公开(公告)号：US08677488B2

公开(公告)日：2014-03-18

申请号：US13323050

申请日：2011-12-12

申请人： Kyoung-Soon Kang ,  Hak-Suh Kim ,  Boo-Geum Jung ,  Ki-Cheol Jeon ,  Byung-Jun Ahn

发明人： Kyoung-Soon Kang ,  Hak-Suh Kim ,  Boo-Geum Jung ,  Ki-Cheol Jeon ,  Byung-Jun Ahn

IPC分类号： H04L29/06

CPC分类号： H04L63/1458 ,  H04L41/142 ,  H04L43/026 ,  H04L43/0894 ,  H04L63/1425

摘要： Provided is a DDoS attack detection apparatus including an information collecting unit to collect DDoS detection information including rate information about traffic change, variation of a first type flow and a Packet Per Second (PPS) for a second type flow, in which the rate information about traffic change is obtained using packet count of packets input per a unit time, flow count of flows input per the unit time and the byte count of bytes input per the unit time; and a testing unit to calculate a probability of occurrence of the DDoS attack by use of a first probability determined by the rate information about traffic change, a second probability determined by the variation of the first type flow and a third probability determined by the PPS for the second type flow and detect occurrence of the DDoS attack based on the probability of occurrence of the DDoS attack.

摘要翻译： 提供了一种DDoS攻击检测装置，其包括：信息收集单元，用于收集关于流量变化的速率信息，第一类型流的变化和第二类型流的每秒包（Packet Per Second，PPS）的DDoS检测信息，其中关于 使用每单位时间输入的分组的分组计数，每单位时间输入的流量流量和每单位时间输入的字节数字获得流量变化; 以及测试单元，通过使用由关于业务变化的速率信息确定的第一概率来计算DDoS攻击的发生概率，由第一类型流的变化确定的第二概率和由PPS确定的第三概率，用于 根据DDoS攻击的发生概率，第二类流检测DDoS攻击的发生。

公开(公告)号：US20120151593A1

公开(公告)日：2012-06-14

申请号：US13323050

申请日：2011-12-12

申请人： Kyoung-Soon KANG ,  Hak-Suh Kim ,  Boo-Geum Jung ,  Ki-Cheol Jeon ,  Byung-jun Ahn

发明人： Kyoung-Soon KANG ,  Hak-Suh Kim ,  Boo-Geum Jung ,  Ki-Cheol Jeon ,  Byung-jun Ahn

IPC分类号： G06F21/00

CPC分类号： H04L63/1458 ,  H04L41/142 ,  H04L43/026 ,  H04L43/0894 ,  H04L63/1425

摘要： Provided is a DDoS attack detection apparatus including an information collecting unit to collect DDoS detection information including rate information about traffic change, variation of a first type flow and a Packet Per Second (PPS) for a second type flow, in which the rate information about traffic change is obtained using packet count of packets input per a unit time, flow count of flows input per the unit time and the byte count of bytes input per the unit time; and a testing unit to calculate a probability of occurrence of the DDoS attack by use of a first probability determined by the rate information about traffic change, a second probability determined by the variation of the first type flow and a third probability determined by the PPS for the second type flow and detect occurrence of the DDoS attack based on the probability of occurrence of the DDoS attack.

摘要翻译： 提供了一种DDoS攻击检测装置，其包括：信息收集单元，用于收集关于流量变化的速率信息，第一类型流的变化和第二类型流的每秒包（Packet Per Second，PPS）的DDoS检测信息，其中关于 使用每单位时间输入的分组的分组计数，每单位时间输入的流量流量和每单位时间输入的字节数字获得流量变化; 以及测试单元，通过使用由关于业务变化的速率信息确定的第一概率来计算DDoS攻击的发生概率，由第一类型流的变化确定的第二概率和由PPS确定的第三概率，用于 根据DDoS攻击的发生概率，第二类流检测DDoS攻击的发生。

公开(公告)号：US08634717B2

公开(公告)日：2014-01-21

申请号：US13314741

申请日：2011-12-08

申请人： Kyoung-Soon Kang ,  Hak-Suh Kim ,  Byung-Jun Ahn

发明人： Kyoung-Soon Kang ,  Hak-Suh Kim ,  Byung-Jun Ahn

IPC分类号： H04B10/00

CPC分类号： G06F21/552 ,  H04L63/0227 ,  H04L63/1416 ,  H04L63/1458 ,  H04L63/166

摘要： A Distributed Denial of Service (DDoS) attack detection and defense apparatus and method are provided. The Distributed Denial of Service (DDoS) attack detection and defense apparatus includes: a flow information collection unit to collect, from one or more input packets with an IP address of an attack target system as a destination IP address, flow information including source IP addresses of the input packets and packet counts of one or more flows that are classified for each of the source IP addresses and each of different protocol types; an inspection unit to calculate packets per second (PPS) values of the flows based on the packet counts; and a response unit to determine a DDoS attack response method for each of the flows based on the PPS value and the protocol type of a corresponding flow and to process the corresponding flow using the determined DDoS attack response method.

摘要翻译： 提供了分布式拒绝服务（DDoS）攻击检测和防御设备和方法。 分散拒绝服务（DDoS）攻击检测和防御装置包括：流信息收集单元，从一个或多个输入分组以攻击目标系统的IP地址作为目的地IP地址收集包括源IP地址的流信息 对于源IP地址和不同协议类型中的每一个分类的一个或多个流的输入分组和分组计数; 基于分组计数来计算流的每秒包（PPS）值的检查单元; 以及响应单元，用于基于PPS值和相应流的协议类型来确定每个流的DDoS攻击响应方法，并使用确定的DDoS攻击响应方法来处理相应的流。

公开(公告)号：US20120151583A1

公开(公告)日：2012-06-14

申请号：US13314741

申请日：2011-12-08

申请人： Kyoung-Soon KANG ,  Hak-Suh Kim ,  Byung-Jun Ahn

发明人： Kyoung-Soon KANG ,  Hak-Suh Kim ,  Byung-Jun Ahn

IPC分类号： G06F21/00

CPC分类号： G06F21/552 ,  H04L63/0227 ,  H04L63/1416 ,  H04L63/1458 ,  H04L63/166

摘要： A Distributed Denial of Service (DDoS) attack detection and defense apparatus and method are provided. The Distributed Denial of Service (DDoS) attack detection and defense apparatus includes: a flow information collection unit to collect, from one or more input packets with an IP address of an attack target system as a destination IP address, flow information including source IP addresses of the input packets and packet counts of one or more flows that are classified for each of the source IP addresses and each of different protocol types; an inspection unit to calculate packets per second (PPS) values of the flows based on the packet counts; and a response unit to determine a DDoS attack response method for each of the flows based on the PPS value and the protocol type of a corresponding flow and to process the corresponding flow using the determined DDoS attack response method

摘要翻译： 提供了分布式拒绝服务（DDoS）攻击检测和防御设备和方法。 分散拒绝服务（DDoS）攻击检测和防御装置包括：流信息收集单元，从一个或多个输入分组以攻击目标系统的IP地址作为目的地IP地址收集包括源IP地址的流信息 对于源IP地址和不同协议类型中的每一个分类的一个或多个流的输入分组和分组计数; 基于分组计数来计算流的每秒包（PPS）值的检查单元; 以及响应单元，用于基于PPS值和相应流的协议类型来确定每个流的DDoS攻击响应方法，并使用确定的DDoS攻击响应方法来处理相应的流

公开(公告)号：US20070133560A1

公开(公告)日：2007-06-14

申请号：US11634730

申请日：2006-12-06

申请人： Kook Nam ,  Hak-Suh Kim ,  Jae Young ,  Chul Hyung ,  Bup Joong ,  Byung Ahn

发明人： Kook Nam ,  Hak-Suh Kim ,  Jae Young ,  Chul Hyung ,  Bup Joong ,  Byung Ahn

IPC分类号： H04L12/56 ,  H04L12/28

CPC分类号： H04L45/00 ,  H04L45/52 ,  H04L45/54 ,  H04L45/60 ,  H04L45/745 ,  H04L49/3009

摘要： An apparatus for processing packets in a high speed router and a method thereof are provided. The high speed router includes a forward processor and a control processor where the forward processor having an input terminal processor and an output terminal processor. The output terminal processor manages a Layer 2 Address Table by dividing the Layer 2 Address Table into a layer 2 indirect address table and a layer 2 direct address table and by managing them. The indirect address table is directly indexed in the Next-hop Table of the input terminal processor table. The direct address table is composed of a hashing table for a destination IP address. Therefore, the system efficiency can be improved by reducing the memory which is used for storing the forwarding information table occupied by the forward processor and by reducing the IPC message between the control processor and the forwarding process.

摘要翻译： 提供了一种用于处理高速路由器中的分组的装置及其方法。 高速路由器包括前向处理器和控制处理器，其中前向处理器具有输入端处理器和输出端处理器。 输出终端处理器通过将第2层地址表划分为第2层间接地址表和第2层直接地址表并对其进行管理来管理二层地址表。 间接地址表直接索引在输入终端处理器表的下一跳表中。 直接地址表由目的IP地址的散列表组成。 因此，可以通过减少用于存储前向处理器所占用的转发信息表的存储器以及通过减少控制处理器与转发过程之间的IPC消息来提高系统效率。