WO2015194885A1 - 클라이언트 경로 제어 시스템을 활용한 장애유발 클라이언트 검출 방법 및 시스템 - Google Patents
클라이언트 경로 제어 시스템을 활용한 장애유발 클라이언트 검출 방법 및 시스템 Download PDFInfo
- Publication number
- WO2015194885A1 WO2015194885A1 PCT/KR2015/006194 KR2015006194W WO2015194885A1 WO 2015194885 A1 WO2015194885 A1 WO 2015194885A1 KR 2015006194 W KR2015006194 W KR 2015006194W WO 2015194885 A1 WO2015194885 A1 WO 2015194885A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- client
- edge server
- server
- failure
- user information
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
- H04L43/0817—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0823—Errors, e.g. transmission errors
- H04L43/0847—Transmission error
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/22—Arrangements for preventing the taking of data from a data transmission channel without authorisation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
- H04L41/065—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis involving logical or physical relationship, e.g. grouping and hierarchies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0866—Checking the configuration
- H04L41/0873—Checking configuration conflicts between network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/142—Denial of service attacks against network infrastructure
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
Definitions
- the present invention relates to client detection causing network failures, and more particularly, to a method and system for detecting failure-induced clients using a client path control system.
- Detection of a faulty client using the client route control system can be performed by using multiple Edge Servers, Client Route Control Servers, and Domain Name Servers. By specifying an edge server to which the client connects, it controls client routes to detect and identify DDoS attacks.
- DDoS attacks are divided into two types.
- the server In the first form, there is a workload that the server can't handle and paralyzes the server. When such an attack occurs, the server can't handle other tasks because of the overload, causing the server to become paralyzed.
- the second form is a method of flooding traffic on a network circuit and thus avoiding the circuit itself.
- Such an attack has no problem with the server itself, but a situation in which the line connected to the server itself is not available, the server and the client cannot communicate. In other words, even if the server does not have a problem, the network itself causes a problem, so the service maintenance is difficult.
- DDoS security technologies have emerged for this situation, they are not a fundamental solution.
- Honeynet is one of the most widely used DDoS defense technologies.
- Honeynet refers to a network composed of a number of honey pots.
- honeypot refers to a virtual network implemented to grasp various attacks from outside and identify hacking tendencies.
- honeypot is a technology that induces hacking by deliberately exposing the virtual service with the component of service to DDoS attack indicator. This technology is in the spotlight because it can detect hackers without affecting the server used for the actual service.
- the honeypot constituting the honeynet.
- the DDoS attack indicator identifies the honeypot
- the DDoS attack indicator avoids the honeypot and attacks again. In other words, once used honeypot is difficult to use again.
- the attacker needs to stay until the honeypot leaves sufficient evidence. This means that it is difficult to respond quickly to DDoS attacks.
- the biggest drawback of the honeypot is that the honeypot itself becomes useless when an attack that generates more traffic than the allowable amount occurs in the network circuit among the above-described DDoS attacks.
- Null routing is a technique that eliminates packet drops by forwarding packets destined for a specific destination to a virtual interface called Null 0. This technology has the advantage of preventing DDoS packets to the server without overloading the network equipment, but has the disadvantage of providing IP-based filtering only and filtering by service port or content is impossible.
- the problem to be solved by the present invention is a client route control server (Client Route Control Server) by using a plurality of (edge stage) edge server (Edge Server) is combined using a combination of several routes each client has only one unique route
- the present invention provides a method for detecting a faulty client using a client path control server, which detects and detects a client causing a network failure by providing the network to the client.
- the problem to be solved by the present invention is a client route control server (Client Route Control Server) by using a plurality of (edge stage) edge server (Edge Server) is combined using a combination of several routes each client has only one unique route It provides a system for detecting a faulty client using a client path control server that detects and identifies a client that causes a network failure by providing a network to the client.
- Client Route Control Server Client Route Control Server
- Edge stage edge server Edge Server
- a failure-prone client detection method using a client path control system comprising the steps of forming an edge server IP allocation matrix; Checking for failure of the edge server; And allocating an edge server IP according to the edge server IP allocation matrix when a failure of the edge server occurs. And detecting a client IP or user information having no edge server IP to be allocated according to the edge server IP allocation matrix as the faulty client.
- the edge server IP allocation matrix may be differently assigned with an edge server IP for each client IP or user information, and the edge server IP allocation may include at least two stages of edge server IP for each client IP or user information.
- the failure check can be made when a DNS query is received from the client. In addition, the failure check may be performed regardless of a DNS query from a client.
- the client IP or user information using the failed edge server is retrieved and assigned to the retrieved client IP or user information.
- the retrieved edge server IP to the retrieved client.
- the clients may include an agent that transmits the DNS query to reconnect with another edge server assigned according to the edge server IP allocation matrix when the edge server fails.
- the agent may request a DNS query including user information.
- the user information that can be included in the DNS query includes information that can identify a user or information that can identify a device, at least a login ID, device ID (MAC, CPU ID, HDD Serial, etc), telephone number, Contains one or more of the IP addresses.
- the user information is extracted from the DNS query of the client, the extracted according to the edge server IP allocation matrix
- An edge server IP corresponding to user information may be assigned to the client.
- the edge server used in the failure-prone client detection method using the client path control system according to the present invention may include at least one of a program, a server, and a hardware device that connects a client and a server and has a service relay function or a service function. Can be.
- a failure detection client detection system utilizing a client path control system includes a failure check unit for checking a failure of an edge server; An edge server allocator including an edge server IP allocation matrix and allocating edge server IP according to the edge server IP allocation matrix when a failure of the edge server occurs; A DNS response unit providing an edge server IP allocated for each client IP or user information in response to a DNS query requested by the client; And a faulty client detection unit for detecting a client IP or user information having no edge server IP to be allocated according to the edge server IP assignment matrix as the faulty client.
- the edge server IP allocation matrix is differently assigned with an edge server IP for each client IP or user information, and the edge server IP allocation is composed of at least two stages of edge server IP for each client IP or user information.
- the failure check unit checks whether the allocated edge server has a failure when the edge server is allocated by the edge server allocator in response to a DNS query, and the DNS response unit checks whether the allocated edge server has no failure.
- the failure check unit may monitor the failure of the edge server irrespective of the DNS query, the failure-prone client detection unit when the failure of the edge server, the client IP or user using the failed edge server It may include a client search unit for searching for information.
- the edge server allocator allocates an edge server IP corresponding to the retrieved client IP or user information according to the edge server IP allocation matrix, and the DNS responder requests a DNS query from a client corresponding to the retrieved client IP or user information. If so, the searched client IP or the edge server IP assigned to user information may be provided to the searched client through DNS.
- the failure check unit monitors a failure of the edge server regardless of a DNS query, and when a failure of the edge server occurs, the failure detection unit detects a client IP or user information using the failed edge server.
- a client search unit wherein the edge server allocator allocates an edge server IP corresponding to the searched client IP or user information according to the edge server IP allocation matrix, and the DNS response unit is irrespective of the DNS query.
- the retrieved client may be provided with an edge server IP assigned to IP or user information.
- the client may include an agent for transmitting the DNS query to reconnect with another edge server allocated according to the edge server IP allocation matrix when the edge server fails.
- the agent may request a DNS query including user information.
- the edge server allocator may include a user information extractor for extracting user information from a DNS query of the client when receiving the DNS query from the agent of the client.
- the user information that can be included in the DNS query includes information that can identify a user or information that can identify a device, at least a login ID, device ID (MAC, CPU ID, HDD Serial, etc), telephone number, Contains one or more of the IP addresses.
- the edge server connects a client and a server and may include at least one of a program, a server, and hardware equipment having a service relay function or a service function.
- the present invention provides a recording medium readable by a processor that records a program executed by the processor.
- the continuity of services provided to the client is guaranteed. That is, the client can use at least two paths, so that even if some paths fail, network communication can be maintained.
- the DDoS attack indicator IP can be easily identified and the DDoS attack can be blocked.
- the edge server used for each client is specified, so if an edge server fails, only the client that caused the failure can be found immediately. This blocks only the client that caused the failure and does not affect users who are normally using the service. It also reduces time spent analyzing logs for DDoS discovery, which reduces time loss.
- the path is specified based on the client information, it is universal.
- the present invention designates a route based on the client information, whatever method the client uses, it is necessarily applied to the routing system and uses the appropriate route. This is quite general compared to ACL or null routing techniques that only filter by IP or port.
- the present invention it is possible to defend against various types of DDoS attacks.
- a client cannot directly connect with the server. This means that it is impossible for the DDoS attack indicator to directly interfere with the server, so it is impossible to directly execute the DDoS attack on the server.
- the number of DDoS attack indicators found in one instance with fewer edge servers significantly reduces the cost of maintaining security and drastically reduces the manpower and time lost in the equipment and management required.
- FIG. 1 is a block diagram showing an example of the configuration of the entire system to which the present invention is applied.
- FIG. 2 is a block diagram illustrating a comprehensive configuration of a failure detection client detection system using a client path control server according to the present invention.
- FIG. 3 is a block diagram illustrating a configuration of a first embodiment of a system for detecting a failure client using a client path control server according to the present invention.
- FIG. 4 is a block diagram illustrating a configuration of a second embodiment of a system for detecting a failure client using a client path control server according to the present invention.
- FIG. 5 is a block diagram illustrating a configuration of a third embodiment of a system for detecting a failure client using a client path control server according to the present invention.
- FIG. 6 is a flowchart illustrating a failure client detection method in a failure detection client detection system using a client path control server according to the present invention shown in FIG. 2.
- FIG. 7 is a flowchart illustrating a failure client detection method in a first embodiment of a failure detection client detection system using a client path control server according to the present invention shown in FIG.
- FIG. 8 is a flowchart illustrating a failure client detection method in a second embodiment of a failure detection client detection system using a client path control server according to the present invention shown in FIG.
- FIG. 9 is a flowchart illustrating a failure client detection method in a third embodiment of a failure detection client detection system using a client path control server according to the present invention shown in FIG.
- FIG. 10 illustrates an example of a method for identifying a DDoS attack indicator IP using a client path control server, for example, a client path control server according to the present invention.
- FIG. 11 shows a unique path when Client 3 is a DDoS attack instructor, and Edge Server 1 'is designated in Step 1 and Edge Server 3' in Step 1.
- FIG. 11 shows a unique path when Client 3 is a DDoS attack instructor, and Edge Server 1 'is designated in Step 1 and Edge Server 3' in Step 1.
- FIG 14 shows the overall flow of the edge server assigned to the client.
- the present invention includes a plurality of clients 100, DNS server 110, client path control server 120, service relay network 130, service server 140.
- the service relay network 130 includes an edge server and a gateway, a router, a switch, a hub, and the like, which include a server or hardware equipment having a service relay function or a service relay function. It can be made of network equipment.
- a network may include various servers such as a web server, a DNS, and network equipment such as a gateway, a router, a switch, a hub, and the like.
- the server is mainly responsible for receiving the client's request and resolving the request
- the network equipment is responsible for delivering the packet for the client to send and receive.
- These devices deliver the packet received from the client to the server without any loss in the fast route, and the server processes the client's request quickly and delivers it to the client.
- these devices are vulnerable due to their lack of ability to cope with problems with equipment or circuits.
- the edge server used in the present invention may be implemented as a server and hardware equipment having a service relay function or a service function such as a proxy server, a cache server, etc. for the purpose of realizing the present invention.
- the edge server may be a program having a service relay function or a service function, used as a service path to which the client accesses, and may serve as a service server to which the client accesses.
- the present invention provides an edge server 132, 134, 136, 138, a client route control server (hereinafter referred to as CRCS 120) managing the same, a route generated by combining a plurality of routes and features of DNS. It is done using
- the client 100 connects to the service server 140 to receive a service. At this time, the client 100 receives an IP of the service server 140 through the DNS server 110. To this end, the client 100 transmits a DNS query to the DNS server 110.
- the DNS server 110 receives a DNS query from the clients 102 and 104 and transmits a DNS query to the client path control server 120 when the IP of the corresponding service server is not stored.
- the client path control server 120 receives the client's DNS query from the DNS server 110 and allocates the IP of the edge server belonging to the service relay network 130 and assigns the IP of the allocated edge server to the client through the DNS server 110. Send to.
- the client path control server (CRCS) 120 checks the state of the edge server and manages data of the client and the edge server. It then forwards the Edge Server IP to the client.
- the CRCS can receive DNS requests, check the status of the edge server, specify the domain name and IP of the edge server corresponding to the client IP or client IP, save the specified information, and send DNS responses. have.
- the client requesting the DNS query receives the IP information of the edge server, accesses the edge server, and receives the service from the service server 140.
- the client 100 requests a DNS query to the DNS server 110 to determine the address of the server. If there is no domain name requested by the client in its server, the DNS server 110 searches for an IP corresponding to the domain name by requesting the upper DNS server.
- the DNS server may be a general DNS device that receives a domain name requested by a client and responds with an IP corresponding to the domain name, and may also include corresponding concepts and techniques.
- the DNS server sends the client the IP corresponding to the domain name.
- the DNS query comes to the CRCS 120 having the domain name and client IP requested by the client.
- the CRCS 120 prepares the IP of the edge server used for the unique path for each IP of the client according to the path control algorithm.
- FIG. 2 is a block diagram illustrating a comprehensive configuration of a failure detection client detection system using a client path control server according to the present invention.
- an example of a failure-prone client detection system 20 using the client path control server according to the present invention is an edge server allocator 210, DNS response unit 215, failure occurrence check unit 230 ), The failure-prone client detection unit 220 is included.
- the failure check unit 230 checks whether a failure occurs in the edge server 240.
- the edge server allocator 210 includes an edge server IP allocation matrix 212. If a failure occurs in the edge server 240, the edge server allocator 210 refers to the edge server IP allocation matrix 212 to a client using the failed edge server. Allocate edge server IP.
- the edge server IP allocation matrix 212 is differently assigned with an edge server IP for each client's IP or user information, and the edge server IP allocation may include at least two stages of edge server IP for each client IP or user information. have.
- the DNS response unit 215 provides an edge server IP allocated for each client IP or user information in response to the DNS query requested by the client.
- the failure detection client detection unit 220 attempts to allocate the edge server IP to the client using the failed edge server due to the failure of the edge server with reference to the edge server IP allocation matrix 212, the edge server IP to be allocated is determined. Missing client IP or user information is detected as a faulty client.
- the edge server may be implemented as a program, a server, or hardware equipment having a service relay function or a service function such as a proxy server, a cache server, and the like.
- the edge server is used as a service path to which the client accesses, and may play a role of a service server to which the client accesses.
- the service relay network 240 is a network such as an edge server, a gateway, a router, a switch, a hub, or the like, which includes the concept of a server or a device having a service relay function or a service function. It can be made with equipment.
- the agent 262 mounted on the client 260 may request a query to the DNS to reconnect the edge server and the clients connected to the failed edge server.
- FIG. 6 is a flowchart illustrating a failure client detection method in a failure detection client detection system using a client path control server according to the present invention shown in FIG. 2.
- an edge server IP allocation matrix 212 is first formed (step S600).
- the edge server IP allocation matrix 212 is differently assigned with an edge server IP for each client IP or user information.
- the edge server IP allocation may include at least two stages of the edge server IP for each client IP or user information.
- the failure check unit 230 checks whether a failure occurs in the edge server (step S610).
- the edge server IP is allocated to the client using the failed edge server with reference to the edge server IP allocation matrix 210 (step S620).
- the faulty client detection unit 22 detects a client IP or user information having no edge server IP to be allocated as the faulty client by referring to the edge server IP assignment matrix 212 (step S630).
- a first embodiment of a failure-prone client detection system 30 using a client path control server according to the present invention includes a query receiver 310, an edge server allocator 320, and a failure-prone client detection unit ( 330, the failure check unit 340, and the DNS response unit 350.
- the query receiver 310 receives the DNS query when the DNS server 305 that receives the DNS query from the client transmits the DNS query. At this time, if there is user information in the DNS query, the user information extracting unit 312 extracts user information included in the DNS query.
- the edge server allocator 320 includes an edge server IP allocation matrix 322 and allocates an edge server IP to a client requesting the DNS query by referring to the edge server IP allocation matrix 322.
- the edge server IP allocation matrix 322 is differently assigned with an edge server IP for each client's IP or user information, and the edge server IP allocation is performed for at least two stages of the edge server IP for each client IP or user information. Can be done.
- the failure check unit 230 determines whether the allocated edge server has failed.
- the DNS response unit 350 provides an edge server IP allocated for each client IP or user information in response to the DNS query.
- the failure detection client detection unit 330 attempts to allocate the edge server IP to the client using the failed edge server as a result of the failure check on the edge server, and referring to the edge server IP allocation matrix 322. When a client IP or user information without an edge server IP to be allocated is detected as a faulty client.
- the edge server may be implemented as a program, a server, or hardware equipment having a service relay function or a service function such as a proxy server, a cache server, and the like.
- the edge server is used as a service path to which the client accesses, and may play a role of a service server to which the client accesses.
- the service relay network 360 is a network of edge servers and gateways, routers, switches, hubs, and the like, which includes the concept of a server or a device having a service relay function or a service function. It can be made with equipment.
- the agent 382 mounted on the client 380 may request a query to the DNS to reconnect the edge server and the clients connected to the failed edge server, and may request a DNS query including user information. .
- the user information that can be included in the DNS query includes information that can identify a user or information that can identify a device, at least a login ID, device ID (MAC, CPU ID, HDD Serial, etc), telephone number, Contains one or more of the IP addresses.
- FIG. 7 is a flowchart illustrating a failure client detection method in a first embodiment of a failure detection client detection system using a client path control server according to the present invention shown in FIG.
- an edge server IP allocation matrix 312 is formed (step S700).
- the DNS query receiving unit 310 receives a DNS query from the DNS server 305 (step S705).
- the user information extracting unit 310 checks whether there is user information in the received DNS query (step S710).
- the user information is extracted (step S715).
- the edge server allocator 322 allocates the edge server IP corresponding to the extracted user information by referring to the edge server IP allocation matrix 322 (step S720).
- the edge server allocating unit 322 refers to the edge server IP allocation matrix 322 provides the edge server IP assigned to the client requesting the DNS query (step S725).
- the failure check unit 340 checks whether a failure occurs in the allocated edge server (step S730).
- the edge server IP allocated by the edge server allocator 320 is provided (step S740).
- edge server IP of the next stage it is checked whether there is an edge server IP of the next stage by referring to the edge server IP allocation matrix 322 (step S745). If there is no edge server of the next stage to be allocated, the client is detected as a failure client. If there is an edge server IP of the next stage to be allocated, the edge server IP of the next stage is provided to the client that has requested the DNS query (step S755).
- the second embodiment of the failure-prone client detection system 40 using the client path control server according to the present invention includes a query receiver 410, an edge server allocator 420, and a failure-prone client detector ( 430, a failure check unit 440, a client search unit 450, and a DNS response unit 460.
- the failure check unit 440 monitors whether a failure occurs in the edge server regardless of DNS query reception.
- the client searcher 450 searches for a client using the edge server as a connection path to the service server 460 when a failure of the edge server is detected through the failure checker 440.
- the edge server allocator 420 includes an edge server IP allocation matrix 422. If a failure occurs in an edge server, the edge server IP allocation matrix 420 refers to the edge server IP allocation matrix 422 to the client using the failed edge server. Allocate Here, the edge server IP allocation matrix 422 is differently assigned to the edge server IP for each client's IP or user information, and the edge server IP allocation is for at least two stages of the edge server IP for each client IP or user information. Can be done.
- the query receiver 410 receives the DNS query when the DNS server 305 receiving the DNS query from the client transmits the DNS query. At this time, if there is user information in the DNS query, the user information extracting unit 412 extracts the user information included in the DNS query.
- the DNS response unit 460 provides an edge server IP allocated for each client IP or user information in response to the DNS query requested by the client.
- the failure detection client detection unit 430 When the failure detection client detection unit 430 tries to allocate the edge server IP to the client using the failed edge server due to the failure of the edge server by referring to the edge server IP assignment matrix 422, the edge server IP to be allocated is determined. Missing client IP or user information is detected as a faulty client.
- the edge server may be implemented as a program, a server, or hardware equipment having a service relay function or a service function such as a proxy server, a cache server, and the like.
- the edge server is used as a service path to which the client accesses, and may play a role of a service server to which the client accesses.
- the service relay network 470 is a network such as an edge server and a gateway, a router, a switch, a hub, and the like that includes a concept of a server or a device having a service relay function or a service function. It can be made with equipment.
- the agent 492 mounted on the client 490 may request a query to the DNS to reconnect the edge server and the clients connected to the failed edge server, and may also request a DNS query including user information. .
- the user information that can be included in the DNS query includes information that can identify a user or information that can identify a device, at least a login ID, device ID (MAC, CPU ID, HDD Serial, etc), telephone number, Contains one or more of the IP addresses.
- FIG. 8 is a flowchart illustrating a failure client detection method in a second embodiment of a failure detection client detection system using a client path control server according to the present invention shown in FIG.
- an edge server IP allocation matrix 422 is first formed (step S800).
- the failure check unit 440 monitors whether a failure occurs in the edge server regardless of whether a DNS query is received.
- the client search unit 450 searches for a client using the failed edge server as a path for accessing the service server 480 (step S830).
- step S840 Check whether there is an edge server IP of the next step assigned to the retrieved client (step S840), and if there is no edge server IP of the next step, the faulty client detection unit 430 detects the detected client as the faulty client. )
- the edge server allocator 420 allocates the edge server IP of the next stage.
- the DNS response unit 460 provides the allocated edge server IP to the client requesting the DNS query (step S880).
- FIG. 5 is a block diagram illustrating a configuration of a third embodiment of a system for detecting a failure client using a client path control server according to the present invention.
- a third embodiment of the failure-prone client detection system 50 using the client path control server according to the present invention is a failure occurrence checker 530, a client searcher 540, and an edge server allocator. 550, a failure-prone client detection unit 560, and a DNS response unit 570.
- the failure check unit 530 monitors whether a failure occurs in the edge server regardless of DNS query reception.
- the client searcher 540 searches for a client using the edge server as a connection path to the service server 590 when a failure of the edge server is detected through the failure checker 530.
- the edge server allocator 550 includes an edge server IP allocation matrix 552. If a failure occurs in the edge server, the edge server IP allocation matrix 550 refers to the edge server IP allocation matrix 552 to the client using the failed edge server. Allocate Here, the edge server IP allocation matrix 552 is differently assigned to the edge server IP for each client's IP or user information, and the edge server IP allocation is for at least two stages of the edge server IP for each client IP or user information. Can be done.
- the DNS response unit 570 provides the client with the client IP allocated through the edge server allocator 550 or the edge server IP allocated for each user information regardless of the DNS query.
- the failure detection client detection unit 560 attempts to allocate the edge server IP to the client using the failed edge server due to the failure of the edge server by referring to the edge server IP allocation matrix 552, the edge server IP to be allocated is determined. Missing client IP or user information is detected as a faulty client.
- the edge server may be implemented as a program, a server, or hardware equipment having a service relay function or a service function such as a proxy server, a cache server, and the like.
- the edge server is used as a service path to which the client accesses, and may play a role of a service server to which the client accesses.
- the service relay network 580 is a network of edge servers and gateways, routers, switches, hubs, and the like, which includes the concept of a server or a device having a service relay function or a service function. It can be made with equipment.
- the agent 527 mounted on the client 525 may request a query to the DNS to reconnect the edge server and the clients connected to the failed edge server.
- FIG. 9 is a flowchart illustrating a failure client detection method in a third embodiment of a failure detection client detection system using a client path control server according to the present invention shown in FIG.
- an edge server IP allocation matrix 552 is formed first (step S900).
- the failure check unit 530 monitors whether a failure occurs in the edge server (step S910).
- the client search unit 540 searches for a client using the failed edge server as a path for accessing the service server 590 (step S930).
- the faulty client detection unit 560 detects the detected client as the faulty client if there is no edge server IP of the next step. )
- the edge server allocator 550 allocates the edge server IP of the next stage (step S960). Then, the DNS response unit 570 receives the DNS query from the retrieved client regardless. In operation S970, the allocated edge server IP may be provided to the searched client or an agent of the client.
- FIG. 10 illustrates an example for explaining a DDoS attack indicator IP identification method using a client path control server according to the present invention.
- the CRCS prepares 8 edge servers.
- the edge servers are divided into four and managed in one stage (stage 1, 1010) and two stages (stage 2, 1020).
- stage 1, 1010 The total number of edge servers can be arbitrarily changed according to clients, and the number of edge servers and the number of stages can be changed according to the environment.
- the number of clients connected to one edge server can also be changed.
- the client connects to the edge server based on the IP provided by the CRCS.
- the CRCS pre-specifies the edge server of the second stage (stage 2) to be reserved in advance in case a problem occurs in the edge server of the first stage (stage 1) connecting to the client according to the path control algorithm.
- clients will have the path shown in Table 1.
- Clients 1 to 4 are connected to the server through Edge Server 1 in the first step.
- Clients 5 to 8 are connected to the server through the edge server 2 of the first step.
- Clients 9 to 12 are connected to the server through the edge server 3 of the first step.
- Clients 13 to 16 are connected to the server through Edge Server 4 in the first step.
- the clients using the failed edge server are connected to the edge servers 1 'to the edge server 4' in the second stage. For example, if Edge Server 2 fails, the client that uses Edge Server 2 as the first edge server is searched. As a result of the search, the clients using Edge Server 2 as the first stage Edge Server are Clients 5 to 8.
- the clients 5 to 8 are connected to the edge server in the second stage. Therefore, Client 5 is connected to Edge Server 1 'of the second stage, Client 6 is connected to Edge Server 2' of the second stage, Client 7 is connected to Edge Server 3 'of the second stage, and Client 8 is It is connected to the edge server 4 'of the second stage. After that, if Edge Server 4 'fails, Client 8 is identified as a DDoS attack client.
- each client will have only one path because it is assigned to the edge server of the first and second steps. That is, each client has a unique path.
- Edge Server 1 is a DDoS attack indicator, as shown in FIG. 14, if Client 3 refers to Table 1, Edge Server 1 'in Step 1 and Step 1410 is Edge Server 3' as Edge Server in Step 1410. It is specified. If a failure occurs in Edge Server 1, a client using Edge Server 1 as an edge server is searched for in step 1110. Clients 1, 2, 3, and 4 are searched. The retrieved clients 1, 2, 3, and 4 are each connected to, for example, the edge server of the second stage 1120 according to the method of the present invention, and the CRCS is a spare edge server designated as the table 1 to each client, that is, the second stage. Connect to your Edge Server.
- Client 1 is connected to Edge Server 1 'of the second stage
- Client 2 is connected to Edge Server 2' of the second stage
- Client 3 is connected to Edge Server 3 'of the second stage
- Client 4 is It is connected to the edge server 4 'of the second stage.
- the client may have only one path by the path control algorithm, thereby identifying the attacker IP.
- Clients 2 and 19 are designated as Edge Server 1 and Edge Server 2 in Step 1 12, referring to Table 3.
- edge server 1 ' is designated as an edge server
- a client using Edge Server 1 as the edge server in the first step 1210 is searched.
- 1-16 are searched.
- the searched clients 1-16 are Client 1-4 in Edge Server 1 ', Clients 5-8 in Edge Server 2', Clients 9-12 in Edge Server 3 ', Clients 13-16 use Edge Server 4 'as the Edge Server.
- the edge server 1 'of the second step a client using the edge server 1' as the edge server of the second step 1520 is searched. Referring to Table 3, the search results clients 1 to 4 are searched. . According to the method of the present invention, the retrieved Clients 1 to 4 are client 1 for Edge Server 1 ", Client 2 for Edge Server 2", Client 3 for Edge Server 3 ", and Client 4 for Edge Server 4 in step 3230. "As the edge server.
- the client 19 uses the edge server 2 of the first step 1210, the edge server 1 'of the second step 1520, and the edge server 3 "of the third step 1230 as the edge server. If failure occurs sequentially at Edge Server 2 at Step 1210, Edge Server 1 'at Step 212, and Edge Server 3 "at Step 1530, it is immediately known that the client that caused the failure is Client 19. Will be. In other words, you can see immediately that Client 19 is a DDoS attack indicator. Table 3 clarifies this process.
- the unique paths shown in Table 1 are allocated in advance, and when the client 1 requests the DNS query, the edge server 1 is allocated to the first stage, and the second stage is the edge. Allocate server 1 'to send the first and second edge server IPs to the client, and the client uses the first and second edge server 1' and second 'edge server 1'. As shown in Table 1, if all clients use the first and second edge servers in this manner, the failed clients can be failed at once without the need to reconnect the next edge server to the failed edge server. Can be identified immediately.
- the failed client can be immediately identified as Client 8.
- the edge server 14 shows the overall flow to which the edge server is assigned to the client.
- the DNS server 1340 requests the client path control server 1450 for a response to the DNS query, and the client path control server 1250 sends the client's request for the DNS query to the IP address of the edge server.
- the edge server allocation algorithm according to the first embodiment only the IP of the edge server belonging to the first stage 1410 is provided.
- the edge server allocation algorithm according to the second embodiment all the stages are performed, that is, the first stage 1410 and the second stage 1420. ), All of the edge servers belonging to step 3430 are provided.
- the client 100 receives a service by accessing a service server (not shown) through the edge servers.
- the DDoS attack indicator IP identification method and system using the client path control server according to the present invention has the following features.
- each client is assigned a unique path.
- Network devices such as routers or bridges are connected to many circuits because they are used to send packets quickly and securely. This has the advantage that the service can be smoothed by sending the packet back to the other line when a problem occurs on some lines, so that the packet communication can be stably maintained on the network infrastructure.
- the routing algorithm according to the present invention has only one path as shown in Table 1, Table 3, and Table 4 due to the unique path set by the CRCS and the edge server divided in stages.
- the second is to search the IP of DDoS attack indicator by using only one path.
- the second in general network, in case of line problems, several lines are spared to prevent communication loss.
- DDoS attack indicator there is a disadvantage that the attack indicator IP cannot be stopped due to the number of cases caused by many circuits.
- edge server there is an edge server.
- Devices that bridge the network such as routers and bridges, connect clients and servers.
- the edge server serves to hide the existence of the server and the path role that the client can connect.
- CRCS client path control server
- a typical DNS server simply assigns a domain name and IP.
- the server In order to avoid burdening the name server, the server usually leaves the domain name address specified for three hours to a week or more. This is a clear advantage in that it does not burden the server, but the system to be implemented in the present invention must immediately change the domain name and the edge server IP to be designated according to the situation, so the DNS system cannot satisfy the function of the present invention.
- the monitoring server also simply grasps the status of the monitoring equipment and calculates information thereof, and thus cannot satisfactorily satisfy the function of the present invention.
- the Edge Server IP is sent to the client using DNS.
- the CRCS assigns the client the edge server IP corresponding to the domain name, but does not send it directly to the client. Therefore, by sending the specified information to DNS separately, the client can know the IP of the edge server.
- the present invention can be embodied as code that can be read by a computer (including all devices having an information processing function) in a computer-readable recording medium.
- the computer-readable recording medium includes all kinds of recording devices in which data that can be read by a computer system is stored. Examples of computer-readable recording devices include ROM, RAM, CD-ROM, magnetic tape, floppy disks, optical data storage devices, and the like.
- the present invention can be used in a system that guarantees the continuity of services provided to clients, and in particular, can be used to defend against various types of DDoS attacks.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
클라이언트 | 사용중 | 예비 |
1단계 | 2단계 | |
클라이언트 1 | 에지서버 1 | 에지서버 1' |
클라이언트 2 | 에지서버 1 | 에지서버 2' |
클라이언트 3 | 에지서버 1 | 에지서버 3' |
클라이언트 4 | 에지서버 1 | 에지서버 4' |
클라이언트 5 | 에지서버 2 | 에지서버 1' |
클라이언트 6 | 에지서버 2 | 에지서버 2' |
클라이언트 7 | 에지서버 2 | 에지서버 3' |
클라이언트 8 | 에지서버 2 | 에지서버 4' |
클라이언트 9 | 에지서버 3 | 에지서버 1' |
클라이언트 10 | 에지서버 3 | 에지서버 2' |
클라이언트 11 | 에지서버 3 | 에지서버 3' |
클라이언트 12 | 에지서버 3 | 에지서버 4' |
클라이언트 13 | 에지서버 4 | 에지서버 1' |
클라이언트 14 | 에지서버 4 | 에지서버 2' |
클라이언트 15 | 에지서버 4 | 에지서버 3' |
클라이언트 16 | 에지서버 4 | 에지서버 4' |
클라이언트 | 1단계 | 2단계 |
클라이언트 1 | 에지서버 1 | 에지서버 1' |
클라이언트 2 | 에지서버 1 | 에지서버 2' |
클라이언트 3 | 에지서버 1 | 에지서버 3' |
클라이언트 4 | 에지서버 1 | 에지서버 4' |
클라이언트 | 1단계 | 2단계 | 3단계 |
클라이언트 1 | 에지서버 1 | 에지서버 1' | 에지서버 1" |
클라이언트 2 | 에지서버 1 | 에지서버 1' | 에지서버 2" |
클라이언트 3 | 에지서버 1 | 에지서버 1' | 에지서버 3" |
클라이언트 4 | 에지서버 1 | 에지서버 1' | 에지서버 4" |
클라이언트 5 | 에지서버 1 | 에지서버 2' | 에지서버 1" |
클라이언트 6 | 에지서버 1 | 에지서버 2' | 에지서버 2" |
클라이언트 7 | 에지서버 1 | 에지서버 2' | 에지서버 3" |
클라이언트 8 | 에지서버 1 | 에지서버 2' | 에지서버 4" |
클라이언트 9 | 에지서버 1 | 에지서버 3' | 에지서버 1" |
클라이언트 10 | 에지서버 1 | 에지서버 3' | 에지서버 2" |
:: | :: | :: | :: |
클라이언트 19 | 에지서버 2 | 에지서버 1' | 에지서버 3" |
:: | :: | :: | :: |
클라이언트 64 | 에지서버 4 | 에지서버 4' | 에지서버 4" |
클라이언트 | 1 단계 | 2 단계 | 3 단계 | 4 단계 |
클라어인트 1 | 에지서버 1 | 에지서버 1' | 에지서버 1" | 에지서버 1"' |
클라어인트 2 | 에지서버 1 | 에지서버 1' | 에지서버 1" | 에지서버 2"' |
클라어인트 3 | 에지서버 1 | 에지서버 1' | 에지서버 1" | 에지서버 3"' |
클라어인트 4 | 에지서버 1 | 에지서버 1' | 에지서버 1" | 에지서버 4"' |
클라어인트 5 | 에지서버 1 | 에지서버 1' | 에지서버 1" | 에지서버 5"' |
클라어인트 6 | 에지서버 1 | 에지서버 1' | 에지서버 1" | 에지서버 6"' |
클라어인트 7 | 에지서버 1 | 에지서버 1' | 에지서버 1" | 에지서버 7"' |
클라어인트 8 | 에지서버 1 | 에지서버 1' | 에지서버 1" | 에지서버 8"' |
클라어인트 9 | 에지서버 1 | 에지서버 1' | 에지서버 1" | 에지서버 9"' |
:: | :: | :: | :: | :: |
클라어인트 n | 에지서버 256 | 에지서버 256' | 에지서버 256" | 에지서버 256"' |
Claims (15)
- 에지서버 IP 할당 매트릭스를 형성하는 단계;상기 에지 서버의 장애 발생을 체크하는 단계; 및상기 에지서버의 장애가 발생되면 상기 에지서버 IP 할당 매트릭스에 따라 에지서버 IP를 할당하는 단계; 및상기 에지서버 IP 할당 매트릭스에 따라 할당될 에지서버 IP가 없는 클라이언트 IP 또는 사용자 정보를 장애유발 클라이언트로 검출하는 단계를 포함하고,상기 에지서버 IP 할당 매트릭스는클라이언트의 IP또는 사용자 정보 별로 에지서버 IP가 서로 다르게 할당되며, 상기 에지서버 IP 할당은 클라이언트 IP 또는 사용자 정보 별로 적어도 두 단계(stage)의 에지서버 IP로 이루어지는, 클라이언트 경로제어 시스템을 활용한 장애유발 클라이언트 검출 방법.
- 제1항에 있어서, 상기 장애발생 체크는클라이언트로부터 DNS 쿼리가 수신될 때 이루어지는 것을 특징으로 하는 클라이언트 경로제어 시스템을 활용한 장애유발IP 검출 방법.
- 제1항에 있어서, 상기 장애발생 체크는클라이언트로부터 DNS 쿼리에 상관없이 이루어지는 것을 특징으로 하는 클라이언트 경로제어 시스템을 활용한 장애유발IP 검출 방법.
- 제3항에 있어서,에지서버의 장애가 발생하면, 상기 장애가 발생한 에지서버를 사용하고 있는 클라이언트 IP 또는 사용자 정보를 검색하고, 상기 검색된 클라이언트 IP 또는 사용자 정보에 할당된 에지서버 IP를 상기 검색된 클라이언트에게 제공하는 것을 특징으로 하는 클라이언트 경로제어 시스템을 활용한 장애유발 클라이언트 검출 방법.
- 제1항에 있어서, 상기 클라이언트들은,에지서버에 장애가 발생하면 상기 에지서버 IP 할당 매트릭스에 따라 할당되어 있는 다른 에지서버와 다시 연결하기 위해 상기 DNS 쿼리를 전송하는 에이전트를 포함하는 것을 특징으로 하는 클라이언트 경로제어 시스템을 활용한 장애유발 클라이언트 검출 방법.
- 제5항에 있어서, 상기 에이전트는,사용자 정보를 포함한 DNS쿼리를 요청하는 것을 특징으로 하는 클라이언트 경로제어 시스템을 활용한 장애유발 클라이언트 검출 방법.
- 제6항에 있어서,상기 클라이언트의 에이전트로부터 DNS쿼리를 수신하면 클라이언트의 DNS 쿼리로부터 사용자 정보를 추출하고, 상기 에지서버 IP할당 매트릭스에 따라 상기 추출된 사용자 정보에 상응하는 에지서버 IP를 상기 클라이어트에게 할당하는 것을 특징으로 하는 클라이언트 경로제어 시스템을 활용한 장애유발 클라이언트 검출 방법.
- 에지서버의 장애 발생을 체크하는 장애발생 체크부;에지서버 IP 할당 매트릭스를 구비하고, 에지서버의 장애가 발생되면 상기 에지서버 IP 할당 매트릭스에 따라 에지서버 IP를 할당하는 에지서버 할당부;클라이언트가 요청한 DNS 쿼리에 응답하여, 클라이언트 IP 또는 사용자 정보 별로 할당된 에지서버 IP를 제공하는 DNS 응답부; 및상기 에지서버 IP 할당 매트릭스에 따라 할당될 에지서버 IP가 없는 클라이언트 IP 또는 사용자 정보를 장애유발 클라이언트로 검출하는 장애유발 클라이언트 검출부를 포함하고,상기 에지서버 IP 할당 매트릭스는클라이언트의 IP또는 사용자 정보 별로 에지서버 IP가 서로 다르게 할당되며, 상기 에지서버 IP 할당은 클라이언트 IP 또는 사용자 정보 별로 적어도 두 단계(stage)의 에지서버 IP로 이루어지는, 클라이언트 경로제어 시스템을 활용한 장애유발 클라이언트 검출 시스템.
- 제8항에 있어서, 상기 장애발생 체크부는DNS 쿼리에 응답하여 상기 에지서버 할당부에 의해 에지서버가 할당되면, 상기 할당된 에지서버에 장애가 있는지 체크하고,상기 DNS 응답부는상기 할당된 에지서버에 장애가 없으면, 상기 할당된 에지서버 정보를 DNS를 통해 클라이언트에게 제공하는 것을 특징으로 하는 클라이언트 경로제어 시스템을 활용한 장애유발 클라이언트 검출 시스템.
- 제8항에 있어서, 상기 장애발생 체크부는DNS 쿼리에 상관없이 에지서버의 장애를 모니터링하고,상기 장애유발 클라이언트 검출부는상기 에지서버의 장애가 발생하면, 상기 장애가 발생한 에지서버를 사용하고 있는 클라이언트 IP 또는 사용자 정보를 검색하는 클라이언트 검색부를 포함하고,상기 에지서버 할당부는상기 에지서버 IP 할당 매트릭스에 따라 상기 검색된 클라이언트 IP 또는 사용자 정보에 해당하는 에지서버 IP를 할당하고,상기 DNS응답부는상기 검색된 클라이언트 IP 또는 사용자 정보에 해당하는 클라이언트가 DNS 쿼리를 요청하면, 상기 검색된 클라이언트 IP 또는 사용자 정보에 할당된 에지서버 IP를 DNS를 통해 상기 검색된 클라이언트에게 제공하는 것을 특징으로 하는 클라이언트 경로제어 시스템을 활용한 장애유발 클라이언트 검출 시스템.
- 제8항에 있어서, 상기 장애발생 체크부는DNS 쿼리에 상관없이 에지서버의 장애를 모니터링하고,상기 장애유발 클라이언트 검출부는상기 에지서버의 장애가 발생하면, 상기 장애가 발생한 에지서버를 사용하고 있는 클라이언트 IP 또는 사용자 정보를 검색하는 클라이언트 검색부를 포함하고,상기 에지서버 할당부는상기 에지서버 IP 할당 매트릭스에 따라 상기 검색된 클라이언트 IP 또는 사용자 정보에 해당하는 에지서버 IP를 할당하고,상기 DNS응답부는상기 DNS 쿼리에 상관없이, 상기 검색된 클라이언트 IP 또는 사용자 정보에 할당된 에지서버 IP를 상기 검색된 클라이언트에게 제공하는 것을 특징으로 하는 클라이언트 경로제어 시스템을 활용한 장애유발 클라이언트 검출 시스템.
- 제8항에 있어서, 상기 클라이언트는에지서버에 장애가 발생하면 상기 에지서버 IP 할당 매트릭스에 따라 할당되어 있는 다른 에지서버와 다시 연결하기 위해 상기 DNS 쿼리를 전송하는 에이전트를 포함하는 것을 특징으로 하는 클라이언트 경로제어 시스템을 활용한 장애유발 클라이언트 검출 시스템.
- 제12항에 있어서, 상기 에이전트는,사용자 정보를 포함한 DNS쿼리를 요청하는 것을 특징으로 하는 클라이언트 경로제어 시스템을 활용한 장애유발 클라이언트 검출 시스템.
- 제8항에 있어서, 상기 에지서버는클라이언트와 서버를 연결하며 서비스 중계 기능이 있거나 서비스 기능이 있는 프로그램, 서버 및 하드웨어 장비 중 적어도 하나를 포함하는 것을 특징으로 하는 클라이언트 경로제어 시스템을 활용한 장애유발 클라이언트 검출 시스템.
- 제1항에 기재된 발명을 컴퓨터에서 실행시키기 위한 프로그램을 기록한 컴퓨터로 읽을 수 있는 기록매체.
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP15808915.1A EP3160086B1 (en) | 2014-06-20 | 2015-06-18 | Method and system for detecting failure-inducing client by using client route control system |
US15/319,684 US10411981B2 (en) | 2014-06-20 | 2015-06-18 | Method and system for detecting client causing network problem using client route control system |
JP2016574056A JP6367381B2 (ja) | 2014-06-20 | 2015-06-18 | クライアント経路制御システムを活用した障害誘発クライアント検出方法及びそのシステム |
CN201580032970.2A CN106471772B (zh) | 2014-06-20 | 2015-06-18 | 利用客户机路由控制系统检测问题起因客户机的方法和系统 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020140075888A KR101569857B1 (ko) | 2014-06-20 | 2014-06-20 | 클라이언트 경로 제어 시스템을 활용한 장애유발 클라이언트 검출 방법 및 시스템 |
KR10-2014-0075888 | 2014-06-20 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015194885A1 true WO2015194885A1 (ko) | 2015-12-23 |
Family
ID=54847718
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2015/006194 WO2015194885A1 (ko) | 2014-06-20 | 2015-06-18 | 클라이언트 경로 제어 시스템을 활용한 장애유발 클라이언트 검출 방법 및 시스템 |
Country Status (6)
Country | Link |
---|---|
US (1) | US10411981B2 (ko) |
EP (1) | EP3160086B1 (ko) |
JP (1) | JP6367381B2 (ko) |
KR (1) | KR101569857B1 (ko) |
CN (1) | CN106471772B (ko) |
WO (1) | WO2015194885A1 (ko) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10911483B1 (en) * | 2017-03-20 | 2021-02-02 | Amazon Technologies, Inc. | Early detection of dedicated denial of service attacks through metrics correlation |
TWI674780B (zh) * | 2018-11-23 | 2019-10-11 | 財團法人工業技術研究院 | 網路服務系統及網路服務方法 |
CN110262347B (zh) * | 2019-06-26 | 2021-06-29 | 南京邮电大学 | 拒绝服务攻击下多机电力系统的广域阻尼控制器构建方法 |
US11928514B2 (en) | 2019-07-22 | 2024-03-12 | Cisco Technology, Inc. | Systems and methods providing serverless DNS integration |
KR102232761B1 (ko) | 2019-08-21 | 2021-03-26 | 주식회사 이노지에스코리아 | 장애대응 에지서버 그루핑을 이용한 장애유발 클라이언트 검출 방법 및 시스템 |
US11601326B1 (en) * | 2021-09-28 | 2023-03-07 | Sap Se | Problem detection and categorization for integration flows |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20090049936A (ko) * | 2007-11-14 | 2009-05-19 | (주)씨디네트웍스 | 서버의 로드 밸런싱 방법 및 그 장치 |
KR20110036418A (ko) * | 2009-10-01 | 2011-04-07 | 윤성진 | 디엔에스 룩어사이드 장치 및 방법 |
KR20130103145A (ko) * | 2012-03-09 | 2013-09-23 | 서정환 | 사용자 정보에 기반한, 도메인 네임 시스템 및 도메인 네임 서비스 방법 |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6829654B1 (en) | 2000-06-23 | 2004-12-07 | Cloudshield Technologies, Inc. | Apparatus and method for virtual edge placement of web sites |
US7372809B2 (en) | 2004-05-18 | 2008-05-13 | Time Warner Cable, Inc. | Thwarting denial of service attacks originating in a DOCSIS-compliant cable network |
US7478429B2 (en) * | 2004-10-01 | 2009-01-13 | Prolexic Technologies, Inc. | Network overload detection and mitigation system and method |
JP2006254269A (ja) * | 2005-03-14 | 2006-09-21 | Fujitsu Access Ltd | Dos/DDos攻撃を防ぐ加入者線終端装置及びユーザ端末 |
US20080062997A1 (en) * | 2006-09-07 | 2008-03-13 | Go2Call.Com, Inc. | Intelligent call routing through distributed VoIP networks |
CN101257502B (zh) * | 2008-01-31 | 2013-10-23 | 陈勇 | 一种保护服务器和网络方法 |
JP5222096B2 (ja) * | 2008-10-30 | 2013-06-26 | 京セラ株式会社 | 無線通信装置および無線通信方法 |
CN101572701B (zh) * | 2009-02-10 | 2013-11-20 | 中科信息安全共性技术国家工程研究中心有限公司 | 针对DNS服务器的抗DDoS安全网关系统 |
US8397298B2 (en) * | 2009-12-08 | 2013-03-12 | At&T Intellectual Property I, L.P. | Method and system for content distribution network security |
CN102148752B (zh) | 2010-12-22 | 2014-03-12 | 华为技术有限公司 | 基于内容分发网络的路由实现方法及相关设备、系统 |
JP2012186520A (ja) * | 2011-03-03 | 2012-09-27 | Kddi Corp | 通信システム |
US8646064B1 (en) * | 2012-08-07 | 2014-02-04 | Cloudflare, Inc. | Determining the likelihood of traffic being legitimately received at a proxy server in a cloud-based proxy service |
US9923959B2 (en) * | 2014-06-05 | 2018-03-20 | Microsoft Technology Licensing, Llc | Load balancing with layered edge servers |
-
2014
- 2014-06-20 KR KR1020140075888A patent/KR101569857B1/ko active IP Right Grant
-
2015
- 2015-06-18 US US15/319,684 patent/US10411981B2/en active Active
- 2015-06-18 CN CN201580032970.2A patent/CN106471772B/zh active Active
- 2015-06-18 JP JP2016574056A patent/JP6367381B2/ja active Active
- 2015-06-18 WO PCT/KR2015/006194 patent/WO2015194885A1/ko active Application Filing
- 2015-06-18 EP EP15808915.1A patent/EP3160086B1/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20090049936A (ko) * | 2007-11-14 | 2009-05-19 | (주)씨디네트웍스 | 서버의 로드 밸런싱 방법 및 그 장치 |
KR20110036418A (ko) * | 2009-10-01 | 2011-04-07 | 윤성진 | 디엔에스 룩어사이드 장치 및 방법 |
KR20130103145A (ko) * | 2012-03-09 | 2013-09-23 | 서정환 | 사용자 정보에 기반한, 도메인 네임 시스템 및 도메인 네임 서비스 방법 |
Non-Patent Citations (1)
Title |
---|
See also references of EP3160086A4 * |
Also Published As
Publication number | Publication date |
---|---|
US20170141984A1 (en) | 2017-05-18 |
CN106471772A (zh) | 2017-03-01 |
EP3160086A1 (en) | 2017-04-26 |
US10411981B2 (en) | 2019-09-10 |
EP3160086A4 (en) | 2018-01-24 |
CN106471772B (zh) | 2019-07-09 |
EP3160086B1 (en) | 2019-10-09 |
JP6367381B2 (ja) | 2018-08-01 |
JP2017527152A (ja) | 2017-09-14 |
KR101569857B1 (ko) | 2015-11-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2015194885A1 (ko) | 클라이언트 경로 제어 시스템을 활용한 장애유발 클라이언트 검출 방법 및 시스템 | |
WO2012153913A1 (ko) | 차단서버를 이용한 스푸핑 공격 방어방법 | |
WO2014209075A1 (ko) | 인터넷 프로토콜을 이용한 서비스를 위한 다중 연결 시스템 및 방법 | |
WO2023033586A1 (ko) | Tcp 세션 제어에 기초하여 애플리케이션의 네트워크 접속을 제어하기 위한 시스템 및 그에 관한 방법 | |
WO2017069348A1 (ko) | 보안이벤트 자동 검증 방법 및 장치 | |
WO2023033585A1 (ko) | 분산 게이트웨이 환경에 최적화된 터널링 및 게이트웨이 접속 시스템 및 그에 관한 방법 | |
WO2014112771A1 (ko) | 클라이언트의 ip주소를 서버로 전송하는 중계 시스템 및 방법 | |
WO2015030270A1 (ko) | 사용자 정보에 기반한, 도메인 네임 시스템 및 도메인 네임 서비스 방법 | |
WO2023085791A1 (ko) | 컨트롤러 기반 네트워크 접속을 제어하기 위한 시스템 및 그에 관한 방법 | |
WO2021141291A1 (ko) | 무선 통신 시스템에서 네트워크 트래픽을 수집하는 방법 및 장치 | |
WO2023085793A1 (ko) | 컨트롤러 기반의 네트워크 접속을 제어하기 위한 시스템 및 그에 관한 방법 | |
WO2018101565A1 (ko) | 네트워크 가상화 환경에서 보안 관리를 위한 구조 | |
WO2023090755A1 (ko) | 가상화 인스턴스의 네트워크 접속을 제어하기 위한 시스템 및 그에 관한 방법 | |
WO2022235007A1 (ko) | 컨트롤러 기반의 네트워크 접속을 제어하기 위한 시스템 및 그에 관한 방법 | |
WO2015194829A2 (ko) | 인터넷 접속 요청을 하는 클라이언트 단말의 인터넷 접속 요청 트래픽으로부터 동일한 공인 ip를 이용하는 사설 네트워크상의 복수개의 클라이언트 단말 중에서 추가 비지정 도메인 네임을 구비한 웹서버에 의해 선별된 디바이스의 대수를 검출하는 방법 및 공인 ip 공유 상태의 디바이스의 선별적인 검출 시스템 | |
WO2016204567A1 (ko) | 프록시 선택기와 각 프록시의 설정 제어를 이용한 단말 단위 실시간 정책 적용, 부하분산 및 장애 복구를 제공하는 서비스시스템 및 그 제어방법 | |
WO2013094847A1 (ko) | 클라우드 시스템에서의 웹 방화벽 서비스 장치 및 방법 | |
WO2022231304A1 (ko) | 컨트롤러 기반의 네트워크 접속을 제어하기 위한 시스템 및 그에 관한 방법 | |
WO2016076574A1 (ko) | 단말 정보 식별 장치 및 방법 | |
WO2018008933A1 (ko) | 단일 인터넷 회선을 이용한 가상 cpe 서비스 제공 방법 및 네트워크 펑션 가상화 클라우드 | |
WO2013129804A1 (ko) | 무선 네트워크 부하 저감 정책 분석 방법 및 시스템과 기록매체 | |
WO2015102356A1 (ko) | 현재 시간 기준으로 공인 아이피를 공유하는 인터넷 접속 요청 트래픽을 선별적 허용 또는 차단하는 방법 및 그 방법을 실행하기 위한 공인 아이피 공유의 현재 상태 검출 및 차단 시스템 | |
WO2021060598A1 (ko) | 이동통신망과 브로드밴드망의 인터넷 이원화 접속 시스템 및 방법, 이를 위한 고객 댁내 장치 | |
WO2024029658A1 (ko) | 네트워크에서의 접근 통제 시스템 및 그 방법 | |
WO2021034114A1 (ko) | 장애대응 에지서버 그루핑을 이용한 장애유발 클라이언트 검출 방법 및 시스템 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15808915 Country of ref document: EP Kind code of ref document: A1 |
|
REEP | Request for entry into the european phase |
Ref document number: 2015808915 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2015808915 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 15319684 Country of ref document: US |
|
ENP | Entry into the national phase |
Ref document number: 2016574056 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |