CN106059939B - Message forwarding method and device - Google Patents
Message forwarding method and device Download PDFInfo
- Publication number
- CN106059939B CN106059939B CN201610339071.3A CN201610339071A CN106059939B CN 106059939 B CN106059939 B CN 106059939B CN 201610339071 A CN201610339071 A CN 201610339071A CN 106059939 B CN106059939 B CN 106059939B
- Authority
- CN
- China
- Prior art keywords
- message
- attack
- forwarding
- mark
- flowspec
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a message forwarding method and a device, wherein the method comprises the following steps: judging whether a received message carries a flow cleaning mark, wherein the flow cleaning mark is used for indicating that the current message is a detected normal message; and when the message carries the flow cleaning mark, forwarding the message. The invention can improve the forwarding efficiency of normal messages.
Description
Technical Field
The present invention relates to the field of network communication technologies, and in particular, to a method and an apparatus for forwarding a packet.
background
with the continuous development of internet application, the consequences caused by network attacks become more serious. Among them, DoS (Denial of Service)/DDos (Distributed Denial of Service) attack (collectively, Denial of Service attack) is a common attack method due to its concealment and easy implementation.
Currently, a popular approach for denial of service attack is to issue a Flow control policy of a forwarding plane on a device closest to an attack source, for example, a Flow Specification (FlowSpec) Flow control policy, where the Flow control policy may accurately match an attack Flow and filter and control the attack Flow, so as to reduce the influence of the attack Flow on the network forwarding performance.
The FlowSpec flow control policy may be carried by a routing Protocol, for example, BGP (Border Gateway Protocol), so that the FlowSpec flow control policy is issued on a network device running the BGP Protocol, and FlowSpec detection is performed on each passing flow (including normal flow) to identify an attack flow, which affects transmission efficiency of the normal flow to some extent.
disclosure of Invention
The invention aims to provide a message forwarding method and a message forwarding device, which are used for reducing the detection times of each network device in an operator network on normal flow.
in order to realize the purpose, the invention provides the technical scheme that:
the invention provides a message forwarding method, which is applied to network equipment in an operator network and comprises the following steps:
judging whether a received message carries a flow cleaning mark, wherein the flow cleaning mark is used for indicating that the current message is a detected normal message;
And when the message carries the flow cleaning mark, forwarding the message.
The invention also provides a message forwarding device, which is applied to network equipment in an operator network, and the device comprises:
The system comprises a mark judging unit, a flow cleaning unit and a flow cleaning unit, wherein the mark judging unit is used for judging whether a received message carries a flow cleaning mark or not, and the flow cleaning mark is used for indicating that the current message is a detected normal message;
and the message forwarding unit is used for forwarding the message when the message carries the flow cleaning mark.
as can be seen from the above description, the embodiment of the present invention provides a message forwarding method, which directly forwards a message without detection when it is determined that a received message carries a traffic cleansing flag, thereby improving the forwarding efficiency of a normal message.
Drawings
FIG. 1 is a schematic diagram of an anti-attack network according to an embodiment of the present invention;
Fig. 2 is a flowchart of a message forwarding method according to an embodiment of the present invention;
FIG. 3 illustrates an IP header format according to an embodiment of the present invention;
Fig. 4A is a schematic structural diagram of a network device according to an embodiment of the present invention;
Fig. 4B is a schematic structural diagram of a packet forwarding apparatus of the network device shown in fig. 4A.
Detailed Description
reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.
the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present invention. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
before specifically describing embodiments of the present invention, a brief description will be given of related art to which the embodiments of the present invention relate.
DoS/DDoS attack is a centralized traffic attack technology, in which an attacker simultaneously initiates traffic attacks on the same target (user address or server) by controlling thousands of attack devices, so that an upstream access device of the target address or an attacked server is congested by abnormal traffic, and the user cannot normally use the device. The attack mode is easy to implement, strong in concealment, simple and effective, and therefore, the attack mode becomes a customary attack means for hackers, and the attack mode seriously threatens network security and brings huge economic loss and influence to enterprises and users.
At present, the most effective defense mode for DoS/DDoS attacks is to issue a flow control policy of a forwarding plane on a device closest to an attack source, and filter and control attack traffic matching the flow control policy, so that the attack traffic is limited near the attack source, and threats to a user network are reduced.
In the RFC document of IETF (Internet Engineering Task Force), FlowSpec is defined as an n-tuple consisting of several matching rules applicable to IP (Internet Protocol) traffic, such as a source address, a destination address, a port, a source port, a destination port, a Protocol type, an ICMP (Internet Control Message Protocol) type, a fragmentation status, a TCP (Transmission Control Protocol) flag, a DSCP (Differentiated Services Code Point) value, and the like. Therefore, a flow control strategy (for short, the flow control strategy) can be deployed by using the FlowSpec technology to achieve accurate matching of attack flows, and various selection actions are performed on the attack flows, for example, all the actions such as discarding, limiting speed, redirecting the flows or modifying DSCP values of IP messages, and the like, so that the influence of DoS/DDoS attacks is reduced.
BGP (Border Gateway Protocol) is a path vector Protocol used to transfer routing information between ASs (Autonomous systems), and is an inter-domain routing Protocol, which aims at controlling the propagation of routes and selecting the best route. Other protocol Information can be encapsulated by using an NLRI (Network Layer availability Information) field of a BGP protocol packet and transferred to other devices configured with a BGP protocol, and therefore, many protocols transfer various routing Information required by themselves by using this protocol expansion capability of BGP.
the FlowSpec technology can distribute the FlowSpec flow control strategy to other devices configured with BGP protocols by means of protocol extension capability of BGP, and sends the FlowSpec flow control strategy to a forwarding plane of the devices. The device performs FlowSpec detection on the passing flow (including normal flow) according to the FlowSpec flow control strategy, and filters and controls the attack flow matched with the FlowSpec flow control strategy, so that the attack flow is limited near an attack source, and the threat to a user network is reduced. However, the FlowSpec detection method affects the transmission efficiency of normal traffic.
The embodiment of the invention provides a message forwarding method, which is used for directly forwarding a message without carrying out FlowSpec detection when a received message is confirmed to carry a flow cleaning mark, so that the forwarding efficiency of a normal message is improved.
referring to fig. 1, a schematic diagram of an anti-attack network according to an embodiment of the present invention is shown. The attack-prevention network includes a user network 10, a user network 20, and a carrier network 30. Wherein, the user network 10 comprises a host 11 and a network device 12; the user network 20 includes a host 21 and a network device 22; the operator network 30 includes network devices 31 to 33.
First, each network device establishes a neighbor relationship through a BGP protocol. When a network device (e.g., the network device 12) detects an attack, a FlowSpec entry (i.e., a FlowSpec flow control policy) is generated, and a BGP protocol is triggered to generate a BGP FlowSpec route, where the BGP FlowSpec route carries FlowSpec entry information and is advertised to other network devices by BGP neighbors.
after receiving the BGP FlowSpec route, a network device (e.g., network device 31) in the operator network issues the BGP FlowSpec route to a forwarding plane, generates a FlowSpec entry, and then performs FlowSpec detection according to a message received in accordance with the FlowSpec entry matching, so as to determine whether the received message is an attack message, and further take corresponding measures (e.g., filtering or current limiting).
Referring to fig. 2, a flowchart of an embodiment of the message forwarding method of the present invention is shown, and the embodiment describes a message forwarding process.
In the following description, an undefined network device is defaulted to a network device of an operator network.
Step 201, judging whether the received message carries a traffic cleaning mark.
The flow cleaning mark in the embodiment of the invention is used for indicating that the current message is subjected to FlowSpec detection, and the detection result is a normal message.
step 202, when the message carries the flow cleaning mark, the message is forwarded.
When the network equipment receives the message carrying the flow cleaning mark, the current message is a normal message which is detected by other network equipment, so that the FlowSpec detection is not performed on the message any more, and the message is directly forwarded, thereby reducing the detection times of the normal message and improving the forwarding efficiency of the normal message.
When it is determined that the message does not carry the flow cleaning flag according to the determination result in step 201, the FlowSpec detection is performed on the received message, that is, whether the current message is an attack message is determined according to a FlowSpec entry (as described above, the FlowSpec entry is carried and distributed by the BGP protocol, and the FlowSpec entry records the message characteristics of the attack message, that is, n-tuple information of the attack message) issued in the network device.
when the message characteristics of the received message are the same as the message characteristics of the attack message recorded in the FlowSpec list item, determining the received message as the attack message; otherwise, the message is not an attack message. When the received message is not an attack message, the network device adds a flow cleaning mark to the message and then forwards the message to prompt the subsequent network device receiving the message that the message is a detected normal message without executing FlowSpec detection.
In a preferred embodiment, the network device may carry a traffic cleansing flag in a header of an existing IP packet to indicate that the current packet is a detected normal packet. Specifically, the information may be carried in a flag field (3Bit) of the IP packet header shown in fig. 3, where the flag field includes 3 bits (Bit), where the first Bit is unused; the second bit is a DF (Don't Fragment, prohibited fragmentation) bit, and fragmentation is permitted only when the DF bit is 0; the third bit is an MF (More Fragment) bit, which indicates that there is a Fragment message behind the MF bit when the MF bit is 1, and indicates the last Fragment when the MF bit is 0. The embodiment of the invention utilizes the unused first bit in the mark field as a cleaning mark bit to carry the flow cleaning mark. For example, when the current packet is detected as a normal packet, the flush flag bit is set to 1. When other network equipment receives the message, the current message is confirmed to be a normal message by identifying the cleaning mark bit, and then the FlowSpec detection is not executed any more, and the message is directly forwarded.
When the network equipment confirms that the message is the attack message through FlowSpec detection, the message is discarded, so that the interception of the attack message is realized, and the influence on the user network is shielded.
In addition, in order to prevent an attacker from obtaining the defense strategy of the present invention, and carry a flow cleaning mark in an attack message, and further avoid FlowSpec detection, the embodiment of the present invention firstly detects a network source of a received message, i.e., determines whether the received message comes from the inside of an operator network, and performs the processing of the foregoing step 201 and step 202 on the message from the inside of the operator network; if the message is not from the inside of the operator network, for example, the message from the user network, the flow cleaning flag in the message is cleared, and then the processing of step 201 and step 202 is executed, that is, the FlowSpec detection is enforced on the message entering the operator network from the user network.
Still taking fig. 1 as an example, the message forwarding process will be described in detail.
it is assumed that host 21 sends an IP packet to host 11, which is forwarded via network device 22 into operator network 30.
The network device 33 receives the IP packet forwarded by the network device 22, determines a device (a device outside the operator network 30 or a device inside the operator network 30) connected to the interface according to the interface receiving the IP packet, and further determines whether the IP packet is a packet from inside the operator network 30 or a packet from a network outside the operator network 30. When the IP packet is confirmed to be from outside the operator network 30, the traffic flush flag in the IP packet is forcibly cleared (as described above, the first bit of the flag field in the IP packet may be set to 0).
the network device 33 performs FlowSpec detection on the received IP packet, and when detecting that the IP packet is an attack packet (in this embodiment, a FlowSpec entry corresponding to the IP packet already exists in the default network device 33), discards the IP packet and does not forward the IP packet to the network device 32 any more; when detecting that the IP packet is a normal packet, add a traffic cleansing flag (set the first bit of the flag field in the IP packet to 1) to the IP packet, and forward the IP packet to the network device 32.
the network device 32 confirms that the received IP packet is from the inside of the operator network 30, and confirms that the IP packet carries the traffic cleansing flag, and then directly forwards the IP packet to the network device 31 without performing FlowSpec detection.
similarly, when the network device 31 confirms that the received IP packet is from the inside of the operator network 30 and the IP packet carries the flow cleansing flag, it does not perform FlowSpec detection and directly forwards the IP packet to the network device 12.
network device 12 forwards the IP message to host 11.
According to the embodiment, in the operator network, only one FlowSpec detection is executed on the normal message, so that the forwarding efficiency of the normal message is greatly improved.
Corresponding to the embodiment of the message forwarding method, the invention also provides an embodiment of a message forwarding device.
The embodiment of the message forwarding apparatus 400 of the present invention can be applied to network devices. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. A software implementation is taken as an example, and a logical means is formed by a processor of the device in which it is located running corresponding computer program instructions in a memory. In terms of hardware, as shown in fig. 4A, the hardware structure diagram of the device in which the packet forwarding apparatus of the present invention is located is shown in fig. 4A, and except for the processor and the nonvolatile memory shown in fig. 4A, the device in which the apparatus is located in the embodiment may also include other hardware according to the actual function of the device, which is not described again.
Fig. 4B is a schematic structural diagram of a message forwarding apparatus 400 according to an embodiment of the present invention. The message forwarding apparatus 400 includes a flag determining unit 401 and a message forwarding unit 402, where:
a flag determining unit 401, configured to determine whether a received message carries a traffic cleansing flag, where the traffic cleansing flag is used to indicate that a current message is a detected normal message;
A message forwarding unit 402, configured to forward the message when the message carries the traffic washing flag.
Further, the apparatus 400 further comprises:
a message judging unit, configured to judge whether the message is an attack message when the message does not carry a traffic washing flag;
A mark adding unit, configured to add a traffic cleaning mark to the packet when the packet is not an attack packet;
The message forwarding unit 402 is further configured to forward the message with the traffic cleansing flag added.
Further, the apparatus 400 further comprises:
A message receiving unit, configured to receive a BGP message before the message determining unit determines whether the message is an attack message, where the BGP message carries a flow description FlowSpec entry, and a message feature of the attack message is recorded in the FlowSpec entry;
The message judging unit is specifically configured to determine that the received message is an attack message when the message characteristic of the received message is the same as the message characteristic of the attack message recorded in the FlowSpec entry; otherwise, determining that the received message is not an attack message.
Further, the apparatus 400 further comprises:
A mark removing unit, configured to determine whether the received packet is from inside an operator network before the mark determining unit 401 determines whether the received packet carries a traffic cleansing mark; and when the message does not come from the inside of the operator network, clearing the flow cleaning mark in the message.
further, the air conditioner is provided with a fan,
The traffic flush flag carries the first Bit of the flag field in the header of the packet.
the implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the invention. One of ordinary skill in the art can understand and implement it without inventive effort.
the above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (8)
1. A message forwarding method is applied to network equipment in an operator network, and is characterized in that the method comprises the following steps:
judging whether the received message comes from the inside of the operator network;
When the message comes from the inside of the operator network and carries a flow cleaning mark, forwarding the message, wherein the flow cleaning mark is used for indicating that the current message is a detected normal message;
When the message does not come from the inside of the operator network, clearing the flow cleaning mark in the message;
judging whether the message is an attack message or not;
And when the message is not an attack message, adding a flow cleaning mark for the message and forwarding.
2. the method of claim 1, wherein the method further comprises:
when the message comes from the inside of the operator network and does not carry a flow cleaning mark, judging whether the message is an attack message or not;
And when the message is not an attack message, adding a flow cleaning mark for the message and forwarding.
3. the method of claim 1, wherein before determining whether the packet is an attack packet, further comprising:
Receiving a BGP message, wherein the BGP message carries a flow description FlowSpec table entry, and the FlowSpec table entry records the message characteristics of an attack message;
the judging whether the message is an attack message includes:
When the message characteristics of the received message are the same as the message characteristics of the attack message recorded in the FlowSpec list item, determining that the received message is the attack message; otherwise, determining that the received message is not an attack message.
4. A method according to any of claims 1 to 3, characterized by:
The traffic flush flag carries the first Bit of the flag field in the header of the packet.
5. A message forwarding apparatus applied to a network device in an operator network, the apparatus comprising:
a mark clearing unit for judging whether the received message comes from the inside of the operator network;
The message forwarding unit is used for forwarding the message when the message comes from the inside of the operator network and carries a flow cleaning mark, and the flow cleaning mark is used for indicating that the current message is a detected normal message;
The mark clearing unit is further configured to clear the traffic cleaning mark in the message when the message is not from inside the operator network;
A message judging unit, configured to judge whether the message is an attack message;
And the mark adding unit is used for adding a flow cleaning mark to the message and forwarding the flow cleaning mark when the message is not an attack message.
6. The apparatus of claim 5, wherein the apparatus further comprises:
the message judging unit is further configured to judge whether the message is an attack message or not when the message comes from inside the operator network and does not carry the traffic cleansing flag;
And the mark adding unit is used for adding a flow cleaning mark to the message and forwarding the flow cleaning mark when the message is not an attack message.
7. The apparatus of claim 5, wherein the apparatus further comprises:
A message receiving unit, configured to receive a BGP message before the message determining unit determines whether the message is an attack message, where the BGP message carries a flow description FlowSpec entry, and a message feature of the attack message is recorded in the FlowSpec entry;
The message judging unit is specifically configured to determine that the received message is an attack message when the message characteristic of the received message is the same as the message characteristic of the attack message recorded in the FlowSpec entry; otherwise, determining that the received message is not an attack message.
8. the apparatus of any of claims 5 to 7, wherein:
The traffic flush flag carries the first Bit of the flag field in the header of the packet.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610339071.3A CN106059939B (en) | 2016-05-19 | 2016-05-19 | Message forwarding method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610339071.3A CN106059939B (en) | 2016-05-19 | 2016-05-19 | Message forwarding method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106059939A CN106059939A (en) | 2016-10-26 |
| CN106059939B true CN106059939B (en) | 2019-12-06 |
Family
ID=57177300
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610339071.3A Active CN106059939B (en) | 2016-05-19 | 2016-05-19 | Message forwarding method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106059939B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108123843B (en) * | 2016-11-28 | 2020-04-14 | 中国移动通信有限公司研究院 | Flow detection method, detection data processing method and device |
| CN111224960B (en) * | 2019-12-27 | 2022-07-12 | 北京天融信网络安全技术有限公司 | Information processing method, information processing device, electronic equipment and storage medium |
| CN114172738B (en) * | 2021-12-15 | 2022-12-13 | 广州市苏纳米实业有限公司 | DDoS attack resisting method and device based on intelligent security box and intelligent security box |
| CN118802346A (en) * | 2024-07-15 | 2024-10-18 | 中国移动通信有限公司研究院 | Network traffic processing method, electronic device, storage medium and program product |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101136922A (en) * | 2007-04-28 | 2008-03-05 | 华为技术有限公司 | Service flow identification method and device, distributed denial of service attack defense method and system |
| CN102195843A (en) * | 2010-03-02 | 2011-09-21 | 中国移动通信集团公司 | Flow control system and method |
| CN104601482A (en) * | 2013-10-30 | 2015-05-06 | 中兴通讯股份有限公司 | Traffic cleaning method and device |
| CN104917653A (en) * | 2015-06-26 | 2015-09-16 | 北京奇虎科技有限公司 | Virtual flow monitoring method based on cloud platform and device thereof |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9722926B2 (en) * | 2014-01-23 | 2017-08-01 | InMon Corp. | Method and system of large flow control in communication networks |
-
2016
- 2016-05-19 CN CN201610339071.3A patent/CN106059939B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101136922A (en) * | 2007-04-28 | 2008-03-05 | 华为技术有限公司 | Service flow identification method and device, distributed denial of service attack defense method and system |
| CN102195843A (en) * | 2010-03-02 | 2011-09-21 | 中国移动通信集团公司 | Flow control system and method |
| CN104601482A (en) * | 2013-10-30 | 2015-05-06 | 中兴通讯股份有限公司 | Traffic cleaning method and device |
| CN104917653A (en) * | 2015-06-26 | 2015-09-16 | 北京奇虎科技有限公司 | Virtual flow monitoring method based on cloud platform and device thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106059939A (en) | 2016-10-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8281397B2 (en) | Method and apparatus for detecting spoofed network traffic | |
| US8484372B1 (en) | Distributed filtering for networks | |
| US7636305B1 (en) | Method and apparatus for monitoring network traffic | |
| CN109768955B (en) | System and method for defense against distributed denial of service attack based on software-defined network | |
| US9166990B2 (en) | Distributed denial-of-service signature transmission | |
| KR102050089B1 (en) | System and method for network security performing adaptive rule-set setting | |
| JP2006517066A (en) | Mitigating denial of service attacks | |
| CN106059939B (en) | Message forwarding method and device | |
| CN100531061C (en) | System and method for identifying source of malicious network messages | |
| Maheshwari et al. | Defending network system against IP spoofing based distributed DoS attacks using DPHCF-RTT packet filtering technique | |
| JP6053561B2 (en) | System and method for creating a network traffic profile based on BGP routes for the purpose of detecting forged traffic | |
| CN106487790B (en) | Cleaning method and system for ACK FLOOD attacks | |
| JP5178573B2 (en) | Communication system and communication method | |
| US7818795B1 (en) | Per-port protection against denial-of-service and distributed denial-of-service attacks | |
| JP2003099339A (en) | Intrusion detection / prevention devices and programs | |
| CN106789892A (en) | A common method for defending against distributed denial-of-service attacks on cloud platforms | |
| Farhat | Protecting TCP services from denial of service attacks | |
| KR101715107B1 (en) | System and providing method for retroactive network inspection | |
| JP2004248185A (en) | System for protecting network-based distributed denial of service attack and communication device | |
| CN116633633B (en) | Data transmission methods, devices, electronic equipment and storage media | |
| WO2024001987A1 (en) | Method for generating validation rule, and related apparatus | |
| Kashiwa et al. | Active shaping: a countermeasure against DDoS attacks | |
| Tupakula et al. | Tracing DDoS floods: An automated approach | |
| Bossardt et al. | Enhanced Internet security by a distributed traffic control service based on traffic ownership | |
| Park et al. | An effective defense mechanism against DoS/DDoS attacks in flow-based routers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |