automatically identifies and protects the attack by issuing the first flow traction instruction, the second flow traction instruction and the flow discarding instruction to the router, so that the protection efficiency is improved, and the risk of a target system is reduced. In addition, the flow control device controls the analysis of the backup flow, namely supports the customized detection content and improves the flexibility of detection. And generating backup flow, and then sending the backup flow to the detection device, so that the original network flow of the router is not influenced, and the protection accuracy is ensured. The identification modes of various attacks are issued by the flow control device, so that the total control of the flow control device on the identification and protection of the network attacks is realized.
Based on the same inventive concept, the embodiment of the present invention further provides a network attack protection method, as described in the following embodiments. Because the principles of these solutions are similar to the network attack prevention device, the implementation of the method can be referred to the implementation of the device, and the repetition is not repeated.
Fig. 4 is a flowchart of a network attack protection method in the embodiment of the present invention, and as shown in fig. 4, the method includes:
step 401, sending a first traffic traction instruction to a router, wherein the router obtains a backup traffic of a network traffic and sends the backup traffic to a detection device after receiving the first traffic traction instruction of the traffic control device;
step 402, judging whether the network flow meets a preset discarding condition according to the characteristic information of the backup flow, wherein the characteristic information of the backup flow is obtained after the detection device analyzes the backup flow;
step 403, when the judgment result is that the network traffic does not meet the preset discarding condition, sending a second traffic traction instruction to the router, wherein the router, after receiving the second traffic traction instruction, draws the network traffic to a cleaning device, and the cleaning device performs attack identification and protection on the received network traffic;
and step 404, when the judgment result is that the network traffic meets the preset discarding condition, sending a traffic discarding instruction to the router, and discarding the network traffic after the router receives the traffic discarding instruction.
In summary, in the method provided in the embodiment of the present invention, a first traffic pulling instruction is sent to a router, and after receiving the first pulling instruction of the traffic control device, the router obtains a backup traffic of the network traffic and sends the backup traffic to the detection device; judging whether the network flow meets a preset discarding condition or not according to the characteristic information of the backup flow, wherein the characteristic information of the backup flow is obtained after the detection device analyzes the backup flow; when the judgment result is that the network flow does not meet the preset discarding condition, sending a second flow traction instruction to the router, wherein the router pulls the network flow to a cleaning device after receiving the second flow traction instruction, and the cleaning device carries out attack identification and protection on the received network flow; and when the judgment result is that the network flow meets the preset discarding condition, sending a flow discarding instruction to the router, and discarding the network flow after the router receives the flow discarding instruction. In the process, the first flow traction instruction, the second flow traction instruction and the flow discarding instruction are issued to the router, so that the attack is automatically identified and protected, the protection efficiency is improved, and the risk of a target system is reduced. In addition, the flow control device controls the analysis of the backup flow, namely supports the customized detection content and improves the flexibility of detection. And generating backup flow, and then sending the backup flow to the detection device, so that the original network flow of the router is not influenced, and the protection accuracy is ensured. And determining the identification modes of various attacks, and realizing the total control of the flow control device on the identification and protection of the network attack.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (11)

1. A network attack protection system, comprising:
the router is used for receiving the network flow sent to the target system; after receiving a first flow traction instruction of the flow control device, obtaining backup flow of network flow and sending the backup flow to the detection device; after receiving a second flow traction instruction, drawing the network flow to a cleaning device; after receiving the flow discarding instruction, discarding the network flow;
the detection device is used for analyzing the received backup flow, acquiring the characteristic information of the backup flow and sending the characteristic information of the backup flow to the flow control device;
the flow control device is used for sending a first flow traction command to the router; judging whether the network flow meets a preset discarding condition or not according to the characteristic information of the backup flow, and sending a second flow traction instruction to the router when the judgment result is that the network flow does not meet the preset discarding condition; when the judgment result is that the network traffic meets the preset discarding condition, sending a traffic discarding instruction to the router; sending configuration information to a cleaning device, wherein the configuration information comprises identification modes of various attacks;
and the cleaning device is used for judging whether the received network flow is attack flow according to the received configuration information and carrying out network attack protection.
2. The network attack defense system according to claim 1, wherein the preset drop condition is that network traffic exceeds a target system load.
3. The network attack protection system according to claim 1, wherein the router is specifically configured to:
and copying the network flow with the set proportion to generate backup flow.
4. The cyber attack protecting system according to claim 1, wherein the cleaning device is specifically configured to:
judging whether the received network traffic is attack traffic;
when the network flow is attack flow, discarding the network flow;
when the network flow is non-attack flow, the network flow is reinjected to the router;
the router is specifically configured to: and sending the network flow reinjected by the cleaning device to a target system.
5. The network attack protection system according to claim 1, wherein the characteristic information of the backup traffic includes one of a traffic type, a traffic size, a traffic source, or any combination thereof.
6. A flow control device, comprising:
the first instruction sending module is used for sending a first flow traction instruction to the router, and the router obtains the backup flow of the network flow and sends the backup flow to the detection device after receiving the first flow traction instruction of the flow control device;
the judging module is used for judging whether the network flow meets a preset discarding condition or not according to the characteristic information of the backup flow, wherein the characteristic information of the backup flow is obtained after the detection device analyzes the backup flow;
the second instruction sending module is used for sending a second flow traction instruction to the router when the judgment result is that the network flow does not meet the preset discarding condition, and the router draws the network flow to the cleaning device after receiving the second flow traction instruction; when the judgment result is that the network traffic meets the preset discarding condition, sending a traffic discarding instruction to a router, and discarding the network traffic after the router receives the traffic discarding instruction;
the configuration information sending module is used for sending configuration information to the cleaning device, the configuration information comprises a plurality of attack identification modes, and the cleaning device judges whether the received network flow is attack flow according to the received configuration information and carries out network attack protection.
7. The flow control device of claim 6, wherein the preset drop condition is network traffic exceeding a target system load.
8. A network attack protection method is characterized by comprising the following steps:
sending a first flow traction instruction to a router, wherein the router obtains the backup flow of the network flow and sends the backup flow to a detection device after receiving the first flow traction instruction of the flow control device;
judging whether the network flow meets a preset discarding condition or not according to the characteristic information of the backup flow, wherein the characteristic information of the backup flow is obtained after the detection device analyzes the backup flow;
when the judgment result is that the network flow does not meet the preset discarding condition, sending a second flow traction instruction to the router, and after receiving the second flow traction instruction, the router draws the network flow to the cleaning device;
sending configuration information to a cleaning device, wherein the configuration information comprises a plurality of attack identification modes, and the cleaning device judges whether the received network flow is attack flow according to the received configuration information and carries out network attack protection;
and when the judgment result is that the network flow meets the preset discarding condition, sending a flow discarding instruction to the router, and discarding the network flow after the router receives the flow discarding instruction.
9. The network attack protection method according to claim 8, wherein the preset dropping condition is that network traffic exceeds a target system load.
10. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of claims 8 to 9 when executing the computer program.
11. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program for executing the method of any one of claims 8 to 9.
CN201911086652.0A 2019-11-08 2019-11-08 Network attack protection system and method, and flow control device Active CN110830474B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911086652.0A CN110830474B (en) 2019-11-08 2019-11-08 Network attack protection system and method, and flow control device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911086652.0A CN110830474B (en) 2019-11-08 2019-11-08 Network attack protection system and method, and flow control device

Publications (2)

Publication Number Publication Date
CN110830474A CN110830474A (en) 2020-02-21
CN110830474B true CN110830474B (en) 2021-04-06

Family

ID=69553515

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911086652.0A Active CN110830474B (en) 2019-11-08 2019-11-08 Network attack protection system and method, and flow control device

Country Status (1)

Country Link
CN (1) CN110830474B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101431449A (en) * 2008-11-04 2009-05-13 中国科学院计算技术研究所 Network flux cleaning system
CN104767762A (en) * 2015-04-28 2015-07-08 亚信科技(南京)有限公司 Safety protection system
CN106921666A (en) * 2017-03-06 2017-07-04 中山大学 A kind of ddos attack system of defense and method based on Synergy
CN107959690A (en) * 2018-01-16 2018-04-24 中国人民解放军国防科技大学 DDoS attack cross-layer cooperative defense method based on software defined network
CN108270795A (en) * 2018-02-23 2018-07-10 上海市信息网络有限公司 The leakage-preventing self-rescue system of data safety, method, readable storage medium storing program for executing and equipment
CN110213214A (en) * 2018-06-06 2019-09-06 腾讯科技(深圳)有限公司 A kind of attack guarding method, system, device and storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108123919A (en) * 2016-11-29 2018-06-05 上海有云信息技术有限公司 The monitoring guard system and method for network
US10609152B2 (en) * 2017-07-11 2020-03-31 Cisco Technology, Inc. Creation of remote direct access path via internet to firewalled device using multi-site session forwarding

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101431449A (en) * 2008-11-04 2009-05-13 中国科学院计算技术研究所 Network flux cleaning system
CN104767762A (en) * 2015-04-28 2015-07-08 亚信科技(南京)有限公司 Safety protection system
CN106921666A (en) * 2017-03-06 2017-07-04 中山大学 A kind of ddos attack system of defense and method based on Synergy
CN107959690A (en) * 2018-01-16 2018-04-24 中国人民解放军国防科技大学 DDoS attack cross-layer cooperative defense method based on software defined network
CN108270795A (en) * 2018-02-23 2018-07-10 上海市信息网络有限公司 The leakage-preventing self-rescue system of data safety, method, readable storage medium storing program for executing and equipment
CN110213214A (en) * 2018-06-06 2019-09-06 腾讯科技(深圳)有限公司 A kind of attack guarding method, system, device and storage medium

Also Published As

Publication number Publication date
CN110830474A (en) 2020-02-21

Similar Documents

Publication Publication Date Title
CN108768943B (en) Method and device for detecting abnormal account and server
US8863284B1 (en) System and method for determining a security status of potentially malicious files
JP6878445B2 (en) Reactive and preemptive security systems for computer network and system protection
US9948667B2 (en) Signature rule processing method, server, and intrusion prevention system
US8739287B1 (en) Determining a security status of potentially malicious files
US8955153B2 (en) Privacy control in a social network
EP3068095A2 (en) Monitoring apparatus and method
US8635079B2 (en) System and method for sharing malware analysis results
CN112511517B (en) Mail detection method, device, equipment and medium
JP6482510B2 (en) System and method for detecting malicious files on virtual machines in distributed networks
JP5739034B1 (en) Attack detection system, attack detection device, attack detection method, and attack detection program
JP6904709B2 (en) Technology for detecting malicious electronic messages
CN110830474B (en) Network attack protection system and method, and flow control device
CN106817364B (en) Brute force cracking detection method and device
US11677582B2 (en) Detecting anomalies on a controller area network bus
CN110198298A (en) A kind of information processing method, device and storage medium
CN112217770B (en) Security detection method, security detection device, computer equipment and storage medium
CN113328976B (en) Security threat event identification method, device and equipment
CN104618427A (en) Method and device for monitoring file via network
CN114629694B (en) Distributed denial of service (DDoS) detection method and related device
JP2018156561A (en) Software evaluation program, software evaluation method, and information processor
JP2013162496A (en) Unauthorized content use determination device, method and program
KR20200005137A (en) Method and apparatus for issueing threat ticket to handle security event
CN115712544B (en) Monitoring system
CN108200088B (en) Attack protection processing method and device for network traffic

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: Room 702-2, No. 4811, Cao'an Highway, Jiading District, Shanghai

Patentee after: CHINA UNITECHS

Address before: 100872 5th floor, Renmin culture building, 59 Zhongguancun Street, Haidian District, Beijing

Patentee before: CHINA UNITECHS