CN106685962B - Defense system and method for reflective DDOS attack flow - Google Patents
Defense system and method for reflective DDOS attack flow Download PDFInfo
- Publication number
- CN106685962B CN106685962B CN201611242166.XA CN201611242166A CN106685962B CN 106685962 B CN106685962 B CN 106685962B CN 201611242166 A CN201611242166 A CN 201611242166A CN 106685962 B CN106685962 B CN 106685962B
- Authority
- CN
- China
- Prior art keywords
- data
- database
- type
- sending
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
A defense system for reflective DDOS attack traffic, comprising: the data storage module, the data collection module, the data test module and the traffic guide module, and the defense method of the reflective DDOS attack traffic comprises the following steps: detecting various DDOS attacks; analyzing the package capture file; periodically acquiring the IP of which the last activity time exceeds a set value for M hours from the database, and adding the IP into a list to be updated; acquiring each IP from a list to be updated, simultaneously sending T-type requests to the IPs, recording the data types and data volumes returned by the IPs, and updating the service types and the accessible values of the corresponding IPs in the database by using the two data; waiting for receiving IP and T type requests, and sending a large amount of T type request data messages to the IP; the invention includes the basic server utilized by the reflection type attack according to the mode of detecting the attack packet capture; the service type and the trafficability of the basic server are tested by sending the reflection request to the basic server, and the traffic guiding efficiency is improved.
Description
Technical Field
The invention relates to a network technology, in particular to a defense system and a defense method for reflective DDOS attack flow.
Background
At present, no matter the general DDOS attack or the reflective DDOS attack is dealt with, a method of deploying a flow cleaning device in front of a protected end and using active detection and passive traction cleaning is adopted, and the method has a great defect that once the flow is formed, the flow comes to a transmission link of the protected end, and cleaning can only play a part of the role, if the flow is not enough to cause transmission congestion, the cleaning method is still more effective, but once the flow is large enough to cause transmission congestion, the cleaning scheme has a quite limited role, and the reflective DDOS attack flow can generally reach more than dozens of Gbps, and a general data center and a small operator can not necessarily have enough bandwidth to transmit the huge flow.
The method for cleaning the source end can clean the flow at the point of sending the attack flow, has very obvious effect on preventing the formation of large attack flow, but also has a very great disadvantage, and the cleaning method has very high deployment cost and relatively high network erection complexity.
Disclosure of Invention
The invention aims to provide a defense system and a defense method for a reflection-type DDOS attack flow, which adopt an active defense mode to send a request to a basic server utilized by the reflection-type attack to reduce the generation efficiency of the attack flow or guide the flow to different places, and solve the reflection-type attack by using the mode of reducing the generation of huge flow or dispersing the flow in a dual mode of source and transmission.
In order to achieve the purpose, the invention adopts the following technical scheme:
a defense system for reflective DDOS attack traffic, comprising:
the data storage module is used for establishing a database to store the information of a basic server, wherein the information of the basic server comprises an IP (Internet protocol), a service type, a located area, a communication value and a last activity time;
the data collection module comprises detection equipment and a packet capture file analysis module;
the detection equipment is used for detecting various DDOS attacks and recording the attacked data as a packet capturing file;
the packet capturing file analysis module is used for periodically taking out the IP of each data packet from the packet capturing file collected by the detection equipment, obtaining the area of the IP by using an IP area function and other modes, and updating the information in the database by using the two items of information;
the data testing module is used for periodically obtaining the IP of which the last activity time exceeds a set value for M hours from the database and adding the IP into a list to be updated;
obtaining each IP from the list to be updated, sending T-type requests to the IPs at the same time, recording the data types and data volumes returned by the IPs, updating the service types and the passable values of the corresponding IPs in the database by using the two data, and updating the last activity time of the IP to be the current time;
the traffic guiding module comprises a plurality of traffic guiding devices X and is used for waiting for receiving IP and T type requests and sending a large amount of T type request data messages to the IP;
acquiring the IP of an attack source from the detection equipment of the network node a which is under attack, and inquiring the service type and the accessible value of the IP in the database;
if the IP exists in the database and the passable value is greater than 0, sending two data of the IP and the service type to a flow guide device X of other network nodes which are not attacked for sending parameters of the request;
otherwise, the IP is added to the update list of the data test module.
Further, the system also comprises a statistic module used for counting the regional distribution in the database.
Further, the T-type request includes NTP, SSDP, and DNS.
Further, the value of M is 2, that is, the data testing module is configured to periodically obtain, from the database, an IP whose last active time exceeds a set value by 2 hours from the current time, and add the IP to the list to be updated.
A defense method for reflection-type DDOS attack traffic comprises the following steps:
detecting various DDOS attacks, and recording the attacked data as a packet capturing file;
analyzing the packet capturing file, regularly taking out the IP of each data packet from the packet capturing file collected by the detection equipment, obtaining the area of the IP by using modes such as an IP area function and the like, and updating the information in the database by using the two items of information;
periodically acquiring the IP of which the last activity time exceeds a set value for M hours from the database, and adding the IP into a list to be updated;
obtaining each IP from a list to be updated, simultaneously sending a T type request to the IPs, recording the data type and the data volume returned by the IPs, updating the service type and the available value of the corresponding IP in a database by using the two data, and updating the last activity time of the IP to be the current time;
waiting for receiving IP and T type requests, and sending a large amount of T type request data messages to the IP;
acquiring the IP of an attack source from the detection equipment of the network node a which is under attack, and inquiring the service type and the accessible value of the IP in the database;
if the IP exists in the database and the passable value is greater than 0, sending two data of the IP and the service type to a flow guide device X of other network nodes which are not attacked for sending parameters of the request;
otherwise, the IP is added to the update list of the data test module.
Further, the method also comprises the step of counting the regional distribution in the database.
Further, the T-type request includes NTP, SSDP, and DNS.
Further, the value of M is 2, that is, the data testing module is configured to periodically obtain, from the database, an IP whose last active time exceeds a set value by 2 hours from the current time, and add the IP to the list to be updated.
The invention provides a defense system and a defense method for reflective DDOS attack flow according to the content, and a basic server utilized by reflective attack is recorded by detecting an attack packet capturing mode; the service type and the feasibility of the basic server are tested by sending a reflection request to the basic server, so that the traffic guiding efficiency is improved; the IP of the basic server sending the attack traffic is acquired from the detection equipment in real time, the service type and the feasibility of the IP are acquired from the recorded information, and the traffic is guided by sending a request to the IP according to the service type and the feasibility.
The invention adopts an active defense mode to send a request to a basic server utilized by the reflection-type attack to reduce the generation efficiency of attack flow or guide the flow to different places, and solves the reflection-type attack by using the mode of reducing the generation of huge flow or dispersing the flow and a dual mode of source and transmission.
The method only needs to deploy a small amount of servers at the network nodes owned by the method, the cost can be effectively controlled, and the method improves the efficiency of flow guidance by using different request methods for different services through collecting and detecting the basic servers utilized by the reflection-type attack and obtains better effect; and the non-attacked network node is used for distributing the attack traffic of the attacked network node so as to relieve the pressure of the attacked network node.
Drawings
FIG. 1 is a block diagram of modules of one embodiment of the present invention.
FIG. 2 is a flow chart of one embodiment of the present invention.
Detailed Description
The technical scheme of the invention is further explained by the specific implementation mode in combination with the attached drawings.
A defense system for reflective DDOS attack traffic, comprising:
the data storage module is used for establishing a database to store the information of a basic server, wherein the information of the basic server comprises an IP (Internet protocol), a service type, a located area, a communication value and a last activity time;
the data collection module comprises detection equipment and a packet capture file analysis module;
the detection equipment is used for detecting various DDOS attacks and recording the attacked data as a packet capturing file;
the packet capturing file analysis module is used for periodically taking out the IP of each data packet from the packet capturing file collected by the detection equipment, obtaining the area of the IP by using an IP area function and other modes, and updating the information in the database by using the two items of information;
the data testing module is used for periodically obtaining the IP of which the last activity time exceeds a set value for M hours from the database and adding the IP into a list to be updated;
obtaining each IP from the list to be updated, sending T-type requests to the IPs at the same time, recording the data types and data volumes returned by the IPs, updating the service types and the passable values of the corresponding IPs in the database by using the two data, and updating the last activity time of the IP to be the current time;
the traffic guiding module comprises a plurality of traffic guiding devices X and is used for waiting for receiving IP and T type requests and sending a large amount of T type request data messages to the IP;
acquiring the IP of an attack source from the detection equipment of the network node a which is under attack, and inquiring the service type and the accessible value of the IP in the database;
if the IP exists in the database and the passable value is greater than 0, sending two data of the IP and the service type to a flow guide device X of other network nodes which are not attacked for sending parameters of the request;
otherwise, the IP is added to the update list of the data test module.
The defense system of the reflective DDOS attack flow of the embodiment sends a request to the base server through the cooperation of the data storage module, the data collection module, the data test module and the flow guide module, actively guides the flow direction of the flow, disperses a plurality of attack flows of the base server, reduces the possibility that the flows are finally converged into an ultra-large flow, can effectively reduce the flow finally reaching the network where the attacked target is located, reduces the burden of network transmission where the target is located, greatly reduces the possibility that the network is congested, and can normally work only by cleaning equipment or intrusion defense equipment deployed on the basis as long as the transmission is not congested, and exerts the effect of the defense system.
The system also captures the recorded basic server IP from the attack through continuous testing to obtain the service type and the communication performance of the basic server IP, so that the efficiency of flow guiding is improved. The system can also effectively control the cost, only needs to deploy a plurality of common servers at the network nodes of the system, and does not increase the complexity of the network architecture and the deployment of the whole project.
The system includes a basic server utilized by reflection type attack by detecting an attack packet capturing mode; the service type and the feasibility of the basic server are tested by sending a reflection request to the basic server, so that the traffic guiding efficiency is improved; the IP of the basic server sending the attack traffic is acquired from the detection equipment in real time, the service type and the feasibility of the IP are acquired from the recorded information, and the traffic is guided by sending a request to the IP according to the service type and the feasibility.
The invention adopts an active defense mode to send a request to a basic server utilized by the reflection-type attack to reduce the generation efficiency of attack flow or guide the flow to different places, and solves the reflection-type attack by using the mode of reducing the generation of huge flow or dispersing the flow and a dual mode of source and transmission.
Further, the system also comprises a statistic module used for counting the regional distribution in the database.
The structure of the flow guiding device X can be optimized and deployed, and a better flow guiding effect is achieved.
Further, the T-type request includes NTP, SSDP, and DNS.
These types of requests are common, although in other embodiments the T-type request may be other types of requests.
Further, the value of M is 2, that is, the data testing module is configured to periodically obtain, from the database, an IP whose last active time exceeds a set value by 2 hours from the current time, and add the IP to the list to be updated.
When the value of M is 2, the defense effect of the defense system of the reflective DDOS attack traffic is better.
A method of defending against reflective DDOS attack traffic, comprising:
detecting various DDOS attacks, and recording the attacked data as a packet capturing file;
analyzing the packet capturing file, regularly taking out the IP of each data packet from the packet capturing file collected by the detection equipment, obtaining the area of the IP by using modes such as an IP area function and the like, and updating the information in the database by using the two items of information;
periodically acquiring the IP of which the last activity time exceeds a set value for M hours from the database, and adding the IP into a list to be updated;
obtaining each IP from a list to be updated, simultaneously sending a T type request to the IPs, recording the data type and the data volume returned by the IPs, updating the service type and the available value of the corresponding IP in a database by using the two data, and updating the last activity time of the IP to be the current time;
waiting for receiving IP and T type requests, and sending a large amount of T type request data messages to the IP;
acquiring the IP of an attack source from the detection equipment of the network node a which is under attack, and inquiring the service type and the accessible value of the IP in the database;
if the IP exists in the database and the passable value is greater than 0, sending two data of the IP and the service type to a flow guide device X of other network nodes which are not attacked for sending parameters of the request;
otherwise, the IP is added to the update list of the data test module.
The method for the defense system of the reflective DDOS attack flow sends a request through the basic server, actively guides the flow direction of the flow, disperses the attack flows of a plurality of basic servers, reduces the possibility that the flows are finally converged into super-large flows, can effectively reduce the flow finally reaching the network where the attacked target is located, lightens the transmission burden of the network where the target is located, greatly reduces the possibility that the network is congested, and only if the transmission is not congested, the flow guiding device X or the intrusion defense device deployed on the basis can normally work to exert the effect of the flow guiding device X or the intrusion defense device.
And continuously testing the basic server IP which is captured and recorded from the attack to obtain the service type and the trafficability so as to improve the efficiency of flow guiding. The system can also effectively control the cost, only needs to deploy a plurality of common servers at the network nodes of the system, and does not increase the complexity of the network architecture and the deployment of the whole project.
Recording a basic server utilized by a reflection type attack by detecting an attack packet capturing mode; the service type and the feasibility of the basic server are tested by sending a reflection request to the basic server, so that the traffic guiding efficiency is improved; the IP of the basic server sending the attack traffic is acquired from the detection equipment in real time, the service type and the feasibility of the IP are acquired from the recorded information, and the traffic is guided by sending a request to the IP according to the service type and the feasibility.
The invention adopts an active defense mode to send a request to a basic server utilized by the reflection-type attack to reduce the generation efficiency of attack flow or guide the flow to different places, and solves the reflection-type attack by using the mode of reducing the generation of huge flow or dispersing the flow and a dual mode of source and transmission.
The method only needs to deploy a small amount of servers at the network nodes owned by the method, the cost can be effectively controlled, and the method improves the efficiency of flow guidance by using different request methods for different services through collecting and detecting the basic servers utilized by the reflection-type attack and obtains better effect; and the non-attacked network node is used for distributing the attack traffic of the attacked network node so as to relieve the pressure of the attacked network node.
Further, the method also comprises the step of counting the regional distribution in the database.
The structure of the flow guiding equipment can be optimized and deployed, and a better flow guiding effect is achieved.
Further, the T-type request includes NTP, SSDP, and DNS.
These types of requests are common, although in other embodiments the T-type request may be other types of requests.
Further, the value of M is 2, that is, the data testing module is configured to periodically obtain, from the database, an IP whose last active time exceeds a set value by 2 hours from the current time, and add the IP to the list to be updated.
When the value of M is 2, the defense effect of the defense system of the reflective DDOS attack traffic is better.
The technical principle of the present invention is described above in connection with specific embodiments. The description is made for the purpose of illustrating the principles of the invention and should not be construed in any way as limiting the scope of the invention. Based on the explanations herein, those skilled in the art will be able to conceive of other embodiments of the present invention without inventive effort, which would fall within the scope of the present invention.
Claims (7)
1. A defense system for reflective DDOS attack traffic, comprising: the method comprises the following steps:
the data storage module is used for establishing a database to store the information of a basic server, wherein the information of the basic server comprises an IP (Internet protocol), a service type, a located area, a communication value and a last activity time;
the data collection module comprises detection equipment and a packet capture file analysis module;
the detection equipment is used for detecting various DDOS attacks and recording the attacked data as a packet capturing file;
the packet capturing file analysis module is used for periodically taking out the IP of each data packet from the packet capturing file collected by the detection equipment, obtaining the area where the IP is located by using an IP area function mode, and updating the information in the database by using the two items of information;
the data testing module is used for periodically obtaining the IP of which the last activity time exceeds a set value for M hours from the database and adding the IP into a list to be updated;
obtaining each IP from the list to be updated, sending T-type requests to the IPs at the same time, recording the service types and data volumes returned by the IPs, updating the service types and the passable values of the corresponding IPs in the database according to the two data, and updating the last activity time of the IP to be the current time;
the traffic guiding module comprises a plurality of traffic guiding devices X and is used for waiting for receiving IP and T type requests and sending a large amount of T type request data messages to the IP;
acquiring the IP of an attack source from the detection equipment of the network node a which is under attack, and inquiring the service type and the accessible value of the IP in the database;
if the IP exists in the database and the open value is larger than 0, the IP and the service type are sent to the traffic guiding equipment X of other network nodes which are not attacked, and the two data are parameters for sending the request;
otherwise, adding the IP into the update list of the data test module;
the T-type request includes NTP, SSDP, and DNS.
2. The defense system for reflective DDOS attack traffic of claim 1, wherein: the system also comprises a statistical module used for counting the regional distribution in the database.
3. The defense system for reflective DDOS attack traffic of claim 1, wherein: and the value of M is 2, namely the data testing module is used for periodically obtaining the IP of which the last activity time exceeds the set value for 2 hours from the current time from the database and adding the IP into the list to be updated.
4. A method for defending against reflective DDOS attack traffic using the system for defending against reflective DDOS attack traffic recited in any one of claims 1 through 3, comprising: the method comprises the following steps:
detecting various DDOS attacks, and recording the attacked data as a packet capturing file;
analyzing the packet capturing file, regularly taking out the IP of each data packet from the packet capturing file collected by the detection equipment, obtaining the area where the IP is located by using an IP area function mode, and updating the information in the database by using the two items of information;
periodically acquiring the IP of which the last activity time exceeds a set value for M hours from the database, and adding the IP into a list to be updated;
obtaining each IP from a list to be updated, simultaneously sending a T type request to the IPs, recording service types and data volumes returned by the IPs, updating the service types and the passable values of the corresponding IPs in a database by using the two data, and updating the last activity time of the IP to be the current time;
waiting for receiving IP and T type requests, and sending a large amount of T type request data messages to the IP;
acquiring the IP of an attack source from the detection equipment of the network node a which is under attack, and inquiring the service type and the accessible value of the IP in the database;
if the IP exists in the database and the open value is larger than 0, the IP and the service type are sent to the traffic guiding equipment X of other network nodes which are not attacked, and the two data are parameters for sending the request;
otherwise, the IP is added to the update list of the data test module.
5. The method of claim 4, wherein the method further comprises:
further comprising counting the distribution of regions in the database.
6. The method of claim 4, wherein the method further comprises:
the T-type request includes NTP, SSDP, and DNS.
7. The method of claim 4, wherein the method further comprises:
and the value of M is 2, namely the data testing module is used for periodically obtaining the IP of which the last activity time exceeds the set value for 2 hours from the current time from the database and adding the IP into the list to be updated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611242166.XA CN106685962B (en) | 2016-12-29 | 2016-12-29 | Defense system and method for reflective DDOS attack flow |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611242166.XA CN106685962B (en) | 2016-12-29 | 2016-12-29 | Defense system and method for reflective DDOS attack flow |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106685962A CN106685962A (en) | 2017-05-17 |
| CN106685962B true CN106685962B (en) | 2020-06-23 |
Family
ID=58873042
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611242166.XA Active CN106685962B (en) | 2016-12-29 | 2016-12-29 | Defense system and method for reflective DDOS attack flow |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106685962B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108777680B (en) * | 2018-05-28 | 2020-11-20 | 中国石油大学(华东) | A defense method and defense device for SSDP reflection attack based on multi-point defense in the Internet of Things |
| CN110661763B (en) * | 2018-06-29 | 2021-11-19 | 阿里巴巴集团控股有限公司 | DDoS reflection attack defense method, device and equipment |
| CN109194680B (en) * | 2018-09-27 | 2021-02-12 | 腾讯科技(深圳)有限公司 | Network attack identification method, device and equipment |
| CN110598774B (en) * | 2019-09-03 | 2023-04-07 | 中电长城网际安全技术研究院(北京)有限公司 | Encrypted flow detection method and device, computer readable storage medium and electronic equipment |
| CN115987651B (en) * | 2022-12-26 | 2024-11-01 | 北京火山引擎科技有限公司 | Reflection attack protection method, system, medium and electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101753315A (en) * | 2008-11-27 | 2010-06-23 | 百度在线网络技术(北京)有限公司 | Method, device and system for testing DDOS (distributed denial of service) attacks |
| CN106101088A (en) * | 2016-06-04 | 2016-11-09 | 北京兰云科技有限公司 | The method that cleaning equipment, detection equipment, routing device and strick precaution DNS attack |
| CN106230819A (en) * | 2016-07-31 | 2016-12-14 | 上海交通大学 | A kind of DDoS detection method based on stream sampling |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9276955B1 (en) * | 2014-09-17 | 2016-03-01 | Fortinet, Inc. | Hardware-logic based flow collector for distributed denial of service (DDoS) attack mitigation |
-
2016
- 2016-12-29 CN CN201611242166.XA patent/CN106685962B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101753315A (en) * | 2008-11-27 | 2010-06-23 | 百度在线网络技术(北京)有限公司 | Method, device and system for testing DDOS (distributed denial of service) attacks |
| CN106101088A (en) * | 2016-06-04 | 2016-11-09 | 北京兰云科技有限公司 | The method that cleaning equipment, detection equipment, routing device and strick precaution DNS attack |
| CN106230819A (en) * | 2016-07-31 | 2016-12-14 | 上海交通大学 | A kind of DDoS detection method based on stream sampling |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106685962A (en) | 2017-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106685962B (en) | Defense system and method for reflective DDOS attack flow | |
| USRE49126E1 (en) | Real-time adaptive processing of network data packets for analysis | |
| Zheng et al. | Realtime DDoS defense using COTS SDN switches via adaptive correlation analysis | |
| US10397260B2 (en) | Network system | |
| CA2848360C (en) | Network-wide flow monitoring in split architecture networks | |
| CN108040057B (en) | Working method of SDN system suitable for guaranteeing network security and network communication quality | |
| CN104488231B (en) | Method, device and system for selectively monitoring traffic | |
| CN112367217B (en) | A collaborative mass flow detection method and system for software-defined networks | |
| Carlini | The drivers and benefits of edge computing | |
| EP1746769A1 (en) | Measurement system and method of measuring a transit metric | |
| KR20110067871A (en) | Network access device and method for traffic monitoring and control using OAM packet in IP network | |
| US20200021497A1 (en) | Traffic simulator for data transmission system | |
| Nguyen et al. | Network traffic anomalies detection and identification with flow monitoring | |
| CN106506072A (en) | A kind of collecting method and device | |
| CN109413062A (en) | Fictitious host computer is by the monitor processing method of malicious attack and system, node server | |
| US20150029892A1 (en) | Apparatus for detecting a periodicity, a method thereof and a recording medium thereof | |
| Bujlow et al. | A method for assessing quality of service in broadband networks | |
| Leal et al. | MQTT flow signatures for the Internet of things | |
| CN117294538A (en) | Bypass detection and blocking method and system for data security risk behaviors | |
| KR102028756B1 (en) | Apparatus and method for controlling a traffic in automatic meter reading system | |
| CN113542268B (en) | Method for obtaining single industrial control protocol flow based on network link | |
| US12068934B2 (en) | Method and system for network segment performance monitoring | |
| CN115412368B (en) | SDN cooperative control method and system for resisting DDoS attack | |
| KR101499154B1 (en) | Method and apparatus for processing traffic for service of high quality | |
| KR101087761B1 (en) | Traffic classification device and method for classifying Skype traffic data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |