×

Apparatus and method of detecting distributed reflection denial of service attack based on flow information

  • US 10,447,715 B2
  • Filed: 08/30/2016
  • Issued: 10/15/2019
  • Est. Priority Date: 03/02/2016
  • Status: Active Grant
First Claim
Patent Images

1. An apparatus for detecting a distributed reflection denial of service (DRDoS) attack, the apparatus comprising:

  • a monitoring unit obtaining flow information and the number and the sizes of packets of data which flows at one point of a communication network, the flow information including an IP of a source, a port number of the source, an IP of a destination, and a port number of the destination of the data;

    a memory unit storing a flow table in which the flow information of the data, the packet number, and the packet size are input; and

    a control unit;

    inputting the number and the sizes of packets of data obtained by the monitoring unit for a predetermined time as a first entry for the flow information in the flow table when at least one of the port number of the source and the port number of the destination of the data is a predetermined port number,detecting the DRDoS attack by using

         1) at least one of the number of packets and the size of packet of the first entry, and

         2) the flow information of the first entry, anddetermining, using the first entry, a victim of the DRDoS attack, an IP which an attacker of the DRDoS attack spoofs, or both.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×