×

Network attack detection method

  • US 9,876,807 B2
  • Filed: 04/16/2015
  • Issued: 01/23/2018
  • Est. Priority Date: 10/10/2014
  • Status: Active Grant
First Claim
Patent Images

1. A method, comprising:

  • at an electronic device having one or more processors, and a memory for storing program instructions that are executed by the one or more processors,conducting a topology analysis on network, and obtaining a probing path set containing at least one probing path according to the topology analysis;

    probing a first probing path contained in the probing path set by using a probing pattern and obtaining a performance metric of the first probing path; and

    determining whether the first probing path is subjected to network attack according to the performance metric and a control performance metric,wherein one end of the probing path is a probing node and another end of the probing path is a target node, a forward path of the probing path is from the probing node to the target node and a reverse path of the probing path is from the target node to the probing node,wherein the probing pattern is modified Recursive Packet Train (mRPT), wherein the performance metric of the first probing path comprises available bandwidth on the forward path,wherein the probing a first probing path by using a probing pattern and obtaining a performance metric of the first probing path comprises;

    sending a mRPT probing packet train from the probing node to the target node, wherein the mRPT probing packet train contains a first sub-probing packet, NL load packets and a second sub-probing packet in sequence, wherein NL is an integer equal to or greater than 1;

    receiving a first ACK packet in responsive to the first sub-probing packet and a second ACK packet in responsive to the second sub-probing packet from the target node;

    determining a time gap GA between an arrival time of the first ACK packet and an arrival time of the second ACK packet; and

    calculating the available bandwidth on the forward path according to NL, GA and SL, where SL is the size of a load packet.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×