Method and Apparatus for Tracing Attack Source of Abnormal Network Traffic
First Claim
1. A method for tracing an attack source in the case of abnormal network traffic, which is characterized in comprising steps of:
- from one or more network nodes of an attack link, selecting any or multiple said network nodes as one or more tracing start points, where said attack link is a communication link between an attacked target and an attack source; and
0 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a method and an apparatus for tracing an attack source in the case of an abnormal network traffic, where said method comprises: from the network node(s) of an attack link, any or multiple said network nodes are selected as a tracing start point(s) and there into, said attack link is a communication link between an attacked target and an attack source. According to said tracing start point(s), a higher-level network node of said attack link is identified stepwise until a final attack source is confirmed. By adopting said technical solution provided by the present invention, the problems that the network security mechanisms in related technologies can only alleviate a network attack rather than position an attack source are solved, thus an effect can be achieved to trace and position the attack source in a reverse direction.
16 Citations
10 Claims
-
1. A method for tracing an attack source in the case of abnormal network traffic, which is characterized in comprising steps of:
from one or more network nodes of an attack link, selecting any or multiple said network nodes as one or more tracing start points, where said attack link is a communication link between an attacked target and an attack source; and - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. An apparatus for tracing an attack source in the case of abnormal network traffic, which is characterized in comprising:
-
a selection module used to select any or multiple said network nodes from the one or more network nodes of attack network as a tracing start point(s), where said attack link is a communication link between an attacked target and an attack source; and a determination module used to identify stepwise one or more higher-level network node of said attack network according to said one or more tracing start points until a final attack source is confirmed. - View Dependent Claims (10)
-
Specification