WO2005074215A1 - 不正情報検知システム及び不正攻撃元探索システム - Google Patents
不正情報検知システム及び不正攻撃元探索システム Download PDFInfo
- Publication number
- WO2005074215A1 WO2005074215A1 PCT/JP2005/001524 JP2005001524W WO2005074215A1 WO 2005074215 A1 WO2005074215 A1 WO 2005074215A1 JP 2005001524 W JP2005001524 W JP 2005001524W WO 2005074215 A1 WO2005074215 A1 WO 2005074215A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- field
- information
- unauthorized
- attack
- values
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/146—Tracing the source of attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/28—Timers or timing mechanisms used in protocols
Definitions
- the present invention relates to a fraudulent information detection system and a fraudulent attack source search system for determining whether information transmitted through an Internet line is proper information or (D) fraudulent information such as DoS. Things.
- Patent Document 1 JP-A-2003-318987
- Patent Document 2 Japanese Patent Application Laid-Open No. 2003-234784
- DoS attack is an attack method in which a very large number of packets exceeding the processing capabilities of the target device and the network are sent to disable the target service.
- the source address (source address) included in the header part of each packet is managed, and the communication from the address that sent such a (D) DoS attack is not received again, and the source Some services have added a prevention function such as sending back a packet indicating the end of communication.
- Patent Document 1 for an unspecified number of e-mails, an e-mail for each account in which a To address (a destination address) included in the header part of the data format of the e-mail is preset.
- the header is defined as the content rewriting definition, and the received e-mail is rewritten and retransmitted (forwarded) to the rewritten e-mail address to distribute the load on the specified mail server.
- Patent Document 2 it is determined whether an e-mail sent at the same time includes a large number of unknown addresses in the From address. Returns the sent mail to the From address of the large amount of sent e-mails, and receives only the returned e-mails as proper e-mails.
- the present invention provides a fraudulent attack detection and tracking system capable of easily determining whether there is a fraudulent attack such as (D) DoS attack, in order to solve the above problem.
- the porpose is to do.
- the invention according to claim 1 monitors the number of values of a certain field in a header of a packet transmitted through the Internet line, and determines that the number of values of the field is a predetermined number within a predetermined time, or This is a fraudulent information detection system characterized by determining that a fraudulent attack has been performed when a predetermined rate is reached.
- Arbitrary values can be determined, for example, by determining that there is a fraudulent attack when the number nt2 at another time is k times or more (k is, for example, 2 or more) compared to the number ntl at a certain time. Is also good. In addition, even if the number of field values decreases, In some cases, it is determined that there is a strike.
- the invention according to claim 2 is the unauthorized information detection system according to claim 1, wherein the number of packets having the certain field value is monitored.
- the number of packets pm may be monitored together with the number fn of the values of the field, and the determination may be made based on the ratio.
- ratio (fnZpm) tl at a certain point of time exceeds a certain arbitrarily determined value, it may be set that there is a fraudulent attack. If the ratio of (fn / pm) tl to (fnZpm) t2 exceeds a certain value, it may be determined that the attack is unauthorized.
- An invention according to claim 3 is the fraudulent information detection system according to claim 1 or 2, wherein the value of the field is configured by a combination of a plurality of fields.
- a field value is configured by a combination of a "source address” and a "destination address” as the field value.
- the invention according to claim 4 is characterized in that the number of hops of a packet corresponding to a specific field or a combination of fields changes when the number of hops of the information on the Internet line becomes a predetermined value.
- the fraudulent information detection system according to any one of claims 13 to 13, wherein the information is recognized as fraudulent information in such a case.
- the number of hops of a packet corresponding to a specific field or a combination of fields changes when the number of hops of the information on the Internet line becomes a predetermined value.
- This is a fraudulent information detection system characterized in that the relevant information is identified as fraudulent information.
- the invention monitors the number of values of a certain field in a header of a packet transmitted through the Internet line, and determines that the number of values of the field is a predetermined number within a predetermined time, or If the rate reaches a predetermined rate, it is determined that an unauthorized attack has been performed, and an unauthorized source is searched for by monitoring the number of values in the above fields at a plurality of locations on the Internet.
- This is an unauthorized attack source search system characterized in that:
- the synchronization is substantially synchronized. If the number of source addresses reaches the specified number or the specified rate, the large amount of e-mail is determined to be (D) DoS attack e-mail, so that reception permission setting or If you set the rejection setting, you will be able to recognize and track that a (D) DoS attack has been sent without the need for detailed settings.
- FIG. 1 is a conceptual diagram of a (D) DoS attack detection and tracking system of the present invention.
- FIG. 2 (A) is an explanatory diagram of the packet data format, (B) is a graph showing an example of traffic in time series, and (C) is a graph showing an example of the number of packet addresses in time series. Is
- FIG. 3 is a conceptual diagram showing a packet search.
- FIG. 4 is a conceptual diagram showing an Internet system.
- a DoS attack is an attack method in which a very large number of packets exceeding the processing capacity are sent to an attack target device, thereby disabling the target service.
- This DoS attack has the following characteristics.
- the source address which is one of the field values in the header, is forged.
- the source address of a DoS attack is randomly selected so as to prevent the DoS attack from being blocked by filtering packets that are addresses.
- DoS Since a very large number of packets are transmitted, DoS is detected by the following method.
- the first method is a method of counting the number of attack packets or illegal packets. Determining what packets are malformed is difficult. This is because each packet used in a DoS attack is a normal packet.
- the second method is a method of counting all detected packets (including attack packets).
- Network traffic changes dynamically from moment to moment. Therefore, it cannot be pointed out that the phenomenon is due to DoS attacks simply because the amount of network traffic has increased. If the traffic volume is already saturated, the traffic volume does not increase even if a DoS attack is performed.
- the DoS attack detection method is a method of counting the source addresses of traffic. If the attacker had chosen a random source address, the number of source addresses observed would have increased. In a certain time interval, it is normal that a packet having such a source address is observed plurally for one source address. However, during an attack, one attack packet is generally not observed for one (forged) source address. In this way, a DoS attack can be detected.
- Count packets at time intervals For example, as shown in FIG. 3, a means for observing a packet is provided on a path between a network (Netl) and an attack target (T target), and a packet may be observed there.
- Such means include, for example, a sniffer and a passive type.
- Devices such as sniffers and passive probes can observe all packets, and those devices can count the following values.
- a method for checking a change in the number of addresses observed on a route is used.
- the following patterns are observed, which are estimated to be similar phenomena at all transit points.
- the number of individual values of these fields may be detected. Further, the number of cases may be detected by using any combination of two or more of these individual field values as the field value.
- a category is a property that allows a packet defined by one or more header areas to be classified.
- Protocol area power All packets that are STCP
- Total category For convenience, a category called “Total category” is defined. All packets belong to this category.
- C-Transform Such a method of creating the distribution of the number of packets and the distribution of the number of categories is called a category transformation "C-Transform".
- the maximum number of categories that can be taken by a category created by the sum of several header areas depends on the combined width of the areas. For example, in the case of a spatula that is created with a 4-bit area, the maximum number of categories is 16 (2 to the fourth power).
- category conversion from an area that can take a very large value such as a source address and a destination address having a width of 32 bits (4294967296) provides particularly interesting statistics. become.
- the information on the Internet line when the number of categories of the information on the Internet line reaches a predetermined value, the information is determined to be illegal information. It also improves the efficiency of detection and tracking by effectively utilizing the number of hops.
- the number of categories, the number of packets, and the traffic are defined as follows. l ... i are values arranged in time series.
- T is the threshold
- T is a fixed value or a value for which traffic data power is also calculated
- ⁇ F X movingAverageO! Statistic, in a, b, c above)
- F is a fixed or traffic data power calculated value
- A is a constant
- FIG. 1 is a diagram showing a (D) DoS attack detection and tracking system of the present invention.
- 1 is the Internet line
- 2 is the source computer connected to the Internet line
- 3 is the receiving computer connected to the Internet line
- 4 is the Internet line 1 and the receiving side.
- a communication monitoring device connected to the computer 3.
- the communication monitoring device 4 may use the server as the communication monitoring device 4.
- reception means reception of communication to the port allocated by the server, and does not include reception for determination. If the receiving computer 3 is a mail server owned by the provider, the mail receiving terminal is connected through another Internet line.
- Power S will be connected.
- a packet transmitted from the transmitting computer 2 corresponds to a source address in a header section 11 of a packet data format 10 of a packet constituting the communication, as shown in FIG. 2 (A).
- Source address 12 and destination address (receiver address) corresponds to Source address 12 and destination address (receiver address)
- the communication monitoring device 4 monitors the number of transmitted values or the number of packets and the number of source addresses 12.
- the number of values transmitted from the transmission source computer 2 to the reception side computer 3 is one, for example, the value of another transmission side computer (not shown). Even if another communication is transmitted to the receiving computer 3 approximately at the same time, the number of the values and the source address 12 increase in a one-to-one proportion.
- the mail monitoring device 4 determines that a larger number of packets than the normal communication amount have been transmitted, as indicated by the peak P1 in FIG. 2 (B).
- the packet is formally received. If the number of categories is within a predetermined number (for example, less than 10), reception of the category may be permitted.
- the communication monitoring device 4 determines that the communication amount (or the number of packets) becomes larger than that in normal communication transmission / reception.
- the Source address 12 of each packet increases at about the same time.
- the reception is rejected.
- a predetermined number for example, 90
- a predetermined rate for example, 90% of the number of packets
- the setting of the predetermined number of communications (or the number of packets) and the predetermined number of Source addresses transmitted within a certain period of time corresponding to the simultaneous simultaneous transmission depends on the processing capacity of the server and the network. It can be set according to the capacity of the receiving computer 3 or the type of business of the owner of the receiving computer 3.
- a predetermined value (number of cases, etc.) should be set in consideration of the average number of receptions.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/588,188 US8020205B2 (en) | 2004-02-02 | 2005-02-02 | Unauthorized information detection system and unauthorized attack source search system |
Applications Claiming Priority (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2004025015 | 2004-02-02 | ||
JP2004-025015 | 2004-02-02 | ||
JP2004-267519 | 2004-09-14 | ||
JP2004267519 | 2004-09-14 | ||
JP2004307953A JP4484663B2 (ja) | 2004-02-02 | 2004-10-22 | 不正情報検知システム及び不正攻撃元探索システム |
JP2004-307953 | 2004-10-22 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2005074215A1 true WO2005074215A1 (ja) | 2005-08-11 |
Family
ID=34830975
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2005/001524 WO2005074215A1 (ja) | 2004-02-02 | 2005-02-02 | 不正情報検知システム及び不正攻撃元探索システム |
Country Status (3)
Country | Link |
---|---|
US (1) | US8020205B2 (ja) |
JP (1) | JP4484663B2 (ja) |
WO (1) | WO2005074215A1 (ja) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2007081023A1 (ja) * | 2006-01-16 | 2007-07-19 | Cyber Solutions Inc. | トラヒック分析診断装置及びトラヒック分析診断システム並びにトラヒック追跡システム |
JP2008136012A (ja) * | 2006-11-29 | 2008-06-12 | Alaxala Networks Corp | トラヒック分析装置および分析方法 |
JP2009044665A (ja) * | 2007-08-10 | 2009-02-26 | Fujitsu Ltd | 通信装置を制御するプログラム及び通信装置 |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005227824A (ja) * | 2004-02-10 | 2005-08-25 | Matsushita Electric Works Ltd | 機器監視制御装置及び機器監視制御方法 |
JP4557815B2 (ja) * | 2005-06-13 | 2010-10-06 | 富士通株式会社 | 中継装置および中継システム |
US7624447B1 (en) * | 2005-09-08 | 2009-11-24 | Cisco Technology, Inc. | Using threshold lists for worm detection |
US7738377B1 (en) * | 2006-05-22 | 2010-06-15 | At&T Intellectual Property Ii, L.P. | Method and apparatus for volumetric thresholding and alarming on internet protocol traffic |
JP4764810B2 (ja) * | 2006-12-14 | 2011-09-07 | 富士通株式会社 | 異常トラヒック監視装置、エントリ管理装置およびネットワークシステム |
CN101803305B (zh) * | 2007-09-28 | 2014-06-11 | 日本电信电话株式会社 | 网络监视装置、网络监视方法 |
JP4909875B2 (ja) * | 2007-11-27 | 2012-04-04 | アラクサラネットワークス株式会社 | パケット中継装置 |
CN101686235B (zh) * | 2008-09-26 | 2013-04-24 | 北京神州绿盟信息安全科技股份有限公司 | 网络异常流量分析设备和方法 |
US20100208631A1 (en) * | 2009-02-17 | 2010-08-19 | The Regents Of The University Of California | Inaudible methods, apparatus and systems for jointly transmitting and processing, analog-digital information |
JP5648639B2 (ja) | 2009-09-10 | 2015-01-07 | 日本電気株式会社 | 中継制御装置、中継制御システム、中継制御方法及び中継制御プログラム |
JP5668034B2 (ja) | 2012-09-04 | 2015-02-12 | ビッグローブ株式会社 | 電子メール監視装置、送信メールサーバ、電子メール監視方法およびプログラム |
US9386030B2 (en) * | 2012-09-18 | 2016-07-05 | Vencore Labs, Inc. | System and method for correlating historical attacks with diverse indicators to generate indicator profiles for detecting and predicting future network attacks |
US9338098B2 (en) * | 2012-12-13 | 2016-05-10 | Cellco Partnership | Dynamic flow management at a firewall based on error messages |
US9591022B2 (en) | 2014-12-17 | 2017-03-07 | The Boeing Company | Computer defenses and counterattacks |
RU2704741C2 (ru) * | 2018-03-16 | 2019-10-30 | Федеральное государственное автономное образовательное учреждение дополнительного профессионального образования "Центр реализации государственной образовательной политики и информационных технологий" | СПОСОБ ЗАЩИТЫ ОТ DDoS-АТАК НА ОСНОВЕ КЛАССИФИКАЦИИ ТРАФИКА |
US20230100792A1 (en) * | 2021-09-24 | 2023-03-30 | Qualcomm Incorporated | Techniques for misbehavior detection in wireless communications systems |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001088731A1 (en) * | 2000-05-12 | 2001-11-22 | Niksun, Inc. | Security camera for a network |
JP2002252654A (ja) * | 2001-02-23 | 2002-09-06 | Mitsubishi Electric Corp | 侵入検出装置およびシステムならびにルータ |
JP2003283571A (ja) * | 2002-03-20 | 2003-10-03 | Nippon Telegr & Teleph Corp <Ntt> | サービス不能攻撃の防御方法および装置ならびにそのコンピュータプログラム |
JP2004140524A (ja) * | 2002-10-16 | 2004-05-13 | Sony Corp | DoS攻撃検知方法、DoS攻撃検知装置及びプログラム |
JP2005086452A (ja) * | 2003-09-08 | 2005-03-31 | Matsushita Electric Ind Co Ltd | ネットワーク機器の接続制御方法及び接続制御プログラム |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002124996A (ja) | 2000-10-13 | 2002-04-26 | Yoshimi Baba | 高速パケット取得エンジン・セキュリティ |
JP3584877B2 (ja) | 2000-12-05 | 2004-11-04 | 日本電気株式会社 | パケット転送制御装置、パケット転送制御方法およびパケット転送制御システム |
US20040085906A1 (en) | 2001-04-27 | 2004-05-06 | Hisamichi Ohtani | Packet tracing system |
US7448084B1 (en) * | 2002-01-25 | 2008-11-04 | The Trustees Of Columbia University In The City Of New York | System and methods for detecting intrusions in a computer system by monitoring operating system registry accesses |
JP3892322B2 (ja) | 2002-03-04 | 2007-03-14 | 三菱電機株式会社 | 不正アクセス経路解析システム及び不正アクセス経路解析方法 |
US7313092B2 (en) * | 2002-09-30 | 2007-12-25 | Lucent Technologies Inc. | Apparatus and method for an overload control procedure against denial of service attack |
US7681235B2 (en) * | 2003-05-19 | 2010-03-16 | Radware Ltd. | Dynamic network protection |
US7526807B2 (en) * | 2003-11-26 | 2009-04-28 | Alcatel-Lucent Usa Inc. | Distributed architecture for statistical overload control against distributed denial of service attacks |
US7478429B2 (en) * | 2004-10-01 | 2009-01-13 | Prolexic Technologies, Inc. | Network overload detection and mitigation system and method |
-
2004
- 2004-10-22 JP JP2004307953A patent/JP4484663B2/ja active Active
-
2005
- 2005-02-02 WO PCT/JP2005/001524 patent/WO2005074215A1/ja active Application Filing
- 2005-02-02 US US10/588,188 patent/US8020205B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001088731A1 (en) * | 2000-05-12 | 2001-11-22 | Niksun, Inc. | Security camera for a network |
JP2002252654A (ja) * | 2001-02-23 | 2002-09-06 | Mitsubishi Electric Corp | 侵入検出装置およびシステムならびにルータ |
JP2003283571A (ja) * | 2002-03-20 | 2003-10-03 | Nippon Telegr & Teleph Corp <Ntt> | サービス不能攻撃の防御方法および装置ならびにそのコンピュータプログラム |
JP2004140524A (ja) * | 2002-10-16 | 2004-05-13 | Sony Corp | DoS攻撃検知方法、DoS攻撃検知装置及びプログラム |
JP2005086452A (ja) * | 2003-09-08 | 2005-03-31 | Matsushita Electric Ind Co Ltd | ネットワーク機器の接続制御方法及び接続制御プログラム |
Non-Patent Citations (3)
Title |
---|
OIKAWA T. ET AL: "Network anomaly Detection using Statistical clustering Method", TECHICAL REPORT OF IEICE IN 2002-87, 24 September 2002 (2002-09-24), pages 83 - 88, XP002998228 * |
PENG T. ET AL: "Protection form Distributed Denial of Service Attacks Using History-based IP Filtering", ICC'03, vol. 1, 11 May 2003 (2003-05-11) - 15 May 2003 (2003-05-15), pages 482 - 486, XP010642796 * |
TAKEI Y. ET AL: "A Intrusion Detection and Trace using the Traffic Pattern", TECHNICAL REPORT OF IEICE IN99-75, 18 November 1999 (1999-11-18), pages 37 - 42, XP002952666 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2007081023A1 (ja) * | 2006-01-16 | 2007-07-19 | Cyber Solutions Inc. | トラヒック分析診断装置及びトラヒック分析診断システム並びにトラヒック追跡システム |
JP5015014B2 (ja) * | 2006-01-16 | 2012-08-29 | 株式会社サイバー・ソリューションズ | トラヒック分析診断装置及びトラヒック分析診断システム並びにトラヒック追跡システム |
US8689326B2 (en) | 2006-01-16 | 2014-04-01 | Cyber Solutions Inc. | Device for analyzing and diagnosing network traffic, a system for analyzing and diagnosing network traffic, and a system for tracing network traffic |
JP2008136012A (ja) * | 2006-11-29 | 2008-06-12 | Alaxala Networks Corp | トラヒック分析装置および分析方法 |
JP4734223B2 (ja) * | 2006-11-29 | 2011-07-27 | アラクサラネットワークス株式会社 | トラヒック分析装置および分析方法 |
JP2009044665A (ja) * | 2007-08-10 | 2009-02-26 | Fujitsu Ltd | 通信装置を制御するプログラム及び通信装置 |
Also Published As
Publication number | Publication date |
---|---|
JP4484663B2 (ja) | 2010-06-16 |
JP2006115432A (ja) | 2006-04-27 |
US8020205B2 (en) | 2011-09-13 |
US20080016562A1 (en) | 2008-01-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2005074215A1 (ja) | 不正情報検知システム及び不正攻撃元探索システム | |
US8201252B2 (en) | Methods and devices for providing distributed, adaptive IP filtering against distributed denial of service attacks | |
Ganesh Kumar et al. | Improved network traffic by attacking denial of service to protect resource using Z-test based 4-tier geomark traceback (Z4TGT) | |
Pham et al. | Detecting colluding blackhole and greyhole attacks in delay tolerant networks | |
US7921462B2 (en) | Identifying a distributed denial of service (DDOS) attack within a network and defending against such an attack | |
US7331060B1 (en) | Dynamic DoS flooding protection | |
EP1393194B1 (en) | Weighted fair queuing-based methods and apparatus for protecting against overload conditions on nodes of a distributed network | |
JP2006115432A5 (ja) | ||
JP5015014B2 (ja) | トラヒック分析診断装置及びトラヒック分析診断システム並びにトラヒック追跡システム | |
US20060130147A1 (en) | Method and system for detecting and stopping illegitimate communication attempts on the internet | |
KR20130014226A (ko) | 공격 트래픽 형태별 특성에 따른 dns 플러딩 공격 탐지 방법 | |
WO2008148106A1 (en) | Proactive test-based differentiation method and system to mitigate low rate dos attacks | |
Mansfield et al. | Towards trapping wily intruders in the large | |
CN109951459A (zh) | 一种基于局域网的arp欺骗攻击检测方法 | |
Thamilarasu et al. | A cross-layer approach to detect jamming attacks in wireless ad hoc networks | |
Chang et al. | P2P botnet detection using behavior clustering & statistical tests | |
CN102026199B (zh) | 一种WiMAX系统及其防御DDoS攻击的装置和方法 | |
Liu et al. | TrustGuard: A flow-level reputation-based DDoS defense system | |
Song et al. | Flow-based statistical aggregation schemes for network anomaly detection | |
JP2004140524A (ja) | DoS攻撃検知方法、DoS攻撃検知装置及びプログラム | |
Farooq et al. | Systematic analysis of DoS attacks in wireless sensor networks with wormhole injection | |
JP4914468B2 (ja) | 不正情報検知システム及び不正攻撃元探索システム | |
Xiang et al. | A defense system against DDOS attacks by large-scale IP traceback | |
Al-Duwairi et al. | Distributed packet pairing for reflector based DDoS attack mitigation | |
Kuriakose et al. | Effective defending against flood attack using stream-check method in tolerant network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DPEN | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101) | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1024/MUMNP/2006 Country of ref document: IN |
|
122 | Ep: pct application non-entry in european phase | ||
WWE | Wipo information: entry into national phase |
Ref document number: 10588188 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 10588188 Country of ref document: US |