WO2023125149A1 - Method and system for preventing ddos attack of "zombie" terminal - Google Patents

Method and system for preventing ddos attack of "zombie" terminal Download PDF

Info

Publication number
WO2023125149A1
WO2023125149A1 PCT/CN2022/140381 CN2022140381W WO2023125149A1 WO 2023125149 A1 WO2023125149 A1 WO 2023125149A1 CN 2022140381 W CN2022140381 W CN 2022140381W WO 2023125149 A1 WO2023125149 A1 WO 2023125149A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
zombie
card
connection management
internet
Prior art date
Application number
PCT/CN2022/140381
Other languages
French (fr)
Chinese (zh)
Inventor
张春燕
李俊
Original Assignee
天翼物联科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 天翼物联科技有限公司 filed Critical 天翼物联科技有限公司
Publication of WO2023125149A1 publication Critical patent/WO2023125149A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices

Definitions

  • the invention relates to the application field of the Internet of Things, in particular to a method and system for preventing DDOS attacks of "zombie" terminals.
  • the HSS server recognizes that it has been shut down or has been disassembled, the authentication fails, and the request is rejected, which leads to the deterioration of the wireless side access indicators, network congestion, and continuous consumption of network resources.
  • the decrease in communication success rate may even cause a large number of normal terminals to be unable to access the network, forming a network storm and affecting normal users' use of IoT services.
  • the purpose of the present invention is to provide a method and system for preventing DDOS attacks of "zombie" terminals, aiming at solving the problems of continuous consumption of network resources and reduced regional communication success rate caused by existing "zombie” terminals.
  • the HSS server receives and records the network bearer request initiated by the terminal, obtains the corresponding HSS error code based on the network bearer request, obtains the status information of the terminal based on the HSS error code, and determines whether the terminal satisfies If the preset number card determination conditions are met, the terminal is defined as a "zombie" terminal; if not, the terminal is determined to be normal and ends;
  • the HSS server After determining that the terminal is a "zombie" terminal, the HSS server obtains the IMEI code of the terminal, and sends the status information and the IMEI code of the terminal to the connection management platform;
  • connection management platform sends an instruction to close the communication function to the Internet of Things card of the terminal through the HSS server based on the received status information and IMEI code of the terminal;
  • the Internet of Things card executes the received command to close the communication function, closes the communication function of the terminal, and returns a closing result to the connection management platform, so that the connection management platform performs the closing result and status information based on the closing result and the status information.
  • the aforementioned IoT card is disassembled or shut down.
  • the technical problem to be solved by the present invention is to provide a system for preventing DDOS attacks of "zombie" terminals, which includes:
  • the HSS server is configured to receive and record a network bearer request initiated by a terminal, obtain a corresponding HSS error code based on the network bearer request, obtain state information of the terminal based on the HSS error code, and determine the Whether the terminal satisfies the preset number card determination conditions, if so, then define the terminal as a "zombie" terminal, if not, then determine that the terminal is normal and end; the HSS server determines that the terminal is a "zombie" terminal After "zombie” terminal, obtain the IMEI code of the terminal, and send the status information and IMEI code of the terminal to the connection management platform;
  • connection management platform is configured to issue an instruction to close the communication function to the Internet of Things card of the terminal through the HSS server based on the received status information and IMEI code of the terminal;
  • the Internet of Things card is used to execute the received instruction to close the communication function, close the communication function of the terminal, and return a closing result to the connection management platform, so that the connection management platform can use the closing result and status
  • the information performs dismantling or shutdown processing on the IoT card.
  • the embodiment of the present invention discloses a method and system for preventing DDOS attacks of "zombie" terminals, wherein the method includes: the HSS server receives and records the network bearer request initiated by the terminal, and obtains the corresponding HSS error based on the network bearer request code, and based on the HSS error code, obtain the status information of the terminal, and judge whether the terminal satisfies the preset number card determination condition, if so, define the terminal as a "zombie" terminal, if not If it is satisfied, it is determined that the terminal is normal and ends; after determining that the terminal is a "zombie” terminal, the HSS server obtains the IMEI code of the terminal, and sends the status information and IMEI code of the terminal to the connection management platform; the connection management platform is used to issue an instruction to close the communication function to the Internet of Things card of the terminal through the HSS server based on the received status information and IMEI code of the terminal; the Internet of Things card is used to To execute the
  • Fig. 1 is the flow diagram of the method for preventing "zombie" terminal DDOS attack that the embodiment of the present invention provides;
  • FIG. 2 is a schematic structural diagram of a system for preventing DDOS attacks of "zombie" terminals provided by an embodiment of the present invention.
  • FIG. 1 is a schematic flowchart of a method for preventing DDOS attacks on "zombie" terminals provided by an embodiment of the present invention
  • the method includes steps S101-S107.
  • the HSS server receives and records the network bearer request initiated by the terminal, and acquires a corresponding HSS error code based on the network bearer request, and acquires status information of the terminal based on the HSS error code;
  • the HSS server judges whether the terminal satisfies the preset number card judgment condition, if not, execute step S103, and if yes, execute step S104;
  • the HSS server obtains the IMEI code of the terminal, and sends the status information and the IMEI code of the terminal to the connection management platform;
  • connection management platform sends an instruction to close the communication function to the Internet of Things card of the terminal through the HSS server based on the received status information and IMEI code of the terminal;
  • the Internet of Things card executes the received command to close the communication function, closes the communication function of the terminal, and returns a closing result to the connection management platform, so that the connection management platform based on the closing result and status information Perform dismantling or shutdown processing on the IoT card.
  • the network request is that the terminal sends an attach request to the HSS server to request the establishment of a network bearer, and the HSS server will identify the network bearer after receiving the network bearer request. Whether there is a corresponding HSS error code in the network bearer request. If there is no HSS error code in the network bearer request, it means that the network bearer request is normal, and if there is an HSS error code in the network bearer request, it means that the network bearer request The request is abnormal, but whether the terminal is a "zombie" terminal, it is necessary to judge whether the terminal is a "zombie” terminal according to the number card determination conditions.
  • the HSS server pushes the terminal information to the connection management platform, and the IoT card in the terminal in the connection management platform issues a command to close the communication function, and the terminal communicates with the IoT card, and the communication function of the terminal is controlled by the IoT card to close , and finally close the terminal communication function, so as to prevent a large number of "zombie” terminals from impacting the network, deteriorating network indicators, and resulting in the inability of normal terminals to access.
  • connection management platform of the present application can manage all IoT cards of the Internet of Things, and the connection management platform can issue an instruction to close the communication function of the terminal to the IoT cards in the terminal, which can quickly realize code number management and control over the terminal.
  • this application can quickly identify “zombie” terminals from the source, completely solve the DDOS attacks initiated by "zombie” terminals, and significantly improve Area communication success rate.
  • the HSS server in step S101 receives and records the network bearer request initiated by the terminal, and obtains the corresponding HSS error code based on the network bearer request, including:
  • the S6A interface is the network element interface of the MME-HSS to obtain the corresponding HSS error code when the user initiates a request.
  • the HSS server When the terminal passes through the base station, MME, and arrives at the HSS server, the HSS server will detect Whether the networking card is dismantled or shut down, if the IoT card is dismantled or shut down, it will prevent the terminal from successfully building a network.
  • the acquisition of the status information of the terminal based on the HSS error code in the step S101 includes:
  • the HSS server detects the HSS error code, and judges the status type of the IoT card of the terminal, and if the status type of the IoT card of the terminal is a dismantling state, obtains dismantling status information; If the state type of the Internet of Things card of the terminal is a shutdown state, the shutdown state information is obtained.
  • This application performs different processing operations on the terminals of the Internet of Things card in different states, that is, it can determine the communication mode of the terminal according to the state of the number, and manage the terminal with the minimum resource consumption, which effectively improves the applicability and applicability of the method .
  • the judging whether the terminal satisfies the preset number card judging condition in the step S101 includes:
  • step S12 Determine whether the terminal continues to send the network bearer request within the preset time threshold. If the terminal continues to send the network bearer request within the preset time threshold, perform step S102. If the terminal does not send the network bearer request within the preset time threshold If the network bearer request is continuously sent within a period of time, step S103 is executed;
  • the terminal continues to send network bearer requests within a certain period of time, it can be quickly determined that the terminal is a "zombie" terminal.
  • Bearer request and the HSS server prevents the terminal from successfully building a network, it means that there is a corresponding HSS error code, so it can be determined that the terminal is a "zombie” terminal.
  • the step S104 includes:
  • state information is shutdown state information
  • send a reset command to the IoT card so that the IoT card returns successful reset information after responding to the reset command successfully
  • connection management The platform receives the recovery success information, and sends an instruction to close the communication function to the IoT card.
  • connection management platform directly sends an instruction to close the communication function, and for the terminal of the Internet of Things card in the shutdown state, the connection management platform needs to reset the Internet of Things card first , after receiving a successful recovery response, the connection management platform can execute the command to close the terminal communication module on the IoT card, so that the communication mode of the terminal can be determined according to the status of the number, and the terminal can be managed with the minimum resource consumption.
  • the step S105 includes:
  • the terminal sends a request command to the Internet of Things card in response to the command to close the communication function, so that the Internet of Things card sends the execution status and the generated data length of the request command to the terminal based on the request command ;
  • the terminal After receiving the execution state of executing the request command and the generated data length, the terminal sends a Fetch command to the Internet of Things card, so that the Internet of Things card sends a Fetch command to the terminal based on the Fetch command Send the status and target data of executing the Fetch command;
  • the terminal closes the communication function of the communication module based on the received status and target data of executing the Fetch command;
  • the IoT card sends a corresponding closure result to the connection management platform.
  • the purpose of closing the communication module is achieved through the interaction between the IoT card and the terminal.
  • the step S106 includes:
  • connection management platform receives the shutdown result and the disassembly status information, perform disassembly processing on the IoT card;
  • connection management platform If the connection management platform receives the shutdown result and shutdown status information, execute shutdown processing on the IoT card.
  • the connection management platform For a terminal with a number card in the disassembled state, before the connection management platform receives the CRM management system to disassemble the number card, it will issue a command to close the communication function of the terminal. After the terminal finishes executing, it will no longer initiate a network bearer request and return to close As a result, to the CAM management system, the CAM management system performs dismantling operations. In this way, the possibility that the terminal in the normal state becomes a "zombie" terminal is prevented.
  • the connection management platform For the terminal of the Internet of Things card in the shutdown state, the connection management platform first restarts the Internet of Things card, and after receiving a successful response, the connection management platform can execute the command to close the terminal communication module for the Internet of Things card, and the terminal is completed. , return the closing result to the CAM management system, and the CAM management system performs shutdown operation, that is, determines the communication mode of the terminal according to the status of the number, and manages the terminal with the minimum resource consumption.
  • the embodiment of the present invention also provides a system for preventing DDOS attacks of "zombie” terminals, the system for preventing DDOS attacks of "zombie” terminals is used to implement any embodiment of the method for preventing DDOS attacks of "zombie” terminals.
  • FIG. 2 is a schematic structural diagram of a system for preventing DDOS attacks of "zombie” terminals provided by an embodiment of the present invention.
  • the system for preventing DDOS attacks on "zombie" terminals includes:
  • the HSS server is configured to receive and record a network bearer request initiated by a terminal, obtain a corresponding HSS error code based on the network bearer request, obtain state information of the terminal based on the HSS error code, and determine the Whether the terminal satisfies the preset number card determination conditions, if so, then define the terminal as a "zombie" terminal, if not, then determine that the terminal is normal and end; the HSS server determines that the terminal is a "zombie" terminal After "zombie” terminal, obtain the IMEI code of the terminal, and send the status information and IMEI code of the terminal to the connection management platform;
  • connection management platform is configured to issue an instruction to close the communication function to the Internet of Things card of the terminal through the HSS server based on the received status information and IMEI code of the terminal;
  • the Internet of Things card is used to execute the received instruction to close the communication function, close the communication function of the terminal, and return a closing result to the connection management platform, so that the connection management platform can use the closing result and status
  • the information performs dismantling or shutdown processing on the IoT card.
  • the system can quickly identify “zombie” terminals from the source, completely solve the DDOS attacks initiated by "zombie” terminals, and significantly improve the success rate of regional communication.
  • the HSS server is further used to determine whether the terminal continues to send the network bearer request within the preset time threshold, and if the terminal continues to send the network bearer request within the preset time threshold, the The terminal is defined as a "zombie" terminal, and if the terminal does not continue to send the network bearer request within the preset time threshold, it is determined that the terminal is normal and ends.
  • connection management platform is also used to receive the status information and the IMEI code of the terminal, and if the status information is disassembly status information, it will directly send the information to the IoT card of the terminal. Close the communication function command;
  • the state information is shutdown status information
  • send a resumption command to the Internet of Things card of the terminal so that the Internet of Things card returns a resumption success message after successfully responding to the resumption instruction, and the connection management
  • the platform receives the recovery success information, and sends an instruction to close the communication function to the IoT card.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Disclosed in the present invention are a method and system for preventing a DDOS attack of a "zombie" terminal. The method comprises: an HSS server receiving and recording a network bearing request which is initiated by a terminal, acquiring a corresponding HSS error code, and state information of the terminal, and determining whether the terminal meets a preset number card determination condition; if so, defining the terminal as a "zombie" terminal; after the terminal is determined to be a "zombie" terminal, the HSS server acquiring an IMEI code of the terminal, and sending the IMEI code to a connection management platform; the connection management platform issuing a communication function disabling instruction to an Internet of Things card of the terminal; and the Internet of Things card executing the received communication function disabling instruction, disabling a communication function of the terminal, and returning a disabling result, such that the connection management platform executes dismantling or shutdown processing on the Internet of Things card. By means of the method, a "zombie" terminal is fundamentally and automatically found, and an operation of disabling a communication function module of the "zombie" terminal is performed, thereby thoroughly resolving a DDOS attack initiated by the "zombie" terminal, and greatly increasing the communication success rate of an area.

Description

防范“僵尸”终端DDOS攻击的方法以及***Method and system for preventing "zombie" terminal DDOS attack 技术领域technical field
本发明涉及物联网应用领域,尤其涉及一种防范“僵尸”终端DDOS攻击的方法以及***。The invention relates to the application field of the Internet of Things, in particular to a method and system for preventing DDOS attacks of "zombie" terminals.
背景技术Background technique
目前随着物联网行业的快速发展,电信物联网的用户数已经达到2亿以上的用户规模。随着用户规模的增多,对应的用户终端也在持续的增长。当用户出现物联网卡欠费停机、达量断网以及拆机的情况,此时若用户不能及时从终端里取出号卡,则物联网卡会在终端里持续发起网络请求,导致影响正常用户使用物联网业务。对于这种持续网络攻击的终端,可称为“僵尸”终端。At present, with the rapid development of the Internet of Things industry, the number of users of the Telecom Internet of Things has reached more than 200 million users. As the scale of users increases, corresponding user terminals also continue to grow. When the user encounters the situation of IoT card arrears shutdown, network disconnection and dismantling, if the user cannot take out the number card from the terminal in time, the IoT card will continue to initiate network requests in the terminal, which will affect normal users Use IoT for business. Terminals that continuously attack the network can be called "zombie" terminals.
当出现客户对于物联网卡已经不再使用,用户不能及时从终端里取出号卡或者受限于终端与物联网卡的一体化的设计,从而造成物联网卡持续对网络发起接入请求,但到了核心网HSS侧,HSS服务器识别到其已停机,或者已被拆机的状态,鉴权失败,拒绝该请求,从而导致了无线侧接入指标的恶化,网络拥塞,持续消耗网络资源,区域通信成功率降低,甚至会导致大量正常终端无法接入网络,形成网络风暴,影响正常用户使用物联网业务。When the customer no longer uses the IoT card, the user cannot take out the number card from the terminal in time or is limited by the integrated design of the terminal and the IoT card, resulting in the IoT card continuing to initiate access requests to the network, but On the HSS side of the core network, the HSS server recognizes that it has been shut down or has been disassembled, the authentication fails, and the request is rejected, which leads to the deterioration of the wireless side access indicators, network congestion, and continuous consumption of network resources. The decrease in communication success rate may even cause a large number of normal terminals to be unable to access the network, forming a network storm and affecting normal users' use of IoT services.
发明内容Contents of the invention
本发明的目的是提供一种防范“僵尸”终端DDOS攻击的方法以及***,旨在解决现有“僵尸”终端造成网络资源持续消耗,区域通信成功率降低的问题。The purpose of the present invention is to provide a method and system for preventing DDOS attacks of "zombie" terminals, aiming at solving the problems of continuous consumption of network resources and reduced regional communication success rate caused by existing "zombie" terminals.
为解决上述技术问题,本发明的目的是通过以下技术方案实现的:提供一种防范“僵尸”终端DDOS攻击的方法,其包括:In order to solve the above-mentioned technical problems, the purpose of the present invention is achieved through the following technical solutions: provide a method for preventing DDOS attacks on "zombie" terminals, which includes:
HSS服务器接收并记录由终端发起的网络承载请求,并基于所述网络承载请求获取对应的HSS错误码,并基于所述HSS错误码,获取所述终端的状态信息,并判断所述终端是否满足预设的号卡判定条件,若满足,则将所述终端定义为“僵尸”终端,若不满足,则判定所述终端正常并结束;The HSS server receives and records the network bearer request initiated by the terminal, obtains the corresponding HSS error code based on the network bearer request, obtains the status information of the terminal based on the HSS error code, and determines whether the terminal satisfies If the preset number card determination conditions are met, the terminal is defined as a "zombie" terminal; if not, the terminal is determined to be normal and ends;
在判定所述终端为“僵尸”终端后,所述HSS服务器获取所述终端的IMEI码,并将所述终端的状态信息、IMEI码发送至连接管理平台;After determining that the terminal is a "zombie" terminal, the HSS server obtains the IMEI code of the terminal, and sends the status information and the IMEI code of the terminal to the connection management platform;
所述连接管理平台基于接收的所述终端的状态信息、IMEI码,通过所述HSS服务器向所述终端的物联网卡下发关闭通信功能指令;The connection management platform sends an instruction to close the communication function to the Internet of Things card of the terminal through the HSS server based on the received status information and IMEI code of the terminal;
所述物联网卡执行接收的所述关闭通信功能指令,关闭所述终端的通信功能,并向所述连接管理平台返回关闭结果,使所述连接管理平台基于所述关闭结果和状态信息对所述物联网卡执行拆机或停机处理。The Internet of Things card executes the received command to close the communication function, closes the communication function of the terminal, and returns a closing result to the connection management platform, so that the connection management platform performs the closing result and status information based on the closing result and the status information. The aforementioned IoT card is disassembled or shut down.
另外,本发明要解决的技术问题是还在于提供一种防范“僵尸”终端DDOS攻击的***,其包括:In addition, the technical problem to be solved by the present invention is to provide a system for preventing DDOS attacks of "zombie" terminals, which includes:
HSS服务器,用于接收并记录由终端发起的网络承载请求,并基于所述网络承载请求获取对应的HSS错误码,并基于所述HSS错误码,获取所述终端的状态信息,并判断所述终端是否满足预设的号卡判定条件,若满足,则将所述终端定义为“僵尸”终端,若不满足,则判定所述终端正常并结束;所述HSS服务器在判定所述终端为“僵尸”终端后,获取所述终端的IMEI码,并将所述终端的状态信息、IMEI码发送至连接管理平台;The HSS server is configured to receive and record a network bearer request initiated by a terminal, obtain a corresponding HSS error code based on the network bearer request, obtain state information of the terminal based on the HSS error code, and determine the Whether the terminal satisfies the preset number card determination conditions, if so, then define the terminal as a "zombie" terminal, if not, then determine that the terminal is normal and end; the HSS server determines that the terminal is a "zombie" terminal After "zombie" terminal, obtain the IMEI code of the terminal, and send the status information and IMEI code of the terminal to the connection management platform;
所述连接管理平台,用于基于接收的所述终端的状态信息、IMEI码,通过所述HSS服务器向所述终端的物联网卡下发关闭通信功能指令;The connection management platform is configured to issue an instruction to close the communication function to the Internet of Things card of the terminal through the HSS server based on the received status information and IMEI code of the terminal;
所述物联网卡,用于执行接收的所述关闭通信功能指令,关闭所述终端的通信功能,并向所述连接管理平台返回关闭结果,使所述连接管理平台基于所述关闭结果和状态信息对所述物联网卡执行拆机或停机处理。The Internet of Things card is used to execute the received instruction to close the communication function, close the communication function of the terminal, and return a closing result to the connection management platform, so that the connection management platform can use the closing result and status The information performs dismantling or shutdown processing on the IoT card.
本发明实施例公开了一种防范“僵尸”终端DDOS攻击的方法以及***,其中,方法包括:HSS服务器接收并记录由终端发起的网络承载请求,并基于所述网络承载请求获取对应的HSS错误码,并基于所述HSS错误码,获取所述终端的状态信息,并判断所述终端是否满足预设的号卡判定条件,若满足,则将所述终端定义为“僵尸”终端,若不满足,则判定所述终端正常并结束;在判定所述终端为“僵尸”终端后,所述HSS服务器获取所述终端的IMEI码,并将所述终端的状态信息、IMEI码发送至连接管理平台;所述连接管理平台,用于基于接收的所述终端的状态信息、IMEI码,通过所述HSS服务器向所述终端的物联网卡下发关闭通信功能指令;所述物联网卡,用于执行接收的所述关闭通信功能指令,关闭所述终端的通信功能,并向所述连接管理平台返回关闭结果,使所述连接管理平台基于所述关闭结果和状态信息对所述物联网卡执行拆机或停机 处理。该方法从根本上自动化的发现该类“僵尸”终端并对其进行关闭通信功能模块的操作,彻底解决“僵尸”终端发起DDOS攻击,显著提高区域的通信成功率。The embodiment of the present invention discloses a method and system for preventing DDOS attacks of "zombie" terminals, wherein the method includes: the HSS server receives and records the network bearer request initiated by the terminal, and obtains the corresponding HSS error based on the network bearer request code, and based on the HSS error code, obtain the status information of the terminal, and judge whether the terminal satisfies the preset number card determination condition, if so, define the terminal as a "zombie" terminal, if not If it is satisfied, it is determined that the terminal is normal and ends; after determining that the terminal is a "zombie" terminal, the HSS server obtains the IMEI code of the terminal, and sends the status information and IMEI code of the terminal to the connection management platform; the connection management platform is used to issue an instruction to close the communication function to the Internet of Things card of the terminal through the HSS server based on the received status information and IMEI code of the terminal; the Internet of Things card is used to To execute the received command to close the communication function, close the communication function of the terminal, and return the closing result to the connection management platform, so that the connection management platform can update the Internet of Things card based on the closing result and status information. Perform teardown or shutdown processing. This method fundamentally automatically discovers such "zombie" terminals and closes the communication function module, completely solves the DDOS attack initiated by the "zombie" terminal, and significantly improves the success rate of regional communication.
附图说明Description of drawings
为了更清楚地说明本发明实施例技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the technical solutions of the embodiments of the present invention more clearly, the drawings that need to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are some embodiments of the present invention. Ordinary technicians can also obtain other drawings based on these drawings on the premise of not paying creative work.
图1为本发明实施例提供的防范“僵尸”终端DDOS攻击的方法的流程示意图;Fig. 1 is the flow diagram of the method for preventing "zombie" terminal DDOS attack that the embodiment of the present invention provides;
图2为本发明实施例提供的防范“僵尸”终端DDOS攻击的***的结构示意图。FIG. 2 is a schematic structural diagram of a system for preventing DDOS attacks of "zombie" terminals provided by an embodiment of the present invention.
具体实施方式Detailed ways
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are some of the embodiments of the present invention, but not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.
应当理解,当在本说明书和所附权利要求书中使用时,术语“包括”和“包含”指示所描述特征、整体、步骤、操作、元素和/或组件的存在,但并不排除一个或多个其它特征、整体、步骤、操作、元素、组件和/或其集合的存在或添加。It should be understood that when used in this specification and the appended claims, the terms "comprising" and "comprises" indicate the presence of described features, integers, steps, operations, elements and/or components, but do not exclude one or Presence or addition of multiple other features, integers, steps, operations, elements, components and/or collections thereof.
还应当理解,在此本发明说明书中所使用的术语仅仅是出于描述特定实施例的目的而并不意在限制本发明。如在本发明说明书和所附权利要求书中所使用的那样,除非上下文清楚地指明其它情况,否则单数形式的“一”、“一个”及“该”意在包括复数形式。It should also be understood that the terminology used in the description of the present invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the present invention. As used in this specification and the appended claims, the singular forms "a", "an" and "the" are intended to include plural referents unless the context clearly dictates otherwise.
还应当进一步理解,在本发明说明书和所附权利要求书中使用的术语“和/或”是指相关联列出的项中的一个或多个的任何组合以及所有可能组合,并且包括这些组合。It should also be further understood that the term "and/or" used in the description of the present invention and the appended claims refers to any combination and all possible combinations of one or more of the associated listed items, and includes these combinations .
请参阅图1,图1为本发明实施例提供的防范“僵尸”终端DDOS攻击的方法的流程示意图;Please refer to FIG. 1, which is a schematic flowchart of a method for preventing DDOS attacks on "zombie" terminals provided by an embodiment of the present invention;
如图1所示,该方法包括步骤S101~S107。As shown in Fig. 1, the method includes steps S101-S107.
S101、HSS服务器接收并记录由终端发起的网络承载请求,并基于所述网络承载请求获取对应的HSS错误码,并基于所述HSS错误码,获取所述终端的状态信息;S101. The HSS server receives and records the network bearer request initiated by the terminal, and acquires a corresponding HSS error code based on the network bearer request, and acquires status information of the terminal based on the HSS error code;
S102、所述HSS服务器判断所述终端是否满足预设的号卡判定条件,若不满足,则执行步骤S103,若满足,则执行步骤S104;S102. The HSS server judges whether the terminal satisfies the preset number card judgment condition, if not, execute step S103, and if yes, execute step S104;
S103、判定所述终端正常,并结束;S103. Determine that the terminal is normal, and end;
S104、将所述终端定义为“僵尸”终端,并执行步骤S105;S104. Define the terminal as a "zombie" terminal, and perform step S105;
S105、所述HSS服务器获取所述终端的IMEI码,并将所述终端的状态信息、IMEI码发送至连接管理平台;S105. The HSS server obtains the IMEI code of the terminal, and sends the status information and the IMEI code of the terminal to the connection management platform;
S106、所述连接管理平台基于接收的所述终端的状态信息、IMEI码,通过所述HSS服务器向所述终端的物联网卡下发关闭通信功能指令;S106. The connection management platform sends an instruction to close the communication function to the Internet of Things card of the terminal through the HSS server based on the received status information and IMEI code of the terminal;
S107、所述物联网卡执行接收的所述关闭通信功能指令,关闭所述终端的通信功能,并向所述连接管理平台返回关闭结果,使所述连接管理平台基于所述关闭结果和状态信息对所述物联网卡执行拆机或停机处理。S107. The Internet of Things card executes the received command to close the communication function, closes the communication function of the terminal, and returns a closing result to the connection management platform, so that the connection management platform based on the closing result and status information Perform dismantling or shutdown processing on the IoT card.
在本实施例中,由于物联网卡会在终端里持续发起网络请求,该网络请求是终端向HSS服务器发送附着请求,请求建立网络承载,HSS服务器在接收到网络承载请求后,会识别所述网络承载请求是否存在对应的HSS错误码,若所述网络承载请求不存在HSS错误码,则说明该网络承载请求是正常的,而若所述网络承载请求存在HSS错误码,则说明该网络承载请求是异常的,但所述终端是否是“僵尸”终端,还需要根据号卡判定条件判断该终端是否是“僵尸”终端,在识别出“僵尸”终端后,利用该终端的IMEI码来标识该终端,HSS服务器推送该终端信息至连接管理平台,连接管理平台内终端内的物联网卡下发关闭通信功能指令,终端与物联网卡进行通信交互,通过物联网卡控制终端的通信功能关闭,最终关闭终端通信功能,从而防止大量的“僵尸”终端冲击网络,恶化网络指标,导致正常终端无法接入的情况。In this embodiment, since the Internet of Things card will continuously initiate a network request in the terminal, the network request is that the terminal sends an attach request to the HSS server to request the establishment of a network bearer, and the HSS server will identify the network bearer after receiving the network bearer request. Whether there is a corresponding HSS error code in the network bearer request. If there is no HSS error code in the network bearer request, it means that the network bearer request is normal, and if there is an HSS error code in the network bearer request, it means that the network bearer request The request is abnormal, but whether the terminal is a "zombie" terminal, it is necessary to judge whether the terminal is a "zombie" terminal according to the number card determination conditions. After the "zombie" terminal is identified, use the IMEI code of the terminal to identify it For the terminal, the HSS server pushes the terminal information to the connection management platform, and the IoT card in the terminal in the connection management platform issues a command to close the communication function, and the terminal communicates with the IoT card, and the communication function of the terminal is controlled by the IoT card to close , and finally close the terminal communication function, so as to prevent a large number of "zombie" terminals from impacting the network, deteriorating network indicators, and resulting in the inability of normal terminals to access.
需要说明的是,本申请的连接管理平台能够对物联网的所有物联网卡进行管理,连接管理平台对终端内的物联网卡下发关闭终端的通信功能的指令,能够快速实现码号的管理和对终端的控制。It should be noted that the connection management platform of the present application can manage all IoT cards of the Internet of Things, and the connection management platform can issue an instruction to close the communication function of the terminal to the IoT cards in the terminal, which can quickly realize code number management and control over the terminal.
相对于现有通过建立并强化物联网终端入网检测的方式减少“僵尸”终端发起的DDOS攻击次数,本申请可以快速从源头识别“僵尸”终端,彻底解决“僵尸”终端发起DDOS攻击,显著提升区域的通信成功率。Compared with the existing method of reducing the number of DDOS attacks initiated by "zombie" terminals by establishing and strengthening the network access detection of IoT terminals, this application can quickly identify "zombie" terminals from the source, completely solve the DDOS attacks initiated by "zombie" terminals, and significantly improve Area communication success rate.
在一具体实施例中,所述步骤S101中所述HSS服务器接收并记录由终端发起的网络承载请求,并基于所述网络承载请求获取对应的HSS错误码,包括:In a specific embodiment, the HSS server in step S101 receives and records the network bearer request initiated by the terminal, and obtains the corresponding HSS error code based on the network bearer request, including:
S10、基于从物联网专网信令和业务感知信息采集数据规范中采集到的S6A接口数 据,获取对应的HSS错误码。S10. Obtain a corresponding HSS error code based on the S6A interface data collected from the Internet of Things private network signaling and service perception information collection data specification.
在本实施例中,需要说明的是,S6A接口即MME-HSS的网元接口,以获取用户发起请求时对应的HSS错误码,终端经过基站,MME,到达HSS服务器时,HSS服务器会检测物联网卡是否被拆机或停机,若物联网卡存在拆机或停机,则阻止该终端成功建网。In this embodiment, it should be noted that the S6A interface is the network element interface of the MME-HSS to obtain the corresponding HSS error code when the user initiates a request. When the terminal passes through the base station, MME, and arrives at the HSS server, the HSS server will detect Whether the networking card is dismantled or shut down, if the IoT card is dismantled or shut down, it will prevent the terminal from successfully building a network.
在一具体实施例中,所述步骤S101中所述基于所述HSS错误码,获取所述终端的状态信息,包括:In a specific embodiment, the acquisition of the status information of the terminal based on the HSS error code in the step S101 includes:
S11、所述HSS服务器对所述HSS错误码进行检测,判断所述终端的物联网卡的状态类型,若所述终端的物联网卡的状态类型为拆机状态,则得到拆机状态信息;若所述终端的物联网卡的状态类型为停机状态,则得到停机状态信息。S11. The HSS server detects the HSS error code, and judges the status type of the IoT card of the terminal, and if the status type of the IoT card of the terminal is a dismantling state, obtains dismantling status information; If the state type of the Internet of Things card of the terminal is a shutdown state, the shutdown state information is obtained.
本申请对于不同状态的物联网卡的终端进行不同的处理操作,即能够根据号码的状态决定终端的通信模式,以最小的资源消耗去管理终端,有效的提高了该方法的适用性和适用性。This application performs different processing operations on the terminals of the Internet of Things card in different states, that is, it can determine the communication mode of the terminal according to the state of the number, and manage the terminal with the minimum resource consumption, which effectively improves the applicability and applicability of the method .
在一具体实施例中,所述步骤S101中所述判断所述终端是否满足预设的号卡判定条件,包括:In a specific embodiment, the judging whether the terminal satisfies the preset number card judging condition in the step S101 includes:
S12、判断所述终端是否在预设时间阈值内持续发送网络承载请求,若所述终端在预设时间阈值内持续发送网络承载请求,则执行步骤S102,若所述终端未在预设时间阈值内持续发送网络承载请求,则执行步骤S103;S12. Determine whether the terminal continues to send the network bearer request within the preset time threshold. If the terminal continues to send the network bearer request within the preset time threshold, perform step S102. If the terminal does not send the network bearer request within the preset time threshold If the network bearer request is continuously sent within a period of time, step S103 is executed;
在本实施例中,若是终端在一定时间范围内持续不间断发送网络承载请求,则可以快速判定该终端为“僵尸”终端,例如根据实际情况,通过大数据统计分析,三个月持续发起网络承载请求,且HSS服务器阻止该终端成功建网,则说明存在对应的HSS错误码,故可以判定该终端为“僵尸”终端。In this embodiment, if the terminal continues to send network bearer requests within a certain period of time, it can be quickly determined that the terminal is a "zombie" terminal. Bearer request, and the HSS server prevents the terminal from successfully building a network, it means that there is a corresponding HSS error code, so it can be determined that the terminal is a "zombie" terminal.
在一具体实施例中,所述步骤S104,包括:In a specific embodiment, the step S104 includes:
S20、接收所述终端的状态信息、IMEI码;S20. Receive the status information and IMEI code of the terminal;
S21、若所述状态信息为拆机状态信息,则直接向所述物联网卡下发关闭通信功能指令;S21. If the status information is disassembly status information, directly send an instruction to disable the communication function to the IoT card;
S22、若所述状态信息为停机状态信息,则向所述物联网卡下发复机指令,使所述物联网卡在响应所述复机指令成功后返回复机成功信息,所述连接管理平台接收所述复机成功信息,并向所述物联网卡下发关闭通信功能指令。S22. If the state information is shutdown state information, send a reset command to the IoT card, so that the IoT card returns successful reset information after responding to the reset command successfully, and the connection management The platform receives the recovery success information, and sends an instruction to close the communication function to the IoT card.
在本实施例中,对于拆机状态的物联网卡的终端,连接管理平台直接发送关闭通信 功能指令,而对于停机状态的物联网卡的终端,连接管理平台需要先对物联网卡进行复机,收到复机成功的响应后,连接管理平台才能对物联网卡执行关闭终端通信模块的指令,使得能够根据号码的状态决定终端的通信模式,以最小的资源消耗去管理终端。In this embodiment, for the terminal of the Internet of Things card in the disassembled state, the connection management platform directly sends an instruction to close the communication function, and for the terminal of the Internet of Things card in the shutdown state, the connection management platform needs to reset the Internet of Things card first , after receiving a successful recovery response, the connection management platform can execute the command to close the terminal communication module on the IoT card, so that the communication mode of the terminal can be determined according to the status of the number, and the terminal can be managed with the minimum resource consumption.
在一具体实施例中,所述步骤S105,包括:In a specific embodiment, the step S105 includes:
S30、所述终端响应所述关闭通信功能指令,向物联网卡发送请求命令,使所述物联网卡基于所述请求命令向所述终端发送执行所述请求命令的执行状态和产生的数据长度;S30. The terminal sends a request command to the Internet of Things card in response to the command to close the communication function, so that the Internet of Things card sends the execution status and the generated data length of the request command to the terminal based on the request command ;
S31、所述终端在接收到所述执行所述请求命令的执行状态和产生的数据长度后,向所述物联网卡发送Fetch命令,使所述物联网卡基于所述Fetch命令向所述终端发送执行所述Fetch命令的状态及目标数据;S31. After receiving the execution state of executing the request command and the generated data length, the terminal sends a Fetch command to the Internet of Things card, so that the Internet of Things card sends a Fetch command to the terminal based on the Fetch command Send the status and target data of executing the Fetch command;
S32、所述终端基于接收的所述执行所述Fetch命令的状态及目标数据,关闭通信模块的通信功能;S32. The terminal closes the communication function of the communication module based on the received status and target data of executing the Fetch command;
S33、所述物联网卡将对应的关闭结果发送至所述连接管理平台。S33. The IoT card sends a corresponding closure result to the connection management platform.
在本实施例中,通过物联网卡和终端的交互,实现关闭通信模块的目的。In this embodiment, the purpose of closing the communication module is achieved through the interaction between the IoT card and the terminal.
在一具体实施例中,所述步骤S106,包括:In a specific embodiment, the step S106 includes:
S40、若所述连接管理平台接收到关闭结果和拆机状态信息,则对所述物联网卡执行拆机处理;S40. If the connection management platform receives the shutdown result and the disassembly status information, perform disassembly processing on the IoT card;
S41、若所述连接管理平台接收到关闭结果和停机状态信息,则对所述物联网卡执行停机处理。S41. If the connection management platform receives the shutdown result and shutdown status information, execute shutdown processing on the IoT card.
对于拆机状态的号卡的终端,连接管理平台接收到CRM管理***要对该号卡进行拆机前,对终端发起关闭通信功能指令,终端执行完毕,不再发起网络承载请求,并返回关闭结果到CAM管理***,CAM管理***进行拆机操作,通过这种方式,防止正常状态的终端成为“僵尸”终端的可能性。For a terminal with a number card in the disassembled state, before the connection management platform receives the CRM management system to disassemble the number card, it will issue a command to close the communication function of the terminal. After the terminal finishes executing, it will no longer initiate a network bearer request and return to close As a result, to the CAM management system, the CAM management system performs dismantling operations. In this way, the possibility that the terminal in the normal state becomes a "zombie" terminal is prevented.
对于停机状态的物联网卡的终端,连接管理平台先对物联网卡进行复机,收到复机成功的响应后,连接管理平台才能对物联网卡执行关闭终端通信模块的指令,终端执行完毕,返回关闭结果到CAM管理***,CAM管理***进行停机操作,即根据号码的状态决定终端的通信模式,以最小的资源消耗去管理终端。For the terminal of the Internet of Things card in the shutdown state, the connection management platform first restarts the Internet of Things card, and after receiving a successful response, the connection management platform can execute the command to close the terminal communication module for the Internet of Things card, and the terminal is completed. , return the closing result to the CAM management system, and the CAM management system performs shutdown operation, that is, determines the communication mode of the terminal according to the status of the number, and manages the terminal with the minimum resource consumption.
本发明实施例还提供一种防范“僵尸”终端DDOS攻击的***,该防范“僵尸”终端DDOS攻击的***用于执行前述防范“僵尸”终端DDOS攻击的方法的任一实施例。具体地,请参阅图2,图2是本发明实施例提供的防范“僵尸”终端DDOS攻击的*** 的结构示意图。The embodiment of the present invention also provides a system for preventing DDOS attacks of "zombie" terminals, the system for preventing DDOS attacks of "zombie" terminals is used to implement any embodiment of the method for preventing DDOS attacks of "zombie" terminals. Specifically, please refer to FIG. 2, which is a schematic structural diagram of a system for preventing DDOS attacks of "zombie" terminals provided by an embodiment of the present invention.
如图2所示,防范“僵尸”终端DDOS攻击的***,包括:As shown in Figure 2, the system for preventing DDOS attacks on "zombie" terminals includes:
HSS服务器,用于接收并记录由终端发起的网络承载请求,并基于所述网络承载请求获取对应的HSS错误码,并基于所述HSS错误码,获取所述终端的状态信息,并判断所述终端是否满足预设的号卡判定条件,若满足,则将所述终端定义为“僵尸”终端,若不满足,则判定所述终端正常并结束;所述HSS服务器在判定所述终端为“僵尸”终端后,获取所述终端的IMEI码,并将所述终端的状态信息、IMEI码发送至连接管理平台;The HSS server is configured to receive and record a network bearer request initiated by a terminal, obtain a corresponding HSS error code based on the network bearer request, obtain state information of the terminal based on the HSS error code, and determine the Whether the terminal satisfies the preset number card determination conditions, if so, then define the terminal as a "zombie" terminal, if not, then determine that the terminal is normal and end; the HSS server determines that the terminal is a "zombie" terminal After "zombie" terminal, obtain the IMEI code of the terminal, and send the status information and IMEI code of the terminal to the connection management platform;
所述连接管理平台,用于基于接收的所述终端的状态信息、IMEI码,通过所述HSS服务器向所述终端的物联网卡下发关闭通信功能指令;The connection management platform is configured to issue an instruction to close the communication function to the Internet of Things card of the terminal through the HSS server based on the received status information and IMEI code of the terminal;
所述物联网卡,用于执行接收的所述关闭通信功能指令,关闭所述终端的通信功能,并向所述连接管理平台返回关闭结果,使所述连接管理平台基于所述关闭结果和状态信息对所述物联网卡执行拆机或停机处理。The Internet of Things card is used to execute the received instruction to close the communication function, close the communication function of the terminal, and return a closing result to the connection management platform, so that the connection management platform can use the closing result and status The information performs dismantling or shutdown processing on the IoT card.
该***可以快速从源头识别“僵尸”终端,彻底解决“僵尸”终端发起DDOS攻击,显著提升区域的通信成功率。The system can quickly identify "zombie" terminals from the source, completely solve the DDOS attacks initiated by "zombie" terminals, and significantly improve the success rate of regional communication.
在一具体实施例中,所述HSS服务器,还用于判断所述终端是否在预设时间阈值内持续发送网络承载请求,若所述终端在预设时间阈值内持续发送网络承载请求,则将所述终端定义为“僵尸”终端,若所述终端未在预设时间阈值内持续发送网络承载请求,则判定所述终端正常并结束。In a specific embodiment, the HSS server is further used to determine whether the terminal continues to send the network bearer request within the preset time threshold, and if the terminal continues to send the network bearer request within the preset time threshold, the The terminal is defined as a "zombie" terminal, and if the terminal does not continue to send the network bearer request within the preset time threshold, it is determined that the terminal is normal and ends.
在一具体实施例中,所述连接管理平台,还用于接收所述终端的状态信息、IMEI码,若所述状态信息为拆机状态信息,则直接向所述终端的物联网卡下发关闭通信功能指令;In a specific embodiment, the connection management platform is also used to receive the status information and the IMEI code of the terminal, and if the status information is disassembly status information, it will directly send the information to the IoT card of the terminal. Close the communication function command;
若所述状态信息为停机状态信息,则向所述终端的物联网卡下发复机指令,使所述物联网卡在响应所述复机指令成功后返回复机成功信息,所述连接管理平台接收所述复机成功信息,并向所述物联网卡下发关闭通信功能指令。If the state information is shutdown status information, then send a resumption command to the Internet of Things card of the terminal, so that the Internet of Things card returns a resumption success message after successfully responding to the resumption instruction, and the connection management The platform receives the recovery success information, and sends an instruction to close the communication function to the IoT card.
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,上述描述的***和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the above-described system and units can refer to the corresponding process in the foregoing method embodiments, which will not be repeated here.
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到各种等效的修改或替换,这些修改或替换都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应 以权利要求的保护范围为准。The above is only a specific embodiment of the present invention, but the protection scope of the present invention is not limited thereto. Any person familiar with the technical field can easily think of various equivalents within the technical scope disclosed in the present invention. Modifications or replacements shall all fall within the protection scope of the present invention. Therefore, the protection scope of the present invention should be based on the protection scope of the claims.

Claims (10)

  1. 一种防范“僵尸”终端DDOS攻击的方法,其特征在于,包括:A method for guarding against "zombie" terminal DDOS attacks, characterized in that it comprises:
    HSS服务器接收并记录由终端发起的网络承载请求,并基于所述网络承载请求获取对应的HSS错误码,并基于所述HSS错误码,获取所述终端的状态信息,并判断所述终端是否满足预设的号卡判定条件,若满足,则将所述终端定义为“僵尸”终端,若不满足,则判定所述终端正常并结束;The HSS server receives and records the network bearer request initiated by the terminal, obtains the corresponding HSS error code based on the network bearer request, obtains the status information of the terminal based on the HSS error code, and determines whether the terminal satisfies If the preset number card determination conditions are met, the terminal is defined as a "zombie" terminal; if not, the terminal is determined to be normal and ends;
    在判定所述终端为“僵尸”终端后,所述HSS服务器获取所述终端的IMEI码,并将所述终端的状态信息、IMEI码发送至连接管理平台;After determining that the terminal is a "zombie" terminal, the HSS server obtains the IMEI code of the terminal, and sends the status information and the IMEI code of the terminal to the connection management platform;
    所述连接管理平台基于接收的所述终端的状态信息、IMEI码,通过所述HSS服务器向所述终端的物联网卡下发关闭通信功能指令;The connection management platform sends an instruction to close the communication function to the Internet of Things card of the terminal through the HSS server based on the received status information and IMEI code of the terminal;
    所述物联网卡执行接收的所述关闭通信功能指令,关闭所述终端的通信功能,并向所述连接管理平台返回关闭结果,使所述连接管理平台基于所述关闭结果和状态信息对所述物联网卡执行拆机或停机处理。The Internet of Things card executes the received command to close the communication function, closes the communication function of the terminal, and returns a closing result to the connection management platform, so that the connection management platform performs the closing result and status information based on the closing result and the status information. The aforementioned IoT card is disassembled or shut down.
  2. 根据权利要求1所述的防范“僵尸”终端DDOS攻击的方法,其特征在于,所述HSS服务器接收并记录由终端发起的网络承载请求,并基于所述网络承载请求获取对应的HSS错误码,包括:The method for preventing DDOS attacks of "zombie" terminals according to claim 1, wherein the HSS server receives and records the network bearer request initiated by the terminal, and obtains the corresponding HSS error code based on the network bearer request, include:
    基于从物联网专网信令和业务感知信息采集数据规范中采集到的S6A接口数据,获取对应的HSS错误码。Based on the S6A interface data collected from the Internet of Things private network signaling and service perception information collection data specification, the corresponding HSS error code is obtained.
  3. 根据权利要求2所述的防范“僵尸”终端DDOS攻击的方法,其特征在于,所述基于所述HSS错误码,获取所述终端的状态信息,包括:The method for preventing DDOS attacks of "zombie" terminals according to claim 2, wherein said acquiring state information of said terminal based on said HSS error code comprises:
    所述HSS服务器对所述HSS错误码进行检测,判断所述终端的物联网卡的状态类型,若所述终端的物联网卡的状态类型为拆机状态,则得到拆机状态信息;若所述终端的物联网卡的状态类型为停机状态,则得到停机状态信息。The HSS server detects the HSS error code, and judges the state type of the Internet of Things card of the terminal, and if the state type of the Internet of Things card of the terminal is a dismantling state, then obtains dismantling state information; if the If the state type of the Internet of Things card of the above-mentioned terminal is the shutdown state, the shutdown state information is obtained.
  4. 根据权利要求3所述的防范“僵尸”终端DDOS攻击的方法,其特征在于,所述判断所述终端是否满足预设的号卡判定条件,若满足,则将所述终端定义为“僵尸”终端,若不满足,则判定所述终端正常并结束,包括:The method for preventing DDOS attacks of "zombie" terminals according to claim 3, wherein said judging whether said terminal satisfies a preset number card determination condition, and if so, defining said terminal as a "zombie" If the terminal is not satisfied, it is determined that the terminal is normal and ends, including:
    判断所述终端是否在预设时间阈值内持续发送网络承载请求,若所述终端在预设时间阈值内持续发送网络承载请求,则将所述终端定义为“僵尸”终端,若所述终端未在预设时间阈值内持续发送网络承载请求,则判定所述终端正常并结束。Judging whether the terminal continues to send the network bearer request within the preset time threshold, if the terminal continues to send the network bearer request within the preset time threshold, define the terminal as a "zombie" terminal, if the terminal does not If the network bearer request is continuously sent within the preset time threshold, it is determined that the terminal is normal and ends.
  5. 根据权利要求3所述的防范“僵尸”终端DDOS攻击的方法,其特征在于,所述连接管理平台基于接收的所述终端的状态信息、IMEI码,通过所述HSS服务器向所述终端的物联网卡下发关闭通信功能指令,包括:The method for preventing DDOS attacks of "zombie" terminals according to claim 3, characterized in that, the connection management platform, based on the received status information and IMEI code of the terminal, sends the physical information of the terminal to the terminal through the HSS server. The network card issues a command to close the communication function, including:
    接收所述终端的状态信息、IMEI码,若所述状态信息为拆机状态信息,则直接向所述终端的物联网卡下发关闭通信功能指令;Receive the status information and IMEI code of the terminal, if the status information is disassembly status information, then directly issue a command to close the communication function to the Internet of Things card of the terminal;
    若所述状态信息为停机状态信息,则向所述终端的物联网卡下发复机指令,使所述物联网卡在响应所述复机指令成功后返回复机成功信息,所述连接管理平台接收所述复机成功信息,并向所述物联网卡下发关闭通信功能指令。If the state information is shutdown status information, then send a resumption command to the Internet of Things card of the terminal, so that the Internet of Things card returns a resumption success message after successfully responding to the resumption instruction, and the connection management The platform receives the recovery success information, and sends an instruction to close the communication function to the IoT card.
  6. 根据权利要求1所述的防范“僵尸”终端DDOS攻击的方法,其特征在于,所述物联网卡执行接收的所述关闭通信功能指令,关闭所述终端的通信功能,并向所述连接管理平台返回关闭结果,包括:The method for preventing DDOS attacks on "zombie" terminals according to claim 1, wherein the IoT card executes the received instruction to close the communication function, closes the communication function of the terminal, and sends a message to the connection management The platform returns closing results, including:
    所述终端向所述物联网卡发送请求命令,使所述物联网卡基于所述请求命令向所述终端发送执行所述请求命令的执行状态和产生的数据长度;The terminal sends a request command to the Internet of Things card, so that the Internet of Things card sends an execution status of executing the request command and a generated data length to the terminal based on the request command;
    所述终端在接收到所述执行所述请求命令的执行状态和产生的数据长度后,向所述物联网卡发送Fetch命令,使所述物联网卡基于所述Fetch命令向所述终端发送执行所述Fetch命令的状态及目标数据;After the terminal receives the execution state of executing the request command and the generated data length, it sends a Fetch command to the IoT card, so that the IoT card sends an execution command to the terminal based on the Fetch command. State and target data of the Fetch command;
    所述终端基于接收的所述执行所述Fetch命令的状态及目标数据,关闭通信功能;The terminal closes the communication function based on the received status and target data of executing the Fetch command;
    所述物联网卡将对应的关闭结果发送至所述连接管理平台。The IoT card sends the corresponding closure result to the connection management platform.
  7. 根据权利要求5所述的防范“僵尸”终端DDOS攻击的方法,其特征在于,所述连接管理平台基于所述关闭结果和状态信息对所述物联网卡执行拆机或停机处理,包括:The method for preventing DDOS attacks on "zombie" terminals according to claim 5, wherein the connection management platform performs dismantling or shutdown processing on the IoT card based on the closing result and status information, including:
    若所述连接管理平台接收到关闭结果和拆机状态信息,则对所述物联网卡执行拆机处理;If the connection management platform receives the closing result and the dismantling status information, then disassemble the IoT card;
    若所述连接管理平台接收到关闭结果和停机状态信息,则对所述物联网卡执行停机处理。If the connection management platform receives the shutdown result and shutdown status information, it executes shutdown processing on the IoT card.
  8. 一种防范“僵尸”终端DDOS攻击的***,其特征在于,包括:A system for preventing DDOS attacks on "zombie" terminals, characterized in that it includes:
    HSS服务器,用于接收并记录由终端发起的网络承载请求,并基于所述网络承载请求获取对应的HSS错误码,并基于所述HSS错误码,获取所述终端的状态信息,并判断所述终端是否满足预设的号卡判定条件,若满足,则将所述终端定义为“僵尸”终端,若不满足,则判定所述终端正常并结束;所述HSS服务器在判定所述终端为“僵尸”终端后,获取所述终端的IMEI码,并将所述终端的状态信息、IMEI码发送至连接管理 平台;The HSS server is configured to receive and record a network bearer request initiated by a terminal, obtain a corresponding HSS error code based on the network bearer request, obtain state information of the terminal based on the HSS error code, and determine the Whether the terminal satisfies the preset number card determination conditions, if so, then define the terminal as a "zombie" terminal, if not, then determine that the terminal is normal and end; the HSS server determines that the terminal is a "zombie" terminal After "zombie" terminal, obtain the IMEI code of the terminal, and send the status information and IMEI code of the terminal to the connection management platform;
    所述连接管理平台,用于基于接收的所述终端的状态信息、IMEI码,通过所述HSS服务器向所述终端的物联网卡下发关闭通信功能指令;The connection management platform is configured to issue an instruction to close the communication function to the Internet of Things card of the terminal through the HSS server based on the received status information and IMEI code of the terminal;
    所述物联网卡,用于执行接收的所述关闭通信功能指令,关闭所述终端的通信功能,并向所述连接管理平台返回关闭结果,使所述连接管理平台基于所述关闭结果和状态信息对所述物联网卡执行拆机或停机处理。The Internet of Things card is used to execute the received instruction to close the communication function, close the communication function of the terminal, and return a closing result to the connection management platform, so that the connection management platform can use the closing result and status The information performs dismantling or shutdown processing on the IoT card.
  9. 根据权利要求8所述的防范“僵尸”终端DDOS攻击的***,其特征在于,所述HSS服务器,还用于判断所述终端是否在预设时间阈值内持续发送网络承载请求,若所述终端在预设时间阈值内持续发送网络承载请求,则将所述终端定义为“僵尸”终端,若所述终端未在预设时间阈值内持续发送网络承载请求,则判定所述终端正常并结束。The system for preventing DDOS attacks of "zombie" terminals according to claim 8, wherein the HSS server is further used to determine whether the terminal continues to send network bearer requests within a preset time threshold, and if the terminal If the terminal continues to send the network bearer request within the preset time threshold, the terminal is defined as a "zombie" terminal; if the terminal does not continue to send the network bearer request within the preset time threshold, it is determined that the terminal is normal and ends.
  10. 根据权利要求9所述的防范“僵尸”终端DDOS攻击的***,其特征在于,所述连接管理平台,还用于接收所述终端的状态信息、IMEI码,若所述状态信息为拆机状态信息,则直接向所述终端的物联网卡下发关闭通信功能指令;The system for preventing DDOS attacks of "zombie" terminals according to claim 9, wherein the connection management platform is also used to receive the status information and IMEI code of the terminal, if the status information is a disassembled state information, then directly issue an instruction to close the communication function to the IoT card of the terminal;
    若所述状态信息为停机状态信息,则向所述终端的物联网卡下发复机指令,使所述物联网卡在响应所述复机指令成功后返回复机成功信息,所述连接管理平台接收所述复机成功信息,并向所述物联网卡下发关闭通信功能指令。If the state information is shutdown status information, then send a resumption command to the Internet of Things card of the terminal, so that the Internet of Things card returns a resumption success message after successfully responding to the resumption instruction, and the connection management The platform receives the recovery success information, and sends an instruction to close the communication function to the IoT card.
PCT/CN2022/140381 2021-12-30 2022-12-20 Method and system for preventing ddos attack of "zombie" terminal WO2023125149A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111654329.6A CN114268509B (en) 2021-12-30 2021-12-30 Method and system for preventing DDOS attack of zombie terminal
CN202111654329.6 2021-12-30

Publications (1)

Publication Number Publication Date
WO2023125149A1 true WO2023125149A1 (en) 2023-07-06

Family

ID=80831824

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/140381 WO2023125149A1 (en) 2021-12-30 2022-12-20 Method and system for preventing ddos attack of "zombie" terminal

Country Status (2)

Country Link
CN (1) CN114268509B (en)
WO (1) WO2023125149A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114268509B (en) * 2021-12-30 2023-07-21 天翼物联科技有限公司 Method and system for preventing DDOS attack of zombie terminal

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108199978A (en) * 2016-12-08 2018-06-22 ***通信集团四川有限公司 The suppressing method and device of a kind of signaling storm
US20190380037A1 (en) * 2017-06-27 2019-12-12 Allot Communications Ltd. System, Device, and Method of Detecting, Mitigating and Isolating a Signaling Storm
US20200177484A1 (en) * 2018-11-30 2020-06-04 Sap Se IoT MONITORING
CN112888028A (en) * 2021-01-26 2021-06-01 北京树米网络科技有限公司 Method and device for switching traffic service by switching life cycle state
CN113811022A (en) * 2021-08-12 2021-12-17 天翼物联科技有限公司 Abnormal terminal rejection method, system, device and storage medium
CN114268509A (en) * 2021-12-30 2022-04-01 天翼物联科技有限公司 Method and system for preventing DDOS attack of zombie terminal

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100908404B1 (en) * 2008-09-04 2009-07-20 (주)이스트소프트 System and method for protecting from distributed denial of service
CN101753562B (en) * 2009-12-28 2012-11-07 华为数字技术(成都)有限公司 Detection methods, device and network security protecting device for botnet
CN107800664B (en) * 2016-08-31 2021-06-15 华为技术有限公司 Method and device for preventing signaling attack
CN107071781B (en) * 2017-05-04 2019-11-29 国网江苏省电力公司电力科学研究院 A kind of security protection performance assessment method suitable for electric power wireless private network core net
US20190182290A1 (en) * 2017-12-07 2019-06-13 Telefonaktiebolaget Lm Ericsson (Publ) Method and system to resolve a distributed denial of service attack through denying radio resource allocation of infected end devices
US10880329B1 (en) * 2019-08-26 2020-12-29 Nanning Fugui Precision Industrial Co., Ltd. Method for preventing distributed denial of service attack and related equipment
CN113114855B (en) * 2021-04-09 2023-01-06 山东欧飞凌信息技术有限公司 Zombie number retrieval method based on IMS call signaling
CN113316152A (en) * 2021-05-21 2021-08-27 重庆邮电大学 DoS attack detection method and defense method for terminal in LTE system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108199978A (en) * 2016-12-08 2018-06-22 ***通信集团四川有限公司 The suppressing method and device of a kind of signaling storm
US20190380037A1 (en) * 2017-06-27 2019-12-12 Allot Communications Ltd. System, Device, and Method of Detecting, Mitigating and Isolating a Signaling Storm
US20200177484A1 (en) * 2018-11-30 2020-06-04 Sap Se IoT MONITORING
CN112888028A (en) * 2021-01-26 2021-06-01 北京树米网络科技有限公司 Method and device for switching traffic service by switching life cycle state
CN113811022A (en) * 2021-08-12 2021-12-17 天翼物联科技有限公司 Abnormal terminal rejection method, system, device and storage medium
CN114268509A (en) * 2021-12-30 2022-04-01 天翼物联科技有限公司 Method and system for preventing DDOS attack of zombie terminal

Also Published As

Publication number Publication date
CN114268509B (en) 2023-07-21
CN114268509A (en) 2022-04-01

Similar Documents

Publication Publication Date Title
US8607320B2 (en) Systems, methods and computer-readable media for regulating remote access to a data network
CN101136922B (en) Service stream recognizing method, device and distributed refusal service attack defending method, system
US20140119226A1 (en) Optimizing performance information collection
WO2023125149A1 (en) Method and system for preventing ddos attack of "zombie" terminal
WO2012159474A1 (en) Malicious behavior detection method and system based on smartphone radio interface layer
WO2013113266A1 (en) Self organizing network coordination method, device and system
US20160198341A1 (en) Communication Between a Mobile Device and Telecommunications Network
WO2010105443A1 (en) Managed unit device, self-optimization method and system
EP2498528A1 (en) Radio base station, communication system and communication control method
US20150304160A1 (en) System and method for opening network capability, and related network element
CN107078946A (en) Processing method, the device and system of business stream process strategy
EP2929670B1 (en) System to protect a mobile network
CN105592141B (en) A kind of connection number control method and device
CN101072139A (en) Method for realizing network quit for WiMAX communication system
CN102523107B (en) The method and device of balanced network management system service end and client computing pressure
WO2012139466A1 (en) Resource management method and device
EP3739817A1 (en) Network security access method and home network device
WO2008049376A1 (en) Processing location update request method, network entity, congestion control method and apparatus
WO2018126483A1 (en) Method and apparatus for controlling network services
WO2018035770A1 (en) Network anomaly processing method and system
CN106921606B (en) Session detection method, device and system
JP6636329B2 (en) System for detecting behavior in communication networks
CN101106799B (en) Method and device for resource reservation of user terminal under idle mode
WO2021077945A1 (en) Voice-over-new-radio user identification method and base station
CN115696335A (en) Method, system, medium and equipment for testing PFCP protocol data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22914403

Country of ref document: EP

Kind code of ref document: A1