基本信息:
- 专利标题: 오탐률을 줄이기 위한 분산 서비스 거부 공격 탐지 장치 및 방법, 분산 서비스 거부 공격 탐지 및 방어 장치
- 专利标题(英):DDoS detection apparatus and method, DDoS detection and prevention apparatus for reducing positive false
- 申请号:KR1020100127006 申请日:2010-12-13
- 公开(公告)号:KR101519623B1 公开(公告)日:2015-05-12
- 发明人: 강경순 , 김학서 , 정부금 , 전기철 , 안병준
- 申请人: 한국전자통신연구원
- 申请人地址: 대전광역시 유성구 가정로 *** (가정동)
- 专利权人: 한국전자통신연구원
- 当前专利权人: 한국전자통신연구원
- 当前专利权人地址: 대전광역시 유성구 가정로 *** (가정동)
- 代理人: 특허법인 신지
- 主分类号: H04L12/22
- IPC分类号: H04L12/22
The DDoS attack detection apparatus and method for reducing the false positives that misdiagnosed as DDoS attack traffic is provided. DDoS attack detection system, the amount of change in the traffic changes with the input packet count, the flow number and the byte count value ratio information, defined by using the destination IP address, a first type flow and destination IP address, source IP address, and the unit time and the information collection unit that collects DDoS detection information including (Packet per second) PPS for the second type of flow defined according to the protocol type, the first probability is determined according to the traffic rate of change information, the first type of flow using a second probability and the third probability is determined according to the PPS of the second type of flow is determined by the amount of change comprises a checking unit for calculating a DDoS occurrence probability, and detecting whether a DDoS generated in accordance with the DDoS probability do.