公开(公告)号：US20140304817A1

公开(公告)日：2014-10-09

申请号：US14154888

申请日：2014-01-14

Applicant: Electronics and Telecommunications Research Institute

Inventor： Byoung-Koo KIM ,  Yangseo CHOI ,  Ik Kyun KIM

IPC: H04L29/06

CPC classification number: H04L63/1408 ,  H04L63/1458 ,  H04L63/1466 ,  H04L67/02 ,  H04W12/00502

Abstract: A method for detecting a slow read DoS attack in a virtualized environment, the method comprising: receiving a connection request packet transmitted from a client to a server using a web protocol; checking whether the received packet is a TCP SYN packet or a packet of an HTTP GET request message; when it is checked that the received packet is the packet of the HTTP GET request message, detecting whether the received packet is a packet for the slow read DoS attack by analyzing a window size of the HTTP GET request message.

Abstract translation: 一种用于在虚拟化环境中检测慢速读取DoS攻击的方法，所述方法包括：使用web协议从所述客户端发送到服务器的连接请求包; 检查接收的分组是否是TCP SYN分组或HTTP GET请求消息的分组; 当检查接收到的分组是HTTP GET请求消息的分组时，通过分析HTTP GET请求消息的窗口大小来检测接收到的分组是否是用于慢速读取DoS攻击的分组。

公开(公告)号：US20140297004A1

公开(公告)日：2014-10-02

申请号：US13933822

申请日：2013-07-02

Applicant: Electronics and Telecommunications Research Institute

Inventor： Byoung-Koo KIM ,  Dong Ho KANG ,  Seon-Gyoung SOHN ,  Youngjun HEO ,  Jung-Chan NA ,  Ik Kyun KIM

IPC: G05B15/02

CPC classification number: G05B15/02 ,  H04L63/0263 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1441 ,  H04L63/20 ,  H04L2012/40228

Abstract: A method for detecting an abnormal traffic on a control system protocol, includes: checking whether session information exists in a management table; adding a new entry to the management table; checking whether a transaction ID in a table entry is the same as that of the received MODBUS request message; and checking whether data and length thereof of the received MODBUS request message are the same as those in the table entry. Further, the method includes detecting an abnormal traffic; and updating the table entry with packet information of the MODBUS request message.

Abstract translation: 一种用于检测控制系统协议上的异常业务的方法，包括：检查会话信息是否存在于管理表中; 在管理表中添加新条目; 检查表条目中的事务ID是否与接收的MODBUS请求消息的事务ID相同; 并检查其接收到的MODBUS请求消息的数据和长度是否与表条目中的相同。 此外，该方法包括检测异常业务; 以及使用所述MODBUS请求消息的分组信息更新所述表条目。