Network attack detection method
First Claim
Patent Images
1. A method, comprising:
- at an electronic device having one or more processors, and a memory for storing program instructions that are executed by the one or more processors,conducting a topology analysis on network, and obtaining a probing path set containing at least one probing path according to the topology analysis;
probing a first probing path contained in the probing path set by using a probing pattern and obtaining a performance metric of the first probing path; and
determining whether the first probing path is subjected to network attack according to the performance metric and a control performance metric,wherein one end of the probing path is a probing node and another end of the probing path is a target node, a forward path of the probing path is from the probing node to the target node and a reverse path of the probing path is from the target node to the probing node,wherein the probing pattern is modified Recursive Packet Train (mRPT), wherein the performance metric of the first probing path comprises available bandwidth on the forward path,wherein the probing a first probing path by using a probing pattern and obtaining a performance metric of the first probing path comprises;
sending a mRPT probing packet train from the probing node to the target node, wherein the mRPT probing packet train contains a first sub-probing packet, NL load packets and a second sub-probing packet in sequence, wherein NL is an integer equal to or greater than 1;
receiving a first ACK packet in responsive to the first sub-probing packet and a second ACK packet in responsive to the second sub-probing packet from the target node;
determining a time gap GA between an arrival time of the first ACK packet and an arrival time of the second ACK packet; and
calculating the available bandwidth on the forward path according to NL, GA and SL, where SL is the size of a load packet.
1 Assignment
0 Petitions
Accused Products
Abstract
It is described a network attack detection method. A topology analysis on network is conducted to obtain a probing path set containing at least one probing path. A first probing path contained in the probing path set is probed by using a probing pattern to obtain a performance metric of the first probing path. It is determined whether the first probing path is subjected to network attack according to the performance metric and a control performance metric.
-
Citations
8 Claims
-
1. A method, comprising:
at an electronic device having one or more processors, and a memory for storing program instructions that are executed by the one or more processors, conducting a topology analysis on network, and obtaining a probing path set containing at least one probing path according to the topology analysis; probing a first probing path contained in the probing path set by using a probing pattern and obtaining a performance metric of the first probing path; and determining whether the first probing path is subjected to network attack according to the performance metric and a control performance metric, wherein one end of the probing path is a probing node and another end of the probing path is a target node, a forward path of the probing path is from the probing node to the target node and a reverse path of the probing path is from the target node to the probing node, wherein the probing pattern is modified Recursive Packet Train (mRPT), wherein the performance metric of the first probing path comprises available bandwidth on the forward path, wherein the probing a first probing path by using a probing pattern and obtaining a performance metric of the first probing path comprises; sending a mRPT probing packet train from the probing node to the target node, wherein the mRPT probing packet train contains a first sub-probing packet, NL load packets and a second sub-probing packet in sequence, wherein NL is an integer equal to or greater than 1; receiving a first ACK packet in responsive to the first sub-probing packet and a second ACK packet in responsive to the second sub-probing packet from the target node; determining a time gap GA between an arrival time of the first ACK packet and an arrival time of the second ACK packet; and calculating the available bandwidth on the forward path according to NL, GA and SL, where SL is the size of a load packet. - View Dependent Claims (2, 3, 4, 5)
-
6. A non-transitory computer-readable storage medium storing instructions thereon for execution by at least one processing circuit, the instructions comprising:
-
conducting a topology analysis on network, and obtaining a probing path set containing at least one probing path according to the topology analysis; probing a first probing path contained in the probing path set by using a probing pattern and obtaining a performance metric of the first probing path; and determining whether the first probing path is subjected to network attack according to the performance metric and a control performance metric, wherein one end of the probing path is a probing node and another end of the probing path is a target node, a forward path of the probing path is from the probing node to the target node and a reverse path of the probing path is from the target node to the probing node, wherein the probing pattern is modified Recursive Packet Train (mRPT), wherein the performance metric of the first probing path comprises available bandwidth on the forward path, wherein the probing a first probing path by using a probing pattern and obtaining a performance metric of the first probing path comprises; sending a mRPT probing packet train from the probing node to the target node, wherein the mRPT probing packet train contains a first sub-probing packet, NL load packets and a second sub-probing packet in sequence, wherein NL is an integer equal to or greater than 1; receiving a first ACK packet in responsive to the first sub-probing packet and a second ACK packet in responsive to the second sub-probing packet from the target node; determining a time gap GA between an arrival time of the first ACK packet and an arrival time of the second ACK packet; and calculating the available bandwidth on the forward path according to NL, GA and SL, where SL is the size of a load packet. - View Dependent Claims (7)
-
-
8. An apparatus, comprising:
-
one or more processors; and a memory coupled to the one or more processors; instructions stored in the memory, the instructions being executable by the one or more processors to; conduct a topology analysis on network, and obtain a probing path set containing at least one probing path according to the topology analysis; probe a first probing path contained in the probing path set by using a probing pattern and obtain a performance metric of the first probing path; and determine whether the first probing path is subjected to network attack according to the performance metric and a control performance metric, wherein one end of the probing path is a probing node and another end of the probing path is a target node, a forward path of the probing path is from the probing node to the target node and a reverse path of the probing path is from the target node to the probing node, wherein the probing pattern is modified Recursive Packet Train (mRPT), wherein the performance metric of the first probing path comprises available bandwidth on the forward path, wherein probing a first probing path by using a probing pattern and obtaining a performance metric of the first probing path comprises; sending a mRPT probing packet train from the probing node to the target node, wherein the mRPT probing packet train contains a first sub-probing packet, NL load packets and a second sub-probing packet in sequence, wherein NL is an integer equal to or greater than 1; receiving a first ACK packet in responsive to the first sub-probing packet and a second ACK packet in responsive to the second sub-probing packet from the target node; determining a time gap GA between an arrival time of the first ACK packet and an arrival time of the second ACK packet; and calculating the available bandwidth on the forward path according to NL, GA and SL, where SL is the size of a load packet.
-
Specification