CN108471428A - Applied to the ddos attack initiative type safeguard technology and equipment in CDN system - Google Patents
Applied to the ddos attack initiative type safeguard technology and equipment in CDN system Download PDFInfo
- Publication number
- CN108471428A CN108471428A CN201810679868.7A CN201810679868A CN108471428A CN 108471428 A CN108471428 A CN 108471428A CN 201810679868 A CN201810679868 A CN 201810679868A CN 108471428 A CN108471428 A CN 108471428A
- Authority
- CN
- China
- Prior art keywords
- attack
- network
- module
- node
- region
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Abstract
The present invention relates to systemic defence technical fields, more particularly to a kind of ddos attack initiative type safeguard technology and equipment applied in CDN system, the present invention proposes a kind of new defense mechanism for CDN system, under this mechanism, each node in network is detected, and whole network is divided into three regions such as trust (safety), distrust, attack, defence packet is recycled to carry defence code and repairs security breaches.The present invention partitions the network into different regions, improves the specific aim of attack resistance;A kind of initiative type safeguard technology is provided, is actively notified to mechanism by safe condition between each node, improves the initiative of anti-ddos attack.This mode has very strong creativeness for having extraordinary preventive effect for the ddos attack of CDN system.
Description
Technical field
The present invention relates to systemic defence technical fields, and in particular to a kind of ddos attack applied in CDN system is actively
Defense technique and equipment.
Background technology
Distributed denial of service attack (ddos attack) refers to by means of client/server technology, and multiple computers are combined
It rises and is used as Attack Platform, ddos attack is started to one or more targets, to double up the prestige of Denial of Service attack
Power.In general, attacker using one stealing account number by DDoS primary control programs install on a computer, at one set when
Between primary control program will be communicated with a large amount of Agents, Agent has been installed on many computers on network.Agency
With regard to offensive attack when program receives instruction.Using client/server technology, primary control program can activate hundreds and thousands of in seconds
The operation of secondary Agent.
At present for ddos attack there are many kinds of defense technique and relevant equipment, ddos attack can be played certain anti-
Imperial and cleaning action.These precautionary technologies are all to treat this network as a whole there are one common feature, are lacked
It is weary that organic subdivision is carried out to overall network area attribute, the influence of the performance of DDoS equipment and strick precaution effect are caused so certain
It influences.CDN system as a distributed server into group, by many node cluster groups at these clusters constitute one
A network area.The present invention proposes a kind of new defense mechanism for CDN system, under this mechanism, to every in network
A node is detected, and whole network is divided into three regions such as trust (safety), distrust, attack, recycles defence packet
It carries defence code and repairs security breaches.Advantages of the present invention one is to partition the network into different regions, improves anti-attack
The specific aim hit;Secondly there is provided a kind of initiative type safeguard technology, actively it is notified to mechanism by safe condition between each node,
Improve the initiative of anti-ddos attack.This mode for the ddos attack of CDN system for having extraordinary strick precaution to make
With.
Invention content
In view of the deficiencies of the prior art, the invention discloses a kind of ddos attack Initiative Defenses applied in CDN system
Technology and equipment detect each node in network under this mechanism, and by whole network be divided into trust (safety),
Three regions such as distrust, attack recycle defence packet carrying defence code and repair security breaches.
The present invention is achieved by the following technical programs:
A kind of ddos attack initiative type safeguard technology and equipment applied in CDN system, it is characterised in that:Including active
Defending against network module, active defense mechanism and the detecting to unknown attack, the initiative defense network module include analysis mould
Block, defensive attack module and regions module, the active defense mechanism issue specific defence packet to all sons by webmaster node
Network node, each node go to check whether the point is attacked after receiving defence code for the attribute of particular attack record
Or attack package is being transferred, the detecting to unknown attack is after the detecting packet that webmaster node issues unknown attack, subnet
In domain each node open reception defence packet, and sequentially confirm the network node whether by attack and whether transfer attack package.
Preferably, the analysis module has flow collection and protocol analyzing function, collects the flow of network node first
Statistics and application program behaviour in service, and continue to monitor the use degree of system resource, analysis module can also with network management center into
Row communication, receives the given patch packet issued by network management center, these service packs have recorded the characteristic of ddos attack, i.e. attack is special
Levy library.When doubtful attack phenomenon occurs, analysis module will be analyzed doubtful attack traffic according to the content of service packs, according to
The recorded attribute of attack, differentiates and filters out possible attack package.
Preferably, the information included by the attribute has:
(1) network address;
(2) the subnet domain belonging to the attack package;
(3) procotol used in;
(4) standard value of received identical packet and for received same traffic in the unit interval in the unit interval
Standard value.
Preferably, the defensive attack module is while attack is blocked in execution, it is necessary to which checking the network node, whether there is or not quilts
Malicious attacker is invaded and transplanting trojan horse program, after preventing to attack, it is necessary to send a package and record the attack detected
Attribute gives a warning comprising following functions function to source, that is, previous network node of attack package:
(1) information that processing analysis module is brought, filters particular network address data packet, closes special domain or service;
(2) flow is limited to the source for causing network congestion, it is ensured that the safety of the defence node.
Preferably, the regions module function is as follows:
(1) region is defined as trust region, distrusts region and attack region by this module, and is responsible for recording the protection net
The safe condition of each node in subnet domain residing for network, i.e. decision node are in safety zone or attack region;
(2) the region security information that other nodes are sent is received;
(3) regions module will safeguard that a inventory, content include trust region, distrust that region and attack region are included
Network node;
(4) regions module timing sends other network nodes the safe condition of the point.If do not had whithin a period of time
The safe condition of certain network nodes is received, attack region directly is added in those nodes, until the point has response safe condition
Until, using a sub- domain as the unit executed.
Preferably, the active defense mechanism operational process is as follows:
One, check whether the point is attacked or transferring attack package:
(1) if it's not true, it oneself is in a safe condition which, which is issued by packet and is recorded to all nodes, asks other
Safety zone is added in the point by node;
(2) if any, which further checks the service for defending to be used needed for this attack;
Two, whether detecting can halt attacks:
(1) if the event that can halt attacks, it oneself is in safety which is issued by packet records to all nodes
State asks other nodes that trust region is added in the point, and informs that the source router that comes of the attack package is killed virus;
(2) if the event that cannot halt attacks, it oneself is to be in quilt which is issued by package informs to all nodes
Attack state asks other nodes to be added into attack region;If impotentia carries out give out a contract for a project action, at this moment, Suo Youjie to the point
After o'clock using one section of stand-by period, i.e., attack region is added in the point.
Preferably, further include hardware device, the hardware device include analysis module, defensive attack module, regions module,
Communication interface submodule and communication bus.
Preferably, the analysis module carries out protocal analysis to flow, and the agreement for arranging outflow is carried out, the defence
Filtering particular network address data packet simultaneously limits attack traffic, and the regions module draws the region of whole network
Point, and the safe condition of network node is recorded, the communication interface submodule is responsible for carrying out data by interface between modules
Communication, the communication bus complete the analysis module, defensive attack module and the mutual communication of regions module, and the equipment is logical
It crosses communication bus to communicate with network management center, downloads given patch packet.
Beneficial effects of the present invention are:
The present invention's partitions the network into different regions, improves the specific aim of attack resistance;It is anti-to provide a kind of active
Imperial technology is actively notified to mechanism by safe condition between each node, improves the initiative of anti-ddos attack.This mode
For thering is extraordinary preventive effect, initiative type safeguard technology provided by the invention to pass through net for the ddos attack of CDN system
Pipe node issues specific defence packet to each node, and receives the health status feedback of each node, grasps the health of each node in real time
State.By defensive attack modular filtration particular network address data packet and attack traffic is limited, is effectively ensured
The safety of each node.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
Obtain other attached drawings according to these attached drawings.
Fig. 1 is the network area division principle schematic diagram of the present invention.
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
The every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
Mechanism of the present invention includes initiative defense network module, active defense mechanism operational process and is attacked to unknown
The detecting flow process hit:
One, initiative defense network module
1, analysis module:This module has flow collection and protocol analyzing function, the module collect network node first
Traffic statistics and application program behaviour in service, and continue to monitor the use degree of system resource.Analysis module can also in webmaster
The heart is communicated, and the given patch packet issued by network management center is received, these service packs have recorded the characteristic of ddos attack, that is, attack
Hit feature database.When doubtful attack phenomenon occurs, analysis module will divide doubtful attack traffic according to the content of service packs
Analysis differentiates according to recorded attribute is attacked and filters out possible attack package.Wherein, the information included by attribute has:
(1) network address (IPv4 or IPv6);
(2) the subnet domain belonging to the attack package;
(3) procotol used in;
(4) standard value of received identical packet and for received same traffic in the unit interval in the unit interval
Standard value etc..
2, defensive attack module.The module mainly has following function:
(1) information that processing analysis module is brought, filters particular network address data packet, closes special domain or service;
(2) flow is limited to the source for causing network congestion, it is ensured that the safety of the defence node.
Defensive attack is while attack is blocked in execution, it is necessary to check the network node whether there is or not by malicious attacker invasion and
Transplant trojan horse program.In addition, after preventing to attack, it is necessary to send a package and record the attack attribute detected, to attack
The source (previous network node) of package gives a warning.
3, regions module.Regions module mainly has following function:
(1) region is defined as trust region (safety zone), distrusts region and attack area by this module as shown in Figure 1
Domain, and be responsible for recording the safe condition of each node in the subnet domain residing for the defending against network, i.e., decision node is in safety zone
Or attack region.
(2) the region security information that other nodes are sent is received.
(3) regions module will safeguard that a inventory, content include trust region, distrust that region and attack region are included
Network node.
(4) in addition, regions module periodically sends other network nodes the safe condition of the point as shown in Figure 1.If
The safe condition of certain network nodes is not received in a period of time, attack region directly is added in those nodes, until the point
Have until responding safe condition, using a sub- domain as the unit executed.
Each subnet domain is first carried out by webmaster node and confirms the validity of defence packet in advance, at the same pre-establish one it is standby
Webmaster node can not issue active package to prevent the webmaster node of script because of poisoning;Spare webmaster node will be placed on
On the border router that subnet domain has a common boundary.The defence packet of particular attack can be first distributed to the section in all-ones subnet domain by webmaster node
Point first confirms and is not being examined with the adjacent node for oneself having package to transmit behavior when each network node receives defence packet
The case where survey, be then detected working needle has different defence methods to different types of attack.
For example:ICMP flood attacks can set up a period of time how many request/echo packages to fixation starting point or
The peak of terminal, more than this peak it is assumed that being an attack;And TCP flood attacks then can by judging SYN packets,
As there is excessive SYN packets to there are excessive SYN+ACK packets to respond to the same server or a period of time server for a period of time,
It is assumed that this is attack etc..These different attacks can start attack analysis module using different defense mechanisms.
Two, active defense mechanism operational process:
Specific defence packet (feature database) is issued to all sub-network nodes by webmaster node, each node is receiving defence
After code, go to check whether the point is attacked or in transfer attack package for the attribute of particular attack record.
If 1, it's not true, it oneself is in a safe condition which, which is issued by packet and is recorded to all nodes, asks other
Safety zone is added in the point by node;
2, if any, which further checks the service for defending to be used needed for this attack.
Next whether detecting can halt attacks:
1, if the event that can halt attacks, it oneself is to be in safe shape which is issued by packet records to all nodes
State asks other nodes that trust region is added in the point, and informs that the source router that comes of the attack package is killed virus;
2, if the event that cannot halt attacks, it oneself is to be in be attacked which is issued by package informs to all nodes
State is hit, other nodes is asked to be added into attack region;If impotentia carries out action of giving out a contract for a project to the point, at this moment, all nodes
After one section of stand-by period, i.e., attack region is added in the point.
Three, to the detecting flow process of unknown attack:It is each in subnet domain after webmaster node issues the detecting packet of unknown attack
Node open reception defence packet, and sequentially confirm the network node whether by attack and whether transfer attack package.
First, each node first confirms the system resource of the point and the threshold value of initialization system resource:As network node CPU
Utilization rate is more than 80% and has 80% CPU using just being recognized when the network package for handling same alike result lasts up to five minutes
The fixed node is under attack, sequentially suspends using CPU time most network package until CPU usage does not exceed threshold
Value.
Then it is which node and then to send out defence packet upstream road by detect using CPU time most network packet
The user in source is traced by device.If it cannot stop these network packages, being issued by package should to all node specifications
Network node is attack region, on the contrary then safety zone is added.
A kind of hardware device is also disclosed in the present invention, and the hardware device is mainly by following several subsystem function module groups
At:
1, analysis module:Protocal analysis is carried out to flow, and the agreement for arranging outflow is carried out.
2, defensive attack module:Filtering particular network address data packet simultaneously limits attack traffic.
3, regions module:The region of whole network is divided, and records the safe condition of network node.
4, communication interface submodule:It is responsible between modules through interface into row data communication.
Communication bus:Analysis module, regions module, completes mutual communication by communication bus at defensive attack module.
The equipment is communicated by communication bus with network management center simultaneously, downloads given patch packet.
The present invention's partitions the network into different regions, improves the specific aim of attack resistance;It is anti-to provide a kind of active
Imperial technology is actively notified to mechanism by safe condition between each node, improves the initiative of anti-ddos attack.This mode
For having extraordinary preventive effect for the ddos attack of CDN system.
The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to the foregoing embodiments
Invention is explained in detail, it will be understood by those of ordinary skill in the art that:It still can be to aforementioned each implementation
Technical solution recorded in example is modified or equivalent replacement of some of the technical features;And these modification or
It replaces, the spirit and scope for various embodiments of the present invention technical solution that it does not separate the essence of the corresponding technical solution.
Claims (8)
1. a kind of ddos attack initiative type safeguard technology and equipment applied in CDN system, it is characterised in that:Including active anti-
Imperial network module, active defense mechanism and the detecting to unknown attack, the initiative defense network module include analysis module,
Defensive attack module and regions module, the active defense mechanism issue specific defence packet to all sub-networks by webmaster node
Node, each node after receiving defence code, for particular attack record attribute go to check the point whether attacked or
Attack package is being transferred, the detecting to unknown attack is after the detecting packet that webmaster node issues unknown attack, in subnet domain
Each node open reception defence packet, and sequentially confirm the network node whether by attack and whether transfer attack package.
2. the ddos attack initiative type safeguard technology and equipment being applied in CDN system described in 1 are required according to claim, it is special
Sign is:The analysis module have flow collect and protocol analyzing function, first collect network node traffic statistics with answer
With program behaviour in service, and the use degree of system resource is continued to monitor, analysis module can also be communicated with network management center, be connect
The given patch packet issued by network management center is received, these service packs have recorded the characteristic of ddos attack, i.e. intrusion feature database.It is doubting
When occurring like attack phenomenon, analysis module will be analyzed doubtful attack traffic according to the content of service packs, be remembered according to attack
The attribute of record differentiates and filters out possible attack package.
3. the ddos attack initiative type safeguard technology and equipment being applied in CDN system described in 2 are required according to claim, it is special
Sign is:Information included by the attribute has:
(1) network address;
(2) the subnet domain belonging to the attack package;
(3) procotol used in;
(4) standard value of received identical packet and the mark for received same traffic in the unit interval in the unit interval
Quasi- value.
4. the ddos attack initiative type safeguard technology and equipment being applied in CDN system described in 1 are required according to claim, it is special
Sign is:The defensive attack module is while attack is blocked in execution, it is necessary to which checking the network node, whether there is or not by malicious attack
Person invades and transplanting trojan horse program, after preventing to attack, it is necessary to send package and record the attack attribute detected, to attacking
The i.e. previous network node in source for hitting package gives a warning comprising following functions function:
(1) information that processing analysis module is brought, filters particular network address data packet, closes special domain or service;
(2) flow is limited to the source for causing network congestion, it is ensured that the safety of the defence node.
5. the ddos attack initiative type safeguard technology and equipment being applied in CDN system described in 1 are required according to claim, it is special
Sign is:The regions module function is as follows:
(1) region is defined as trust region, distrusts region and attack region by this module, and is responsible for recording the defending against network institute
The safe condition of each node in the subnet domain at place, i.e. decision node are in safety zone or attack region;
(2) the region security information that other nodes are sent is received;
(3) regions module will safeguard that a inventory, content include trust region, distrust region and attack the net that region is included
Network node;
(4) regions module timing sends other network nodes the safe condition of the point.If do not received whithin a period of time
Directly attack region is added in those nodes by the safe condition of certain network nodes, until the point, which has, responds safe condition,
Using a sub- domain as the unit executed.
6. the ddos attack initiative type safeguard technology and equipment being applied in CDN system described in 1 are required according to claim, it is special
Sign is:The active defense mechanism operational process is as follows:
One, check whether the point is attacked or transferring attack package:
(1) if it's not true, it oneself is in a safe condition which, which is issued by packet and is recorded to all nodes, asks other nodes
Safety zone is added in the point;
(2) if any, which further checks the service for defending to be used needed for this attack;
Two, whether detecting can halt attacks:
(1) if the event that can halt attacks, the point be issued by packet recorded to all nodes oneself be it is in a safe condition,
Please other nodes trust region is added in the point, and inform that the source router that comes of the attack package is killed virus;
(2) if the event that cannot halt attacks, it oneself is to be in be attacked which is issued by package informs to all nodes
State asks other nodes to be added into attack region;If impotentia carries out action of giving out a contract for a project to the point, at this moment, all nodes are again
After one section of stand-by period, i.e., attack region is added in the point.
7. the ddos attack initiative type safeguard technology and equipment being applied in CDN system described in 1 are required according to claim, it is special
Sign is:Further include hardware device, the hardware device includes analysis module, defensive attack module, regions module, communication interface
Submodule and communication bus.
8. requiring the hardware device described in 7 according to claim, it is characterised in that:The analysis module carries out agreement point to flow
Analysis, and the agreement for arranging outflow is carried out, the defence is filtered particular network address data packet and is limited attack traffic,
The regions module divides the region of whole network, and records the safe condition of network node, communication interface
Module is responsible between modules through interface into row data communication, and the communication bus completes the analysis module, defensive attack
Module and the mutual communication of regions module, the equipment are communicated by communication bus with network management center, and given patch packet is downloaded.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810679868.7A CN108471428B (en) | 2018-06-27 | 2018-06-27 | DDoS attack active defense technology and equipment applied to CDN system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810679868.7A CN108471428B (en) | 2018-06-27 | 2018-06-27 | DDoS attack active defense technology and equipment applied to CDN system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108471428A true CN108471428A (en) | 2018-08-31 |
CN108471428B CN108471428B (en) | 2021-05-28 |
Family
ID=63259806
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810679868.7A Active CN108471428B (en) | 2018-06-27 | 2018-06-27 | DDoS attack active defense technology and equipment applied to CDN system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108471428B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116709338A (en) * | 2023-08-09 | 2023-09-05 | 深圳市南方硅谷半导体股份有限公司 | Wi-Fi access point capable of defending middleman MitM attack |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1384639A (en) * | 2002-06-11 | 2002-12-11 | 华中科技大学 | Distributed dynamic network security protecting system |
US20060288413A1 (en) * | 2005-06-17 | 2006-12-21 | Fujitsu Limited | Intrusion detection and prevention system |
CN103023924A (en) * | 2012-12-31 | 2013-04-03 | 网宿科技股份有限公司 | Content distribution network based DDoS (distributed denial of service) attack protecting method and content distribution network based DDoS attack protecting system for cloud distribution platform |
CN105897674A (en) * | 2015-11-25 | 2016-08-24 | 乐视云计算有限公司 | DDoS attack protection method applied to CDN server group and system |
CN107528904A (en) * | 2017-09-01 | 2017-12-29 | 星环信息科技(上海)有限公司 | Method and apparatus for data distribution formula abnormality detection |
CN108182581A (en) * | 2017-12-29 | 2018-06-19 | 北京欧链科技有限公司 | A kind of bookkeeping methods and device of block chain |
-
2018
- 2018-06-27 CN CN201810679868.7A patent/CN108471428B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1384639A (en) * | 2002-06-11 | 2002-12-11 | 华中科技大学 | Distributed dynamic network security protecting system |
US20060288413A1 (en) * | 2005-06-17 | 2006-12-21 | Fujitsu Limited | Intrusion detection and prevention system |
CN103023924A (en) * | 2012-12-31 | 2013-04-03 | 网宿科技股份有限公司 | Content distribution network based DDoS (distributed denial of service) attack protecting method and content distribution network based DDoS attack protecting system for cloud distribution platform |
CN105897674A (en) * | 2015-11-25 | 2016-08-24 | 乐视云计算有限公司 | DDoS attack protection method applied to CDN server group and system |
CN107528904A (en) * | 2017-09-01 | 2017-12-29 | 星环信息科技(上海)有限公司 | Method and apparatus for data distribution formula abnormality detection |
CN108182581A (en) * | 2017-12-29 | 2018-06-19 | 北京欧链科技有限公司 | A kind of bookkeeping methods and device of block chain |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116709338A (en) * | 2023-08-09 | 2023-09-05 | 深圳市南方硅谷半导体股份有限公司 | Wi-Fi access point capable of defending middleman MitM attack |
CN116709338B (en) * | 2023-08-09 | 2023-11-03 | 深圳市南方硅谷半导体股份有限公司 | Wi-Fi access point capable of defending middleman MitM attack |
Also Published As
Publication number | Publication date |
---|---|
CN108471428B (en) | 2021-05-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107888607A (en) | A kind of Cyberthreat detection method, device and network management device | |
Apiecionek et al. | Protection tool for distributed denial of services attack | |
CN103491060B (en) | A kind of method, apparatus and system of defence Web attacks | |
CN103139184A (en) | Intelligent network firewall device and network attack protection method | |
CN112087413B (en) | Network attack intelligent dynamic protection and trapping system and method based on active detection | |
CN103561004A (en) | Cooperative type active defense system based on honey nets | |
CN105516189B (en) | Network security enforcement system and method based on big data platform | |
CN113422779B (en) | Active security defense system based on centralized management and control | |
CN107566359A (en) | A kind of intelligent fire-proofing wall system and means of defence | |
Ujcich et al. | Causal Analysis for {Software-Defined} Networking Attacks | |
CN117614717A (en) | Whole-flow handling system and method based on network security alarm event | |
KR20020072618A (en) | Network based intrusion detection system | |
CN108471428A (en) | Applied to the ddos attack initiative type safeguard technology and equipment in CDN system | |
Prasad et al. | IP traceback for flooding attacks on Internet threat monitors (ITM) using Honeypots | |
CN116488923A (en) | Network attack scene construction method based on openstack | |
Li-Juan | Honeypot-based defense system research and design | |
Chovancová et al. | A clustered hybrid honeypot architecture | |
CN112291257B (en) | Platform dynamic defense method based on event driving and timing migration | |
Ghaleb et al. | A framework architecture for agentless cloud endpoint security monitoring | |
Khirwadkar | Defense against network attacks using game theory | |
CN109218315B (en) | Safety management method and safety management device | |
Klymash et al. | Monitoring of web service availability in distributed infocommunication systems | |
Fanfara et al. | Autonomous hybrid honeypot as the future of distributed computer systems security | |
Kim et al. | Active edge-tagging (ACT): An intruder identification and isolation scheme in active networks | |
Kotenko et al. | The software environment for multi-agent simulation of defense mechanisms against ddos attacks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |