PL3654606T3 - Sposób i system oczyszczania pakietów danych do przesiewania pakietów danych odbieranych w infrastrukturze usługowej - Google Patents

Sposób i system oczyszczania pakietów danych do przesiewania pakietów danych odbieranych w infrastrukturze usługowej

Info

Publication number
PL3654606T3
PL3654606T3 PL18315043T PL18315043T PL3654606T3 PL 3654606 T3 PL3654606 T3 PL 3654606T3 PL 18315043 T PL18315043 T PL 18315043T PL 18315043 T PL18315043 T PL 18315043T PL 3654606 T3 PL3654606 T3 PL 3654606T3
Authority
PL
Poland
Prior art keywords
cleaning system
packets received
service infrastructure
data packet
data packets
Prior art date
Application number
PL18315043T
Other languages
English (en)
Inventor
Aurélien Dudouit
Original Assignee
Ovh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ovh filed Critical Ovh
Publication of PL3654606T3 publication Critical patent/PL3654606T3/pl

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/70Routing based on monitoring results
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/32Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/141Denial of service attacks against endpoints in a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
PL18315043T 2018-11-15 2018-11-15 Sposób i system oczyszczania pakietów danych do przesiewania pakietów danych odbieranych w infrastrukturze usługowej PL3654606T3 (pl)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP18315043.2A EP3654606B1 (en) 2018-11-15 2018-11-15 Method and data packet cleaning system for screening data packets received at a service infrastructure

Publications (1)

Publication Number Publication Date
PL3654606T3 true PL3654606T3 (pl) 2022-04-04

Family

ID=65199280

Family Applications (1)

Application Number Title Priority Date Filing Date
PL18315043T PL3654606T3 (pl) 2018-11-15 2018-11-15 Sposób i system oczyszczania pakietów danych do przesiewania pakietów danych odbieranych w infrastrukturze usługowej

Country Status (5)

Country Link
US (1) US11411986B2 (pl)
EP (1) EP3654606B1 (pl)
CN (1) CN111193594B (pl)
DK (1) DK3654606T3 (pl)
PL (1) PL3654606T3 (pl)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110768975B (zh) * 2019-10-21 2022-05-31 杭州迪普科技股份有限公司 流量清洗方法、装置、电子设备及机器可读存储介质
CN117203942A (zh) * 2021-04-26 2023-12-08 华为云计算技术有限公司 用于监督计算机网络中的连接的方法和执行单元
KR102594137B1 (ko) * 2021-11-17 2023-10-26 주식회사 윈스 DDoS 공격 탐지 방법 및 장치
CN117134918B (zh) * 2023-07-20 2024-09-24 威艾特科技(深圳)有限公司 一种分布式数据签名校验方法及装置

Family Cites Families (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7512980B2 (en) 2001-11-30 2009-03-31 Lancope, Inc. Packet sampling flow-based detection of network intrusions
US7222366B2 (en) 2002-01-28 2007-05-22 International Business Machines Corporation Intrusion event filtering
US7596807B2 (en) * 2003-07-03 2009-09-29 Arbor Networks, Inc. Method and system for reducing scope of self-propagating attack code in network
GB0402739D0 (en) 2004-02-09 2004-03-10 Saviso Group Ltd Methods and apparatus for routing in a network
US7609625B2 (en) 2005-07-06 2009-10-27 Fortinet, Inc. Systems and methods for detecting and preventing flooding attacks in a network environment
US20080127324A1 (en) 2006-11-24 2008-05-29 Electronics And Telecommunications Research Institute DDoS FLOODING ATTACK RESPONSE APPROACH USING DETERMINISTIC PUSH BACK METHOD
US8065729B2 (en) 2006-12-01 2011-11-22 Electronics And Telecommunications Research Institute Method and apparatus for generating network attack signature
US8020207B2 (en) 2007-01-23 2011-09-13 Alcatel Lucent Containment mechanism for potentially contaminated end systems
US8374102B2 (en) * 2007-10-02 2013-02-12 Tellabs Communications Canada, Ltd. Intelligent collection and management of flow statistics
US8813221B1 (en) * 2008-09-25 2014-08-19 Sonicwall, Inc. Reassembly-free deep packet inspection on multi-core hardware
US8677473B2 (en) * 2008-11-18 2014-03-18 International Business Machines Corporation Network intrusion protection
US8336098B2 (en) * 2009-03-25 2012-12-18 Sysmate Co., Ltd. Method and apparatus for classifying harmful packet
US8614955B2 (en) * 2009-09-22 2013-12-24 Ixia Misdirected packet detection apparatus and method
US20110153811A1 (en) 2009-12-18 2011-06-23 Hyun Cheol Jeong System and method for modeling activity patterns of network traffic to detect botnets
US9094288B1 (en) 2011-10-26 2015-07-28 Narus, Inc. Automated discovery, attribution, analysis, and risk assessment of security threats
US8681794B2 (en) * 2011-11-30 2014-03-25 Broadcom Corporation System and method for efficient matching of regular expression patterns across multiple packets
KR20150037940A (ko) * 2012-07-31 2015-04-08 휴렛-팩커드 디벨롭먼트 컴퍼니, 엘.피. 네트워크 트래픽 처리 시스템
US8856924B2 (en) 2012-08-07 2014-10-07 Cloudflare, Inc. Mitigating a denial-of-service attack in a cloud-based proxy service
KR20140088340A (ko) 2013-01-02 2014-07-10 한국전자통신연구원 오픈플로우 스위치에서의 디도스 공격 처리 장치 및 방법
US9430646B1 (en) 2013-03-14 2016-08-30 Fireeye, Inc. Distributed systems and methods for automatically detecting unknown bots and botnets
US9276955B1 (en) 2014-09-17 2016-03-01 Fortinet, Inc. Hardware-logic based flow collector for distributed denial of service (DDoS) attack mitigation
US10116692B2 (en) 2015-09-04 2018-10-30 Arbor Networks, Inc. Scalable DDoS protection of SSL-encrypted services
US9930057B2 (en) * 2015-10-05 2018-03-27 Cisco Technology, Inc. Dynamic deep packet inspection for anomaly detection
US10038715B1 (en) * 2017-08-01 2018-07-31 Cloudflare, Inc. Identifying and mitigating denial of service (DoS) attacks
US20190052553A1 (en) * 2018-02-27 2019-02-14 Intel Corporation Architectures and methods for deep packet inspection using alphabet and bitmap-based compression

Also Published As

Publication number Publication date
EP3654606B1 (en) 2022-01-05
CN111193594A (zh) 2020-05-22
US11411986B2 (en) 2022-08-09
US20200162507A1 (en) 2020-05-21
DK3654606T3 (da) 2022-02-14
EP3654606A1 (en) 2020-05-20
CN111193594B (zh) 2022-10-21

Similar Documents

Publication Publication Date Title
PL3654606T3 (pl) Sposób i system oczyszczania pakietów danych do przesiewania pakietów danych odbieranych w infrastrukturze usługowej
PL3593249T3 (pl) System i sposób kończenia protokołu zmiany widoku
EP3905609A4 (en) METHOD OF SERVICE DATA FORWARDING, NETWORK DEVICE AND NETWORK SYSTEM
GB2567026B (en) Methods and systems for transmitting information packets through tunnel groups at a network node
EP3500055A4 (en) METHOD, APPARATUS, AND SYSTEM FOR DYNAMICALLY ESTABLISHING A LOCAL PACKET DATA NETWORK
EP3915298C0 (en) METHOD AND DEVICE FOR TRANSMITTING RADIO DATA OVER A FRONTHAUL NETWORK
EP3979594A4 (en) PACKET FORWARDING METHOD AND APPARATUS FOR HETEROGENEOUS NETWORK
EP3709602A4 (en) SERVICE PACKAGE SENDING PROCESS, NETWORK DEVICE, AND SYSTEM
GB2572982C (en) System and method for creating group networks between network devices
IL273375A (en) A method for transmitting information, a terminal device and a network device
EP4030706A4 (en) TRAFFIC ALLOCATION METHOD FOR A PATH, NETWORK DEVICE AND NETWORK SYSTEM
EP3562109A4 (en) MULTIPLE PACKET IDENTIFICATION METHOD, DATA PACKET IDENTIFICATION METHOD, AND TRAFFIC GUIDANCE METHOD
EP3567483A4 (en) METHOD FOR PROCESSING SERVICE DATA AND NETWORK DEVICE
SG11202101286XA (en) Method for transmitting information, terminal device and network device
EP3681130A4 (en) METHOD, DEVICE AND SYSTEM FOR TRANSMISSION OF FIXED NETWORK PACKAGES
EP3718270A4 (en) SYSTEM AND METHOD FOR ACCELERATION OR DECELERATION OF A DATA TRANSPORT NETWORK PROTOCOL BASED ON REAL-TIME TRANSPORT NETWORK CONGESTION CONDITIONS
EP4064755A4 (en) METHOD AND APPARATUS FOR SENDING DATA PACKETS, AND METHOD AND APPARATUS FOR RECEIVING DATA PACKETS
EP4024786A4 (en) SERVICE DELIVERY METHOD AND APPARATUS
EP3791544C0 (en) SYSTEM AND METHOD FOR DISTRIBUTING PACKAGES IN A NETWORK
NO20201272A1 (en) System and method for cybersecurity framework among network devices
GB202015065D0 (en) IP data packet wireless sending platform and method
SG11202109241SA (en) System and method for managing network traffic
EP3796621A4 (en) METHOD AND DEVICE FOR DETERMINING PACKAGE PRIORITY, METHOD AND DEVICE FOR SENDING PACKAGE PRIORITIES AND ROUTING SYSTEM
EP3767882C0 (en) NETWORK TRAFFIC MONITORING DEVICE
IL256192B (en) A mobile system and method for analyzing network traffic