KR20110026926A - (method for blocking distributed denial of service - Google Patents

(method for blocking distributed denial of service Download PDF

Info

Publication number
KR20110026926A
KR20110026926A KR1020090084782A KR20090084782A KR20110026926A KR 20110026926 A KR20110026926 A KR 20110026926A KR 1020090084782 A KR1020090084782 A KR 1020090084782A KR 20090084782 A KR20090084782 A KR 20090084782A KR 20110026926 A KR20110026926 A KR 20110026926A
Authority
KR
South Korea
Prior art keywords
attack
traffic
server
network
blocking
Prior art date
Application number
KR1020090084782A
Other languages
Korean (ko)
Inventor
이재원
Original Assignee
(주)제이투씨엔에스
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by (주)제이투씨엔에스 filed Critical (주)제이투씨엔에스
Priority to KR1020090084782A priority Critical patent/KR20110026926A/en
Publication of KR20110026926A publication Critical patent/KR20110026926A/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Abstract

PURPOSE: A method for DDoS(Blocking Distributed Denial of Service) is provided to protect a computer system from a cyber terror. CONSTITUTION: Network decides whether the traffic state is under a DDoS attack or not at an attack perception stage(S1). In detour stage, the DDoS attack is detoured to a virtual private network(S2). In an attack block stage, a band width in which the attack target server is belonged is secured(S3). In a normal traffic supply stage, the normal traffic is offered to the virtual private network server and the attack target server(S4).

Description

Method for blocking Distributed Denial of Service

The present invention provides a method for defending against a denial of service attack, more specifically, a distributed service denial of service attack that bypasses the attack traffic using a VPN and then defends the attack through multi-level filtering when a distributed denial of service attack occurs on the network. It is about a method.

Distributed Denial of Service Attack (DDoS Attack) is an attack that depletes network resources or resources of internal system and prevents normal users from receiving desired services. Since various attack tools are open to the public, anyone can easily perform a distributed service denial attack using the attack tool, and the damage to the target system is relatively severe. Therefore, many techniques for defending such distributed service denial attacks are used.

However, many techniques for defending distributed service denial attacks simply limit the incoming traffic (QoS) or classify normal traffic and attack traffic. Even if such a technology is perfect, there is a problem that the network is disconnected when excessive attack traffic occurs due to insufficient traffic bandwidth of the network interworking network.

Distributed denial of service attacks are divided into attacks using TCP protocol connection establishment and attacks using simple UDP traffic. The most common type of attack using the TCP protocol connection establishment is the TCP Flooding Attack, which exploits the vulnerability of 3way handshaking when attempting to communicate using TCP.

In 3way-handshaking, when a client sends a SYN packet specifying the server's port number and initial sequence number (ISN), the server then sends the client the server's initial sequence number and the client's ISN + 1. It sends the included SYN-ACK packet, so that the client responds with an ACK packet to the SYN-ACK packet from the server. This three-step process establishes a TCP connection. An attack using TCP connection establishment bypasses the last three steps and sends only a large number of SYN packets to the server, exhausting all the buffers used by the server and making it impossible to make any more connections.

Attacks that simply use traffic congestion include attacks that send large UDP packets or ICMP packets, and attacks that generate normal HTTP requests. An Internet Control Message Protocol (ICMP) attack is a type of attack that sends a large amount of ICMP echo packets, such as ping flooding and smurf attacks.

Conventional techniques for blocking DoS attacks include improving the server side algorithms of the TCP protocol or adjusting the traffic volume. Improving the server side algorithm of the TCP protocol improves the TCP connection establishment algorithm to distinguish spoofed client IPs or to prevent incorrect connection attempts. However, attacks that overrun a normal TCP connection or exceed network bandwidth with UDP or ICMP cannot be prevented.

Defending Distributed Service Rejection Attacks As a defense device, there are two types of defense devices: detecting a distributed service attack and analyzing and defending the attack from the detected attacks. Detection of distributed service denial attacks is generally based on the threshold of communication. Is done. More specifically, pre-specify or dynamically determine the thresholds for traffic and traffic (QoS) that you want to allow for each network situation, and then monitor all communication across the network to see if the threshold has been exceeded. . At this time, if the allowed threshold is exceeded and the source address of incoming traffic is distributed to several places, it is determined as a distributed service denial attack.

If it is determined that the distributed service denial of attack, it is generally responded to the distributed denial of service attack by adjusting the amount of traffic transmitted to the attacked system or adjusting the amount of traffic for a specific service. However, distributed service denial attacks are concentrated traffic congestion that many attacking clients attack specific target servers. However, even though the distinction between normal and attacking clients is clear, if the network bandwidth where the target server is located is not secured, The work paralyzes.

The present invention has been made to solve the above problems, more specifically, it is determined whether the traffic state from the network to the target server in the network is a distributed denial of service attack; If the traffic state is attack traffic detected as a distributed service denial of attack, bypassing the attack traffic to the virtual private network having the network bandwidth of the physical line to the DNS server through the attack defense device; Block or filter attack traffic in a virtual private network step by step to guarantee the bandwidth of the network where the target server is located; It is an object of the present invention to provide a method for blocking a distributed service denial attack that provides normal traffic to a VPN server located in a virtual private network and a target server to be tunneled.

In the method for blocking a distributed service denial attack of the present invention for achieving the above object, the traffic state toward the target server S1 in a network through the attack defense device 10 is denied distributed service. Attack detection step (S1) for determining whether the attack; If the traffic state is attack traffic detected as a distributed denial of service attack, a virtual private network (VPN: virtual network secured a network bandwidth of a physical line to the DNS server 6 through the attack defense device 10). bypassing the attack traffic to a private network (S2); Blocking or filtering the attack traffic in the virtual private network step by step, attack blocking step (S3) to ensure the bandwidth of the network network in which the attack target server (S1) is located; And providing normal traffic among the traffic passing through the attack blocking step (S3) to the attack target server 4 tunneled with the VPN server 22 located in the virtual private network (S4). It is characterized by including.

In the attack detection step (S1), the traffic state is one of the form of ICMP flow, UDP flow, TCP SYN flooding (TCP) through the TCP packet or the form of increasing the session value generation of the target server (4) By monitoring, the target server 4 is characterized in that it detects whether the distributed service denial attack.

The bypass step (S2), through the attack defense device 10, the IP address to which the attack traffic is directed to change from the IP address of the target server 4 to the IP address of the VPN server 22 The DNS server 6 is requested.

The attack blocking step (S3), the first attack blocking step (S31) for defending the distributed service denial attack of at least one type of ICMP flow or UDP flow of the attack traffic through the attack defense equipment (10); A second attack blocking step (S32) of defending the distributed service denial attack in the form of TCP SYN flooding through a TCP packet of the attack traffic passing through the first attack blocking step (S31); And a third attack blocking step (S33) of defending the distributed service rejection attack in the form of increasing the session value generation of the target server 4 through the attacker terminal after the second attack blocking step (S32). It characterized in that it includes;

The normal traffic providing step (S4), through the attack defense device 10, characterized in that to provide the normal traffic to the target server (4), which is a VPN client tunneled TCP with the VPN server 22 do.

According to the present invention as described above, by bypassing the attack traffic to the virtual private network to block the attack traffic, defend the distributed service denial attack, and provides only the normal packet to the target server in the state of the data loss and slowdown does not occur There is.

In addition, by using the VPN tunneling technology, by switching the traffic to a place where the network bandwidth is secured, there is an effect that can prevent the network is paralyzed in the case of bandwidth overrun attack.

In addition, by determining and filtering abnormal traffic and normal traffic, the server availability is guaranteed, and the attacker does not know the location or IP of the actual network, making it difficult to collect information and guaranteeing normal user access.

Hereinafter, preferred embodiments of the present invention will be described with reference to the accompanying drawings such that those skilled in the art may easily implement the present invention.

1 is a diagram illustrating a network configuration for a method for blocking a distributed service denial attack according to an embodiment of the present invention, and FIG. 2 is a detailed view of an attack defense device according to a method for blocking a distributed service denial attack according to an embodiment of the present invention. 3 is a flowchart of a method for blocking a distributed denial of service attack according to an embodiment of the present invention. A description with reference to FIGS. 1 to 3 is as follows.

The attack defense equipment 10 for applying a method for blocking a distributed service denial attack includes: an attack detection unit 12 for monitoring whether a traffic condition is directed to an attack target server 4 and detecting whether the attack traffic is attack traffic; An IP change unit 14 for requesting the DNS server 6 to change the IP address to which the attack traffic is directed from the IP address of the target server to the IP address of the VPN server 22; A router 18 capable of accommodating a large amount of ICMP flow or UDP flow; Filtering equipment 20 for filtering TCP SYN flooding attacks over TCP packets, including a web firewall; And a VPN server 22 tunneled with the attack target server 4 using the attack target server 4 as a VPN client.

The attack defense device 10 determines whether the traffic suspected of being a distributed service denial attack is a distributed service denial attack, and thus, in the case of a distributed service denial attack, blocks the distributed service denial attack.

The virtual private network (internal network) may be composed of attack defense equipment 10 having a router 18 and a switch. As shown in FIG. 1, the attack defense device 10 to defend against distributed service denial attacks includes a router 18 capable of accommodating a large amount of attack traffic, and a VPN server 22 to configure TCP-based tunneling. ) Is located, and there is a switch at the bottom of the VPN server 22.

The attack defense device 10 may be connected to the attacker terminal 2, the DNS server 6, and the attack target server 4 constituting the network network according to the present invention.

Through the Internet, an attacker modulates a source address into an arbitrary address and performs a distributed service denial attack to the target server (4). At this time, the attack defense equipment 10 for defending the distributed service denial attack performs a function of detecting and defending the attack.

The present invention provides a normal packet to the target server 4 while the attack defense device 10 defends the distributed service rejection attack through the attack traffic, and the VPN server 22 is tunneled with the target server 4. It can be seen that.

The external network may be composed of a network network, an attacker terminal 2 (ATTACK PC) and a source used for an attack. In addition, the external network may include an attacker terminal 2, a DNS (Domain Name System) server (6), and the target server (4), each component is connected through a network.

The attacker terminal 2 may provide traffic for performing a distributed service denial attack to the target server 4 through a network network, and the attacker terminal 2 may be mobilized by a plurality of ISPs (Internet Service Providers). Can be connected to the target server (4).

The DNS server 6 is a name service system that translates a domain or host name into a numerical IP address (Internet Protocol address) in a network. The function for resolving an IP address corresponding to a domain or host name, such as a user using a network, may be achieved through communication between one or more of the devices of the DNS server 6 in the DNS server 6. .

One embodiment of the present invention, through the attack defense equipment 10, attack detection step (S1) for determining whether the traffic (traffic) to the attack target server (S1) in the network network is a distributed service rejection attack; If the traffic state is attack traffic detected as a distributed denial of service attack, a virtual private network (VPN: virtual network secured a network bandwidth of a physical line to the DNS server 6 through the attack defense device 10). bypassing the attack traffic to a private network (S2); Blocking or filtering the attack traffic in the virtual private network step by step, attack blocking step (S3) to ensure the bandwidth of the network network in which the attack target server (S1) is located; And providing normal traffic among the traffic passing through the attack blocking step (S3) to the attack target server 4 tunneled with the VPN server 22 located in the virtual private network (S4). It is characterized by including.

In a normal network state where a distributed denial of service attack does not occur, the virtual private network is not used, but in the case of a distributed denial of service attack, the distributed denial of service attack can be prevented by utilizing the components of the virtual private network that is already established. .

In the attack detection step (S1), the traffic state is one of the form of ICMP flow, UDP flow, TCP SYN flooding (TCP) through the TCP packet or the form of increasing the session value generation of the target server (4) By monitoring, it is possible to detect whether the attack target server 4 is subjected to a distributed service denial attack.

Attack detection step (S1) may be performed through the attack detection unit 12 provided in the attack defense equipment 10, the attack detection unit 12 may be implemented through a monitoring server for DDoS attack detection.

The attack detection unit 12 inspects the traffic destined for the attack target server 4 and monitors the state of the attack target server 4 to monitor whether traffic suspected of a distributed service denial attack to the attack target server 4 is generated. And detectable.

That is, when the traffic state of the attack target server 4 exceeds a preset reference value, the attack detection unit 12 may detect whether the traffic state of the attack target server 4 is a distributed service rejection attack.

Traffic conditions may be detected while being classified in the attack detection unit 12 in the form of ICMP flow, UDP flow, TCP SYN flooding through TCP packets, or increasing the generation of session values of the target server 4. have.

The attack detection unit 12 may be included in a site or servers to which the method for blocking a distributed service denial attack according to the present invention may be applied, or may be performed in a separate device.

The bypass step (S2), through the attack defense device 10, the IP address to which the attack traffic is directed to change from the IP address of the target server 4 to the IP address of the VPN server 22 The DNS server 6 can be requested.

When traffic suspected of a distributed service rejection attack to the target server 4 is generated, the attack detection unit 12 outputs an attack detection signal and changes the IP provided in the attack defense equipment 10 to which the attack detection signal is applied. The unit 14 requests the DNS server 6 to change the IP address. To this end, the DNS server 6 and the IP change unit 14 is preferably connected in a network.

In this case, the IP changing unit 14 requests the DNS server 6 to change the IP address to which the attack traffic is directed from the IP address of the target server 4 to the IP address of the VPN server 22, and the DNS The server 6 changes the IP address to which the attack traffic is directed to the IP address of the VPN server 22.

As shown, the DNS server 6 can change the IP address (xxx.xxx.xxx.x1) of the target server 4 to the IP address (xxx.xxx.xxx.x2) of the VPN server 22. have.

Through this, the distributed denial of service attack destination is changed to the VPN server 22, not the target server (4).

The virtual private network according to the present invention may block an attack in which network bandwidth is exhausted due to a distributed service denial attack in the form of ICMP flow or UDP flow among attack traffic. There is an advantage that can block overall UDP, ICMP protocol used in network bandwidth vulnerability attack.

To this end, the virtual private network may be formed of a 200G network in which network bandwidth of a physical circuit is secured to block a large amount of ICMP flow or UDP flow.

The attack blocking step (S3), the first attack blocking step (S31) for defending the distributed service denial attack of at least one type of ICMP flow or UDP flow of the attack traffic through the attack defense equipment (10); A second attack blocking step (S32) of defending the distributed service denial attack in the form of TCP SYN flooding through a TCP packet of the attack traffic passing through the first attack blocking step (S31); And a third attack blocking step (S33) of defending the distributed service rejection attack in the form of increasing the session value generation of the target server 4 through the attacker terminal after the second attack blocking step (S32). It may include;

The first to third attack blocking steps S1, S2, and S3 may be performed through the attack blocking unit 16 provided in the attack defense equipment 10.

In the first attack blocking step S31, the router 18 provided in the attack blocking unit 16 can protect a distributed service denial attack in the form of ICMP flows and UDP flows while accommodating a large amount of ICMP flows and UDP flows. have. That is, through the 20G (Giga) bandwidth of the virtual private network, when a bandwidth attack through a large amount of ICMP flow, UDP flow, it is possible to block the distributed service denial attack.

In the second attack blocking step S32, the filtering device 20 provided in the attack blocking unit 16 performs a distributed service denial attack while filtering a TCP SYN flooding attack through a TCP packet directed to the target server 4. Defend

That is, the second attack blocking step (S32) analyzes the network behavior, and when the overload attack of the target server (4) through the TCP SYN flooding attack enters the attack through the TCP packet without affecting the network line bandwidth To defend.

In the third attack blocking step S33, when the attacker terminal 2 makes a request to the attack target server 4 through the attack defense equipment 10, a session value is generated to increase the load of the attack target server 4. It is possible to prevent the distributed service denial attack in the form of increasing the session value generation.

The present invention is able to block the attack traffic for abnormal distributed denial of service attack step by step through the three-step attack blocking, there is an advantage that can be passed through the normal traffic.

In the normal traffic providing step S4, the normal traffic may be provided to the target server 4, which is a VPN client that is TCP-tunneled with the VPN server 22 through the attack defense device 10.

Through the normal traffic providing step S4, the target server 4 may receive normal traffic through VPN tunneling implemented with the TCP protocol, which is a TCP tunneling with the VPN server 22 as a VPN client.

To this end, the VPN server 22 and the VPN client may be formed of a real 5G network so that normal traffic, which is a normal packet, may be delivered.

That is, the present invention bypasses the attack traffic directed to the attack target server 4 to the virtual private network, blocks the attack traffic through the attack defense equipment 10, and the attack target server that is TCP tunneled with the VPN server 22 ( It is possible to block the distributed service denial attack to the target server 4 while providing normal traffic to 4).

The present invention has been described with reference to the preferred embodiment as described above, but is not limited to the above embodiment, it should be interpreted by the appended claims. In addition, various modifications and variations may be made by those skilled in the art within the equivalent scope of the technical concept of the present invention and the appended claims.

1 is a diagram illustrating a network configuration for a method for blocking a distributed service denial attack according to an embodiment of the present invention.

Figure 2 is a detailed view of the attack defense equipment according to the method for blocking distributed service denial of attack of an embodiment of the present invention,

3 is a flowchart illustrating a method for blocking a distributed service denial attack according to an embodiment of the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS FIG.

2: attacker terminal 4: target server

6: DNS Server 10: Attack Defense

12: attack detection unit 14: IP change unit

16: Attack Blocker 22: VPN Server

Claims (5)

In the method of preventing Distributed Denial of Service (DDoS) attacks on the target server (4) on the network, Attack detection step (S1) through the attack defense equipment 10, determining whether the traffic (traffic) state to the attack target server (S1) in the network network is a distributed service rejection attack; When the traffic state is attack traffic detected as a distributed service denial attack, a virtual private network (VPN) in which network bandwidth of a physical line is secured to the DNS server 6 through the attack defense device 10. Bypass step (S2) to bypass the attack traffic; Blocking or filtering the attack traffic in the virtual private network step by step, attack blocking step (S3) to ensure the bandwidth of the network network in which the attack target server (S1) is located; And A normal traffic providing step (S4) of providing normal traffic among the traffic passing through the attack blocking step (S3) to the attack target server 4 tunneled with the VPN server 22 located in the virtual private network; Method for blocking a distributed service denial attack, characterized in that. The method of claim 1, In the attack detection step (S1), Monitoring whether the traffic state is one of an ICMP flow, a UDP flow, a TCP SYN flooding through a TCP packet, or an increase in the generation of a session value of the target server 4; ) Detecting whether a distributed service denial of service attack is received. The method of claim 1, The bypass step (S2), Through the attack defense device 10, requesting the DNS server 6 to change the IP address to which the attack traffic is directed from the IP address of the target server 4 to the IP address of the VPN server 22. Method for blocking a distributed service denial attack, characterized in that. The method of claim 1, The attack blocking step (S3), A first attack blocking step (S31) of defending the distributed service denial attack of at least one type of ICMP flow or UDP flow among the attack traffic through the attack defense equipment 10; A second attack blocking step (S32) of defending the distributed service denial attack in the form of TCP SYN flooding through a TCP packet of the attack traffic passing through the first attack blocking step (S31); And After the second attack blocking step (S32), the third attack blocking step (S33) for defending the distributed service rejection attack in the form of increasing the session value generation of the attack target server (4) through the attacker terminal How to block a distributed service denial of attack, characterized in that it comprises a. The method of claim 1, The normal traffic providing step (S4), Through the attack defense device (10), the normal server to the attack target server (4) which is a VPN client tunneled TCP with the VPN server (22) characterized in that the distributed service rejection attack blocking method.
KR1020090084782A 2009-09-09 2009-09-09 (method for blocking distributed denial of service KR20110026926A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020090084782A KR20110026926A (en) 2009-09-09 2009-09-09 (method for blocking distributed denial of service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020090084782A KR20110026926A (en) 2009-09-09 2009-09-09 (method for blocking distributed denial of service

Publications (1)

Publication Number Publication Date
KR20110026926A true KR20110026926A (en) 2011-03-16

Family

ID=43933822

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020090084782A KR20110026926A (en) 2009-09-09 2009-09-09 (method for blocking distributed denial of service

Country Status (1)

Country Link
KR (1) KR20110026926A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101231035B1 (en) * 2011-09-06 2013-02-07 건국대학교 산학협력단 A system of invite flooding attack detection and defense using sip in voip service and the mehtod thereof
KR101235782B1 (en) * 2011-06-14 2013-02-22 주식회사 엘지유플러스 System and method for protecting communication network using terminal remote control
KR101379803B1 (en) * 2012-07-04 2014-03-31 주식회사 비씨클라우드 System for distributing abnormal traffic and method of distributing abnormal traffice using the same
KR101502490B1 (en) * 2013-10-18 2015-03-13 주식회사 케이티 Subscibe terminal and security farm node for monitoring network traffic
KR20150132746A (en) * 2014-05-16 2015-11-26 주식회사 케이티 Method and system for protecting DDoS attack
KR20170103481A (en) * 2016-03-04 2017-09-13 삼성에스디에스 주식회사 System and method for network security
KR102162976B1 (en) * 2020-01-10 2020-10-07 박승필 System for eqluating security effectiveness and responding and method thereof

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101235782B1 (en) * 2011-06-14 2013-02-22 주식회사 엘지유플러스 System and method for protecting communication network using terminal remote control
KR101231035B1 (en) * 2011-09-06 2013-02-07 건국대학교 산학협력단 A system of invite flooding attack detection and defense using sip in voip service and the mehtod thereof
KR101379803B1 (en) * 2012-07-04 2014-03-31 주식회사 비씨클라우드 System for distributing abnormal traffic and method of distributing abnormal traffice using the same
KR101502490B1 (en) * 2013-10-18 2015-03-13 주식회사 케이티 Subscibe terminal and security farm node for monitoring network traffic
US9674142B2 (en) 2013-10-18 2017-06-06 Kt Corporation Monitoring network traffic
KR20150132746A (en) * 2014-05-16 2015-11-26 주식회사 케이티 Method and system for protecting DDoS attack
KR20170103481A (en) * 2016-03-04 2017-09-13 삼성에스디에스 주식회사 System and method for network security
KR102162976B1 (en) * 2020-01-10 2020-10-07 박승필 System for eqluating security effectiveness and responding and method thereof

Similar Documents

Publication Publication Date Title
US7930740B2 (en) System and method for detection and mitigation of distributed denial of service attacks
US7836498B2 (en) Device to protect victim sites during denial of service attacks
KR101442020B1 (en) Method and apparatus for preventing transmission control protocol flooding attacks
US7043759B2 (en) Architecture to thwart denial of service attacks
US7398317B2 (en) Thwarting connection-based denial of service attacks
US7124440B2 (en) Monitoring network traffic denial of service attacks
EP2974215B1 (en) Protecting networks from cyber attacks and overloading
US7743134B2 (en) Thwarting source address spoofing-based denial of service attacks
US7278159B2 (en) Coordinated thwarting of denial of service attacks
US7356689B2 (en) Method and apparatus for tracing packets in a communications network
US7702806B2 (en) Statistics collection for network traffic
US7301899B2 (en) Prevention of bandwidth congestion in a denial of service or other internet-based attack
Mihai-Gabriel et al. Achieving DDoS resiliency in a software defined network by intelligent risk assessment based on neural networks and danger theory
KR20110026926A (en) (method for blocking distributed denial of service
KR100950900B1 (en) Protection Method and System for Distributed Denial of Service Attack
Ashutosh An insight in to network traffic analysis using packet sniffer
US10911484B2 (en) Method for providing a connection between a communications service provider and an internet protocol, IP, server, providing a service, as well as a perimeter network, comprising the IP server, and an IP server providing the service
Kumarasamy et al. An active defense mechanism for TCP SYN flooding attacks
Thang et al. Synflood spoofed source DDoS attack defense based on packet ID anomaly detection with bloom filter
Kumar et al. An analysis of tcp syn flooding attack and defense mechanism
KR20170066907A (en) Software Defined Network based Network Flooding Attack Detection/Protection Method and System
Malekzadeh et al. Assessment of high and low rate protocol-based attacks on Ethernet networks
Sharma et al. Everything on DDoS Attacks, DDoS incidents & DDoS Defense Mechanisms!
Chou et al. gore: Routing-assisted defense against DDoS attacks
Bala et al. Quality based Bottom-up-Detection and Prevention Techniques for DDOS in MANET

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E601 Decision to refuse application