公开(公告)号：US20110138463A1

公开(公告)日：2011-06-09

申请号：US12946849

申请日：2010-11-15

申请人： Hak Suh KIM ,  Kyoung-Soon KANG ,  Ki Cheol JEON ,  Bong Tae KIM ,  Byungjun AHN

发明人： Hak Suh KIM ,  Kyoung-Soon KANG ,  Ki Cheol JEON ,  Bong Tae KIM ,  Byungjun AHN

IPC分类号： G06F11/00

CPC分类号： H04L63/1425 ,  H04L63/1458

摘要： Disclosed are a method and system for distributed denial of service (DDoS) attack detection and traffic mitigation using flow statistics. The method for DDoS attack detection and traffic mitigation using flow statistics includes: collecting first statistics for each flow based on flow information generated by traffic flow of a network connection device; and grouping the first statistics for each flow on a per-flow basis and processing the same into second statistics containing at least one of the number of bytes, the number of packets, and the number of flows per unit time.

摘要翻译： 公开了使用流量统计的分布式拒绝服务（DDoS）攻击检测和流量减轻的方法和系统。 使用流量统计的DDoS攻击检测和流量缓解方法包括：根据网络连接设备的流量流生成的流信息，收集每个流的第一个统计信息; 并且以每流为基础对每个流的第一统计数据进行分组，并将其处理为包含每单位时间的字节数，分组数和流数的至少一个的第二统计。

公开(公告)号：US20130166733A1

公开(公告)日：2013-06-27

申请号：US13619913

申请日：2012-09-14

申请人： Kyoung-Soon KANG ,  Hak Suh KIM ,  Ki Cheol JEON ,  Hyeonsik YOON ,  Boo Geum JUNG ,  Hea Sook PARK

发明人： Kyoung-Soon KANG ,  Hak Suh KIM ,  Ki Cheol JEON ,  Hyeonsik YOON ,  Boo Geum JUNG ,  Hea Sook PARK

IPC分类号： G06F15/173

CPC分类号： H04L41/0896 ,  H04L41/5019 ,  H04L43/16 ,  H04L47/20

摘要： Disclosed is a network bandwidth distribution device which includes an information collector which collects information associated with a connection environment; a controller which judges a state of a connection environment according to the collected information and collects information of each user to judge whether an occupied bandwidth of each user is exceeded; and a bandwidth allotter which limits an occupied bandwidth of each user based on the judged state of a connection environment and whether an occupied bandwidth of each user is exceeded.

摘要翻译： 公开了一种网络带宽分配装置，其包括收集与连接环境相关联的信息的信息收集器; 控制器，根据所收集的信息判断连接环境的状态，并收集每个用户的信息，判断是否超过了每个用户的占用带宽; 以及带宽分配器，其基于所判断的连接环境的状态以及是否超过每个用户的占用带宽来限制每个用户的占用带宽。

公开(公告)号：US20120151593A1

公开(公告)日：2012-06-14

申请号：US13323050

申请日：2011-12-12

申请人： Kyoung-Soon KANG ,  Hak-Suh Kim ,  Boo-Geum Jung ,  Ki-Cheol Jeon ,  Byung-jun Ahn

发明人： Kyoung-Soon KANG ,  Hak-Suh Kim ,  Boo-Geum Jung ,  Ki-Cheol Jeon ,  Byung-jun Ahn

IPC分类号： G06F21/00

CPC分类号： H04L63/1458 ,  H04L41/142 ,  H04L43/026 ,  H04L43/0894 ,  H04L63/1425

摘要： Provided is a DDoS attack detection apparatus including an information collecting unit to collect DDoS detection information including rate information about traffic change, variation of a first type flow and a Packet Per Second (PPS) for a second type flow, in which the rate information about traffic change is obtained using packet count of packets input per a unit time, flow count of flows input per the unit time and the byte count of bytes input per the unit time; and a testing unit to calculate a probability of occurrence of the DDoS attack by use of a first probability determined by the rate information about traffic change, a second probability determined by the variation of the first type flow and a third probability determined by the PPS for the second type flow and detect occurrence of the DDoS attack based on the probability of occurrence of the DDoS attack.

摘要翻译： 提供了一种DDoS攻击检测装置，其包括：信息收集单元，用于收集关于流量变化的速率信息，第一类型流的变化和第二类型流的每秒包（Packet Per Second，PPS）的DDoS检测信息，其中关于 使用每单位时间输入的分组的分组计数，每单位时间输入的流量流量和每单位时间输入的字节数字获得流量变化; 以及测试单元，通过使用由关于业务变化的速率信息确定的第一概率来计算DDoS攻击的发生概率，由第一类型流的变化确定的第二概率和由PPS确定的第三概率，用于 根据DDoS攻击的发生概率，第二类流检测DDoS攻击的发生。

公开(公告)号：US20120151583A1

公开(公告)日：2012-06-14

申请号：US13314741

申请日：2011-12-08

申请人： Kyoung-Soon KANG ,  Hak-Suh Kim ,  Byung-Jun Ahn

发明人： Kyoung-Soon KANG ,  Hak-Suh Kim ,  Byung-Jun Ahn

IPC分类号： G06F21/00

CPC分类号： G06F21/552 ,  H04L63/0227 ,  H04L63/1416 ,  H04L63/1458 ,  H04L63/166

摘要： A Distributed Denial of Service (DDoS) attack detection and defense apparatus and method are provided. The Distributed Denial of Service (DDoS) attack detection and defense apparatus includes: a flow information collection unit to collect, from one or more input packets with an IP address of an attack target system as a destination IP address, flow information including source IP addresses of the input packets and packet counts of one or more flows that are classified for each of the source IP addresses and each of different protocol types; an inspection unit to calculate packets per second (PPS) values of the flows based on the packet counts; and a response unit to determine a DDoS attack response method for each of the flows based on the PPS value and the protocol type of a corresponding flow and to process the corresponding flow using the determined DDoS attack response method

摘要翻译： 提供了分布式拒绝服务（DDoS）攻击检测和防御设备和方法。 分散拒绝服务（DDoS）攻击检测和防御装置包括：流信息收集单元，从一个或多个输入分组以攻击目标系统的IP地址作为目的地IP地址收集包括源IP地址的流信息 对于源IP地址和不同协议类型中的每一个分类的一个或多个流的输入分组和分组计数; 基于分组计数来计算流的每秒包（PPS）值的检查单元; 以及响应单元，用于基于PPS值和相应流的协议类型来确定每个流的DDoS攻击响应方法，并使用确定的DDoS攻击响应方法来处理相应的流

公开(公告)号：US20130167229A1

公开(公告)日：2013-06-27

申请号：US13614528

申请日：2012-09-13

申请人： Kyoung-Soon KANG ,  Hea Sook PARK ,  Kyeong Ho LEE ,  Byungjun AHN ,  Hyunjoo KANG ,  Yoo Hwa KANG

发明人： Kyoung-Soon KANG ,  Hea Sook PARK ,  Kyeong Ho LEE ,  Byungjun AHN ,  Hyunjoo KANG ,  Yoo Hwa KANG

IPC分类号： G06F21/00

CPC分类号： H04L63/1441 ,  H04L63/0227

摘要： Disclosed is a traffic managing device which includes an information collector collecting primary information associated with a flow; a controller judging a traffic state, collecting secondary information associated with the traffic based on the judged traffic state and the primary information, and judging whether the flow is abnormal, based on the secondary information; and a traffic correspondence unit dropping the flow based on the judged traffic state and whether the flow is abnormal. The primary information includes internet protocol addresses of source and destination of the flow and the secondary information includes a flow number of each internet protocol address of a source.

摘要翻译： 公开了一种流量管理装置，其包括收集与流相关联的主要信息的信息收集器; 基于所述次要信息判断流量状态的控制器，基于所判定的流量状态和所述主信息来收集与所述流量相关联的次要信息，判断流量是否异常; 以及流量对应单元，根据所判断的流量状态和流量是否异常而丢弃流量。 主要信息包括流的源和目的地的互联网协议地址，次要信息包括源的每个互联网协议地址的流程号。