APPARATUS AND METHOD OF DETECTING DISTRIBUTED REFLECTION DENIAL OF SERVICE ATTACK BASED ON FLOW INFORMATION
First Claim
1. An apparatus of detecting a distributed reflection denial of service attack, the apparatus comprising:
- a monitoring unit obtaining flow information including an IP of a source, a port number of the source, an IP of a destination, and a port number of the destination of data which flows at one point of a communication network, and the number and the sizes of packets;
a memory unit storing a flow table in which the flow information of the data, the packet number and the packet size are input; and
a control unit inputting the number and the sizes of packets of data obtained by the monitoring unit for a predetermined time as a first entry for each flow information in the flow table when at least one of the port number of the source and the port number of the destination of the data is a predetermined port number anddetecting the DRDoS attack by using at least one of the number of packets and the size of packet of the first entry and the flow information of the first entry.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed is an apparatus of detecting a distributed reflection denial of service attack, including: a monitoring unit obtaining flow information including an IP and a port number of a source, an IP and a port number of a destination of data, and the number and the sizes of packets; a memory unit storing a flow table in which the flow information of the data, the packet number and the packet size are input; and a control unit detecting the DRDoS attack by using at least one of the number and the size of packets of the first entry and the flow information of the first entry.
10 Citations
19 Claims
-
1. An apparatus of detecting a distributed reflection denial of service attack, the apparatus comprising:
-
a monitoring unit obtaining flow information including an IP of a source, a port number of the source, an IP of a destination, and a port number of the destination of data which flows at one point of a communication network, and the number and the sizes of packets; a memory unit storing a flow table in which the flow information of the data, the packet number and the packet size are input; and a control unit inputting the number and the sizes of packets of data obtained by the monitoring unit for a predetermined time as a first entry for each flow information in the flow table when at least one of the port number of the source and the port number of the destination of the data is a predetermined port number and detecting the DRDoS attack by using at least one of the number of packets and the size of packet of the first entry and the flow information of the first entry. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of detecting a distributed reflection denial of service attack, the method comprising:
-
obtaining flow information including an IP of a source, a port number of the source, an IP of a destination, and a port number of the destination of data which flows at one point of a communication network, and the number and the sizes of packets; inputting the number and the sizes of packets of data obtained for a predetermined time as a first entry for each flow information in the flow table when at least one of the port number of the source and the port number of the destination of the data is a predetermined port number; and detecting the DRDoS attack by using at least one of the number of packets and the size of packet of the first entry and the flow information of the first entry. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
Specification