Search

CN-122027331-A - DrDoS attack-oriented multidimensional collaborative defense system and method

CN122027331ACN 122027331 ACN122027331 ACN 122027331ACN-122027331-A

Abstract

The invention relates to a DrDoS attack-oriented multidimensional collaborative defense system and a DrDoS attack-oriented multidimensional collaborative defense method, which belong to the technical field of network security, wherein the system comprises an initialization module, a server and a server, wherein the initialization module is used for predefining client identifiers and setting the maximum continuous request number; the system comprises an authentication module, a request control module, a collaborative intervention module and a response limiting module, wherein the authentication module is used for authenticating a request of a client based on a weak authentication and verification code mechanism, the request control module is used for controlling the continuous request times of the client, the collaborative intervention module is used for starting ISP collaborative intervention when the client suffers DrDoS attack, recovering network performance, and the response limiting module is used for carrying out response control on the server. The invention can construct a cooperative defense system from four layers of an attack source end, a server end, a victim end and a network operator.

Inventors

  • HU JUNCHENG
  • HUANG HAIOU
  • Lv Kedi
  • LI YINGJI
  • XING YONGHENG
  • WANG HENGZHI

Assignees

  • 吉林大学
  • 吉林农业科技学院

Dates

Publication Date
20260512
Application Date
20260320

Claims (10)

  1. 1.A DrDoS attack-oriented multidimensional collaborative defense system, comprising: The initialization module is used for predefining a client identifier by the server and setting the maximum continuous request number; the authentication module is used for authenticating the request of the client based on a weak authentication and verification code mechanism by the server; the request control module is used for controlling the continuous request times of the client; the collaborative intervention module is used for starting ISP collaborative intervention of a network operator when being attacked by DrDoS, and recovering network performance; and the response limiting module is used for carrying out response control on the server.
  2. 2. The DrDoS attack-oriented multidimensional collaborative defense system according to claim 1 wherein the weak authentication and captcha mechanism in the authentication module includes: when a client and a server are connected for the first time, the server generates a session identifier containing a random number and a verification code, wherein the verification code is a hash value; In the subsequent requests, the server judges the authenticity of the source of the request by comparing the legitimacy of the verification code attached to the client.
  3. 3. The DrDoS attack-oriented multidimensional collaboration defense system of claim 1 wherein, in the request control module: When the request times of the client is larger than the set maximum continuous request times, the server clears the corresponding client record and forces the client to carry out identity verification again.
  4. 4. The DrDoS attack-oriented multidimensional collaborative defense system according to claim 1, wherein the collaborative intervention module: when the victim detects that the victim is under DrDoS attack, a help signal is sent to the ISP; After the ISP verifies the identity of the victim, the ISP actively intervenes and filters or blocks attack traffic at the network layer to assist the victim in recovering network performance within a preset time period.
  5. 5. The DrDoS attack-oriented multidimensional collaborative defense system according to claim 1, wherein the response limiting module: And simultaneously, combining a verification mechanism, and not responding to an unverified request or returning a very small response packet.
  6. 6. A multi-dimensional cooperative defense method for DrDoS attacks, applied to the system according to any one of claims 1 to 5, the method comprising: the server predefines the client identifier and sets the maximum number of continuous requests; the server authenticates the request of the client based on a weak authentication and verification code mechanism; the server verifies the request times of the client; Enabling ISP cooperative intervention to restore network performance when being attacked by DrDoS; And responding and controlling the server.
  7. 7. The DrDoS attack oriented multidimensional cooperative defense method of claim 6, wherein the server authenticating the request of the client based on weak authentication and captcha mechanism comprises: The client sends a request to the server; the server judges the request as the first request, generates a session identifier containing a random number and calculates a hash value; the server returns a session identifier to the client, and a first request and a hash value sent by the client i to the server; The server verifies whether the hash values match.
  8. 8. The DrDoS attack-oriented multidimensional collaborative defense method according to claim 6, wherein verifying the number of requests of the client includes: When the request times of the client is larger than the set maximum continuous request times, the server clears the corresponding client record and forces the client to carry out identity verification again.
  9. 9. The DrDoS attack-oriented multidimensional collaborative defense method according to claim 6 wherein enabling ISP collaborative intervention when subjected to DrDoS attack, restoring network performance comprises: when the victim detects that the victim is under DrDoS attack, a help signal is sent to the ISP; After the ISP verifies the identity of the victim, the ISP actively intervenes and filters or blocks attack traffic at the network layer to assist the victim in recovering network performance within a preset time period.
  10. 10. The method for multi-dimensional collaborative defense against DrDoS attacks according to claim 6, wherein controlling the response of the server includes: And simultaneously, combining a verification mechanism, and not responding to an unverified request or returning a very small response packet.

Description

DrDoS attack-oriented multidimensional collaborative defense system and method Technical Field The invention relates to the technical field of network security, in particular to a DrDoS attack-oriented multidimensional collaborative defense system and a DrDoS attack-oriented multidimensional collaborative defense method. Background With the wide deployment of the internet of things, the inherent security hole (such as old firmware and lack of authentication mechanism) makes DrDoS attacks based on the UDP protocol more and more rampant. An attacker sends a request to an open UDP service (e.g., NTP, DNS, SSDP, etc.) by forging the victim IP address, reflecting a large amount of traffic to the target with its amplification effect, resulting in service outage. The existing defense means mainly comprise two types: 1. the intrusion detection method is based on packet filtering, fuzzy logic, entropy change detection and the like, but is usually responded after attack occurs, and has the problems of large delay, high misjudgment rate, large resource consumption and the like. 2. Protocol reinforcement methods such as weak authentication (e.g., cookie mechanism) and increasing attack costs (e.g., client Puzzle, falling-tagther). However, these methods have the following problems: (1) The Cookie mechanism is easy to be attacked by replay and has high communication overhead; (2) The Client Puzzle has high calculation cost and is easy to be utilized by an attacker to consume resources; (3) The Falling-tgother is only suitable for single-point attack, and cannot cope with distributed attack. Therefore, the prior art is difficult to realize effective, real-time and multidimensional defense on UDP DrDoS attacks while guaranteeing the system performance. Disclosure of Invention The invention aims to solve the problems of response lag, large resource consumption, single protection dimension and the like of UDP DrDoS attack defense schemes in the existing Internet of things environment. Specifically, the invention provides a multidimensional cooperative defense scheme (UDAM) integrating a weak authentication mechanism and an attack cost promotion strategy, which constructs a cooperative defense system from four layers of an attack source end, a server end, a victim end and a network operator (ISP) to realize the following aims: (1) Blocking the fake request through a weak authentication mechanism before attack occurs; (2) Limiting the attack scale by lifting the attack cost in the attack process; (3) After attack occurs, fast recovery is realized through ISP cooperation; (4) On the premise of guaranteeing the throughput, response time and CPU utilization rate of the system, the high-efficiency, real-time and lightweight defense against UDP DrDoS attacks is realized. In order to achieve the above object, the present invention provides the following solutions: a DrDoS attack-oriented multi-dimensional collaborative defense system, comprising: The initialization module is used for predefining a client identifier by the server and setting the maximum continuous request number; the authentication module is used for authenticating the request of the client based on a weak authentication and verification code mechanism by the server; the request control module is used for controlling the continuous request times of the client; the collaborative intervention module is used for starting ISP collaborative intervention of a network operator when being attacked by DrDoS, and recovering network performance; and the response limiting module is used for carrying out response control on the server. Optionally, the weak authentication and verification code mechanism in the authentication module includes: When the client and the server are connected for the first time, the server generates a session identifier containing a random number and calculates a hash value as a verification code; In the subsequent requests, the server judges the authenticity of the source of the request by comparing the legitimacy of the verification code attached to the client. Optionally, in the request control module: When the request times of the client is larger than the set maximum continuous request times, the server clears the corresponding client record and forces the client to carry out identity verification again. Optionally, in the collaborative intervention module: when the victim detects that the victim is under DrDoS attack, a help signal is sent to the ISP; After the ISP verifies the identity of the victim, the ISP actively intervenes and filters or blocks attack traffic at the network layer to assist the victim in recovering network performance within a preset time period. Optionally, in the response limiting module: And simultaneously, combining a verification mechanism, and not responding to an unverified request or returning a very small response packet. A DrDoS attack-oriented multidimensional collaborative defense method comprises the following st