Network attack detection method
First Claim
Patent Images
1. A method, comprising:
- at an electronic device having one or more processors, and a memory for storing program instructions that are executed by the one or more processors,conducting a topology analysis on network, and obtaining a probing path set containing at least one probing path according to the topology analysis;
probing a first probing path contained in the probing path set by using a probing pattern and obtaining a performance metric of the first probing path; and
determining whether the first probing path is subjected to network attack according to the performance metric and a control performance metric,wherein one end of the probing path is a probing node and another end of the probing path is a target node, a forward path of the probing path is from the probing node to the target node and a reverse path of the probing path is from the target node to the probing node,wherein the probing pattern is Round Trip Probing (RTP),wherein the probing a first probing path by using a probing pattern and obtaining a performance metric of the first probing path comprises;
sending at least two RTP probing packets from the probing node to the target node;
receiving RTP response packets in responsive to the RTP probing packets from the target node of the first probing path, each RTP response packet having a sequence number and an ACK number; and
according to the sequence numbers and the ACK numbers of the RTP response packets, determining one or more of the following performance metric of the first probing path;
a RTP packet loss rate on the forward path, a RTP loss pair rate on the forward path, a RTP packet reordering rate on the forward path, a RTP packet loss rate on the reverse path, a RTP packet reordering rate on the reverse path, and a RTP loss pair rate on the reverse path,wherein a packet pair on the forward path is placed between load packets and measurement packets and consists of an α
th RTP probing packet and an α
+1th RTP probing packet, a packet pair on the reverse path consists of an α
th RTP response packet and an α
+1th RTP response packet, the α
th RTP probing packet corresponds to the α
th RTP response packet, a time gap between the α
th RTP response packet and the α
+1th RTP response packet being used to estimate an interval between head and tail load packets.
0 Assignments
0 Petitions
Accused Products
Abstract
It is described a network attack detection method. A topology analysis on network is conducted to obtain a probing path set containing at least one probing path. A first probing path contained in the probing path set is probed by using a probing pattern to obtain a performance metric of the first probing path. It is determined whether the first probing path is subjected to network attack according to the performance metric and a control performance metric.
5 Citations
7 Claims
-
1. A method, comprising:
-
at an electronic device having one or more processors, and a memory for storing program instructions that are executed by the one or more processors, conducting a topology analysis on network, and obtaining a probing path set containing at least one probing path according to the topology analysis; probing a first probing path contained in the probing path set by using a probing pattern and obtaining a performance metric of the first probing path; and determining whether the first probing path is subjected to network attack according to the performance metric and a control performance metric, wherein one end of the probing path is a probing node and another end of the probing path is a target node, a forward path of the probing path is from the probing node to the target node and a reverse path of the probing path is from the target node to the probing node, wherein the probing pattern is Round Trip Probing (RTP), wherein the probing a first probing path by using a probing pattern and obtaining a performance metric of the first probing path comprises; sending at least two RTP probing packets from the probing node to the target node; receiving RTP response packets in responsive to the RTP probing packets from the target node of the first probing path, each RTP response packet having a sequence number and an ACK number; and according to the sequence numbers and the ACK numbers of the RTP response packets, determining one or more of the following performance metric of the first probing path;
a RTP packet loss rate on the forward path, a RTP loss pair rate on the forward path, a RTP packet reordering rate on the forward path, a RTP packet loss rate on the reverse path, a RTP packet reordering rate on the reverse path, and a RTP loss pair rate on the reverse path,wherein a packet pair on the forward path is placed between load packets and measurement packets and consists of an α
th RTP probing packet and an α
+1th RTP probing packet, a packet pair on the reverse path consists of an α
th RTP response packet and an α
+1th RTP response packet, the α
th RTP probing packet corresponds to the α
th RTP response packet, a time gap between the α
th RTP response packet and the α
+1th RTP response packet being used to estimate an interval between head and tail load packets. - View Dependent Claims (2, 3)
-
-
4. A non-transitory computer-readable storage medium storing instructions thereon for execution by at least one processing circuit, the instructions comprising:
-
conducting a topology analysis on network, and obtaining a probing path set containing at least one probing path according to the topology analysis; probing a first probing path contained in the probing path set by using a probing pattern and obtaining a performance metric of the first probing path; and determining whether the first probing path is subjected to network attack according to the performance metric and a control performance metric, wherein one end of the probing path is a probing node and another end of the probing path is a target node, a forward path of the probing path is from the probing node to the target node and a reverse path of the probing path is from the target node to the probing node,. wherein the probing pattern is Round Trip Probing (RTP), wherein the probing a first probing path by using a probing pattern and obtaining a performance metric of the first probing path comprises; sending at least two RTP probing packets from the probing node to the target node; receiving RTP response packets in responsive to the RTP probing packets from the target node of the first probing path, each RTP response packet having a sequence number and an ACK number; and according to the sequence numbers and the ACK numbers of the RTP response packets, determining one or more of the following performance metric of the first probing path;
a RTP packet loss rate on the forward path, a RTP loss pair rate on the forward path, a RTP packet reordering rate on the forward path, a RTP packet loss rate on the reverse path, a RTP packet reordering rate on the reverse path, and a RTP loss pair rate on the reverse path,wherein a packet pair on the forward path is placed between load packets and measurement packets and consists of an α
th RTP probing packet and an α
+1th RTP probing packet, a packet pair on the reverse path consists of an α
th RTP response packet and an α
+1th RTP response packet, the α
th RTP probing packet corresponds to the α
th RTP response packet, a time gap between the α
th RTP response packet and the α
+1h RTP response packet being used to estimate an interval between head and tail load packets. - View Dependent Claims (5)
-
-
6. An apparatus, comprising:
-
one or more processors; and a memory coupled to the one or more processors; instructions stored in the memory, the instructions being executable by the one or more processors to; conduct a topology analysis on network, and obtain a probing path set containing at least one probing path according to the topology analysis; probe a first probing path contained in the probing path set by using a probing pattern and obtain a performance metric of the first probing path; and determine whether the first probing path is subjected to network attack according to the performance metric and a control performance metric, wherein one end of the probing path is a probing node and another end of the probing path is a target node, a forward path of the probing path is from the probing node to the target node and a reverse path of the probing path is from the target node to the probing node, wherein the probing pattern is Round Trip Probing (RTP), wherein the probing a first probing path by using a probing pattern and obtaining a performance metric of the first probing path comprises; sending at least two RTP probing packets from the probing node to the target node; receiving RTP response packets in responsive to the RTP probing packets from the target node of the first probing path, each RTP response packet having a sequence number and an ACK number; and according to the sequence numbers and the ACK numbers of the RTP response packets, determining one or more of the following performance metric of the first probing path;
a RTP packet loss rate on the forward path, a RTP loss pair rate on the forward path, a RTP packet reordering rate on the forward path, a RTP packet loss rate on the reverse path, a RTP packet reordering rate on the reverse path, and a RTP loss pair rate on the reverse path,wherein a packet pair on the forward path is placed between load packets and measurement packets and consists of an α
th RTP probing packet and an α
+1th RTP probing packet, a packet pair on the reverse path consists of an ath RTP response packet and an α
+1th RTP response packet, the α
th RTP probing packet corresponds to the α
th RTP response packet, a time gap between the α
th RTP response packet and the α
+1th RTP response packet being used to estimate an interval between head and tail load packets. - View Dependent Claims (7)
-
Specification