公开(公告)号：KR101420196B1

公开(公告)日：2014-07-18

申请号：KR1020130005965

申请日：2013-01-18

Applicant: 한남대학교 산학협력단

Inventor： 이극 ,  박종재 ,  정호열 ,  최경호

IPC: H04L12/22 ,  H04L12/26

CPC classification number: H04L63/1458 ,  H04L45/20 ,  H04L63/1466

Abstract: Disclosed are a method and an apparatus for preventing a DDoS attack. The method for preventing the DDoS attack comprises the steps of: extracting a path value of a router, a source IP address, and the period of the survival from an input packet; comparing the extracted path value of the router with the preset path value of the router and determining whether or not the spoofing of the input packet exists; calculating a hop number of the input packet if the input packet is the spoofed packet; and blocking a non-spoofed input packet if the calculated hop number does not meet a preset criteria. Therefore the DDoS attack can be effectively prevented.

Abstract translation: 公开了一种防止DDoS攻击的方法和装置。 防止DDoS攻击的方法包括以下步骤：从输入分组中提取路由器的路径值，源IP地址和生存周期; 将路由器的提取的路径值与路由器的预设路径值进行比较，并确定是否存在输入分组的欺骗; 如果输入分组是欺骗分组，则计算输入分组的跳数; 并且如果所计算的跳数不符合预设标准，则阻止非欺骗性输入分组。 因此可以有效防止DDoS攻击。

公开(公告)号：KR1020140095355A

公开(公告)日：2014-08-01

申请号：KR1020130008245

申请日：2013-01-24

Applicant: 한남대학교 산학협력단

Inventor： 이극 ,  박종재 ,  정호열 ,  최경호

IPC: H04L12/26 ,  H04L29/06

CPC classification number: H04L63/1416 ,  H04L41/0213 ,  H04L63/1458

Abstract: Disclosed is an SNMP-based traffic flooding attack detecting system capable of detecting attack traffic by analyzing traffic in a network, comprising an attack type database (DB) storing an SNMP type of attack traffic; a first stage analyzing unit collecting traffic in a network and determining whether the collected traffic is attack traffic by using a support vector machine (SVM); a second stage analyzing unit receiving traffic determined as attack traffic from the first stage analyzing unit, analyzing an SNMP type of the received traffic, and storing the analyzed traffic in the attack type DB; and a real-time handling unit receiving the attack traffic from the first stage analyzing unit, comparing a type of the received traffic with the SNMP type stored in the attack type DB, and handling the attack traffic when the two types are identical. By the SNMP-based traffic flooding attack detecting system, a traffic attack can be quickly detected in real time and a service can be managed by limiting it partially according to protocols against a flooding attack.

Abstract translation: 公开了一种基于SNMP的流量泛滥攻击检测系统，其能够通过分析网络中的流量来检测攻击流量，包括存储SNMP类型的攻击流量的攻击类型数据库（DB）; 收集网络中的流量的第一阶段分析单元，并通过使用支持向量机（SVM）来确定所收集的流量是否是攻击流量; 从第一级分析单元接收被确定为攻击流量的流量的第二级分析单元，分析接收到的流量的SNMP类型，并将分析的流量存储在攻击类型DB中; 以及实时处理单元，接收来自第一级分析单元的攻击流量，将接收到的流量的类型与存储在攻击类型DB中的SNMP类型进行比较，以及当两种类型相同时处理攻击流量。 通过基于SNMP的流量泛洪攻击检测系统，可以实时快速检测到流量攻击，并可以根据洪泛攻击的协议部分限制流量攻击。