[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN109802937B - Method for discovering IP spoofing attack under TCP of intelligent terminal equipment - Google Patents

Method for discovering IP spoofing attack under TCP of intelligent terminal equipment Download PDF

Info

Publication number
CN109802937B
CN109802937B CN201811448541.5A CN201811448541A CN109802937B CN 109802937 B CN109802937 B CN 109802937B CN 201811448541 A CN201811448541 A CN 201811448541A CN 109802937 B CN109802937 B CN 109802937B
Authority
CN
China
Prior art keywords
tcp
internet
header
data packet
record
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811448541.5A
Other languages
Chinese (zh)
Other versions
CN109802937A (en
Inventor
傅如毅
安革生
武庆华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Yuanwang Information Co ltd
Original Assignee
Zhejiang Yuanwang Information Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Yuanwang Information Co ltd filed Critical Zhejiang Yuanwang Information Co ltd
Priority to CN201811448541.5A priority Critical patent/CN109802937B/en
Publication of CN109802937A publication Critical patent/CN109802937A/en
Application granted granted Critical
Publication of CN109802937B publication Critical patent/CN109802937B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a method for discovering IP spoofing attack under an intelligent terminal device TCP, which is based on the fact that a security module is connected in series with an Internet communication port of an Internet of things intelligent terminal, the security module is communicated with an Internet of things system server through an information transmission network, a communication white list based on source/target IP addresses, port numbers, service types, mac addresses and the like is arranged in the security module, the security module analyzes header information of communication data packets of the Internet of things device and a network layer and is matched and filtered with the communication white list, data packets conforming to the communication white list can pass through, if not, the data packets are blocked by the security module, and the occurrence of IP spoofing attack under the intelligent terminal device TCP is timely discovered in a mode of receiving, sending, recording and checking, so that the security of the system is effectively improved.

Description

Method for discovering IP spoofing attack under TCP of intelligent terminal equipment
[ technical field ] A method for producing a semiconductor device
The invention relates to the technical field of communication safety of Internet of things equipment, in particular to a method for discovering IP spoofing attack under TCP of intelligent terminal equipment.
[ background of the invention ]
With the development of information technology, more and more internet of things devices with intelligent sensing functions are accessed to a network and become targets of network attack. After being invaded by hackers, viruses and the like, the devices become a great amount of controlled network attack tools, and great hidden dangers are brought to network security burying.
A safety module is connected in series with an internet access communication end of the internet of things intelligent terminal device, and a communication white list which is based on a TCP/IP protocol and comprises a source/target IP address, a port number, a service type and a mac address is arranged in the safety module. The safety module analyzes the packet head information of the communication data packet of the Internet of things equipment and the network layer and matches and filters the communication white list, the data packet which accords with the communication white list can pass through, and the data packet which does not accord with the communication white list is blocked by the safety module, so that the safety of the network communication of the Internet of things intelligent terminal equipment can be effectively improved.
However, the security module filters the communication security mechanism based on the communication white list data packet including the IP address, port number, service type, mac address, etc. of the source/destination, and has no protection capability against the TCP/IP address spoofing attack. TCP/IP address spoofing is a form of attack by hackers using a computer to access the internet, spoofing the source IP address and source port number of another machine in outgoing IP packets, and impersonating the identity of other systems or senders to communicate with the communicating party. Therefore, it is necessary to provide a method for discovering IP spoofing attacks on the intelligent terminal device under TCP.
[ summary of the invention ]
The invention aims to overcome the defects of the prior art and provides a method for discovering IP spoofing attack under the TCP of the intelligent terminal equipment, which can improve the security of the system.
In order to achieve the purpose, the invention provides a method for discovering IP spoofing attack under an intelligent terminal device TCP, which is based on the fact that a security module is connected in series with an internet communication port of an internet of things intelligent terminal, the security module is communicated with an internet of things system server through an information transmission network, a communication white list is arranged in the security module, the security module analyzes header information of communication data packets of the internet of things device and a network layer and is matched and filtered with the communication white list, data packets conforming to the communication white list can pass through, and if the data packets do not conform to the communication white list, the data packets are blocked by the security module, and the method comprises the following steps:
the first step is as follows: the safety module records the characteristic information of the data packet header from the server of the Internet of things system with the address marked as the address one by one, and forms a data packet header characteristic information log received by the system server, and the data packet header characteristic information log is recorded as: { passing a downstream packet header characteristic information log };
the second step is that: the characteristic information of the head of the data packet sent to the safety module by the server of the Internet of things system is recorded one by one to form a data packet head characteristic information log sent to the safety module, and the log is recorded as: { sending packet header characteristic information log };
the third step: and (3) discovering IP spoofing attack under the TCP of the intelligent terminal equipment by adopting a receiving and sending record checking mode: and (4) checking each record in the (through downlink data packet header characteristic information log), and when the corresponding sending record cannot be found in the time period corresponding to the (sending data packet header characteristic information log), determining that IP deception behavior under TCP is carried out on the security module by the address and the port of a counterfeit Internet of things system server, otherwise, IP deception behavior under TCP does not occur.
The method specifically comprises the following steps:
s1, establishing a { through a downlink data packet header characteristic information log } record of the security module: { N } and { Send packet header characteristics information Log } are written: { M }:
the safety module analyzes the header information of the data packet, wherein the source address of the data packet is marked as the address of the system server of the internet of things, and a timestamp t2, a TCP packet header Seq # value and a TCP packet header Ack # value when the data packet reaches the safety module are taken out to form a record and are logged, and the record is counted respectively as follows: t2, Seq2#, Ack2 #; after a plurality of data packets pass through, accumulating to form { N };
the internet of things system server analyzes the header information of a data packet with a target address as an internet of things intelligent terminal address, and a timestamp t1, a TCP packet header Seq # value and a TCP packet header Ack # value when the data packet is sent out are taken out to form a record and are logged, and the record is counted as follows: t1, Seq1#, Ack1 #; after a plurality of data packets pass through, accumulating to form { M };
s2, timestamp synchronization:
the security module sends the { N } to the server of the Internet of things system, and takes the timestamp of the server of the Internet of things system as a reference, t2 security module timestamp values in the log are synchronized to be the timestamp value t1syn of the server of the Internet of things system, and the record items of the { N } after time synchronization are respectively counted as: t1syn, Seq2#, Ack2 #;
s3, comparing the header characteristic information of the receiving and sending data packets one by one:
according to the time sequence, taking out records in { N } one by one to serve as comparison reference items, comparing the records with header characteristic information records of the sending data packet in the corresponding time period T in { M } one by one, and when finding out records in which the values of Seq2# and Ack2# are completely consistent with the values of the reference items Seq1# and Ack1# respectively, sending out the data packet corresponding to the record for a system server, determining that the IP fake address condition does not occur, and recording in the comparison in { M } to not participate in subsequent comparison any more; if the consistent item can not be found, the situation of IP address impersonation is possible to occur;
the time period T is a time window determined according to a reference item time parameter T1syn in { N }, the ending value of the time window is equal to T1syn, the initial value is equal to T1syn-T ', the T' is the maximum network delay value of a data packet sent by an Internet of things system server until an Internet of things intelligent terminal receives the data packet, the T 'is a constant, and the value of the T' is adjusted according to a network extension communication environment.
Preferably, in step S1, the { N } entries further include a TCP header SYN value and a TCP header ACK value, and the { N } entries respectively count as follows: t2, SYN2, ACK2, Seq2#, ACK2 #; the entry of { M } further includes a TCP header SYN value and a TCP header ACK value, and the entry of { M } counts respectively as: t1, SYN1, ACK1, Seq1#, ACK1 #; in the step S2, the time stamp values of the t2 security modules in the log are synchronized to the time stamp value t1syn of the internet of things system server, and the record items of { N } after the time synchronization process are respectively counted as: t1SYN, SYN2, ACK2, Seq2#, ACK2 #.
Preferably, the step S3, the extracting of the records in { N } one by one as the comparison reference item, and the comparing of the records in { M } with the header characteristic information of the transmission data packet in the corresponding time period T further includes: comparing the values of SYN2 and ACK2 with the values of the reference entries SYN1 and ACK1, respectively, and when the values of the entries SYN2, ACK2, Seq2#, and ACK2# are completely consistent with the values of the reference entries SYN1, ACK1, Seq1#, and ACK1#, respectively, determining that the data packet corresponding to the record is sent out by the system server and the IP address impersonation condition does not occur; otherwise, the situation that the IP address is forged may occur.
Preferably, in step S1, only when the packet header flag satisfies the condition "SYN is 1 and ACK is 0", the packet header feature information timestamp t, the TCP header Seq # value, and the TCP header ACK # are extracted, and records are formed and listed in the logs { M } and { N }.
Preferably, the communication white list is a communication white list including an IP address, a port number, a service type and a mac address of a source/destination based on a TCP/IP protocol.
The invention has the beneficial effects that: compared with the prior art, the method and the system have the advantages that on the basis that the security module provides a communication white list data packet filtering communication security mechanism based on the IP address, the port number, the service type and the mac address of the source/target for the Internet of things system, IP spoofing attack under the TCP of the intelligent terminal equipment is found in time in a receiving, sending, recording and checking mode, and the security of the system is improved.
The features and advantages of the present invention will be described in detail by embodiments in conjunction with the accompanying drawings.
[ description of the drawings ]
Fig. 1 is a technical schematic diagram of a method for discovering IP spoofing attack under TCP for an intelligent terminal device according to the present invention.
[ detailed description ] embodiments
Referring to fig. 1, the present invention provides a method for discovering IP spoofing attack under TCP for an intelligent terminal device, which is characterized in that: the method is based on that a security module 3 is connected in series with an internet access communication end of an internet of things intelligent terminal 2, the security module 3 is in communication with an internet of things system server 1 through an information transmission network, a TCP/IP protocol-based communication white list including source/target IP addresses, port numbers, service types and mac addresses is built in the security module 3, the security module 3 analyzes header information of communication data packets of internet of things equipment and a network layer and is matched and filtered with the communication white list, data packets conforming to the communication white list can pass through, and if the data packets do not conform to the communication white list, the data packets are blocked by the security module 3, and the method comprises the following steps:
the first step is as follows: the safety module 3 records the characteristic information of the data packet header from the address marked as the server 1 of the internet of things system one by one to form a data packet header characteristic information log received by the system server, and the data packet header characteristic information log is recorded as: { passing a downstream packet header characteristic information log };
the second step is that: the internet of things system server 1 records the characteristic information of the data packet head sent to the security module 3 one by one to form a data packet head characteristic information log sent to the security module 3, and the log is recorded as: { sending packet header characteristic information log };
the third step: and (3) discovering IP spoofing attack under the TCP of the intelligent terminal equipment by adopting a receiving and sending record checking mode: and (4) checking each record in the (passing downlink data packet header characteristic information log), and when the corresponding sending record cannot be found in the time period corresponding to the (sending data packet header characteristic information log), determining that IP cheating behavior under TCP (Transmission control protocol) is carried out on the security module 3 by the address and the port of the fake Internet of things system server 1, otherwise, no IP cheating behavior under TCP occurs.
Example 1:
the method comprises the following specific steps:
s1, establishing a { through a downlink data packet header characteristic information log } record of the security module: { N } and { Send packet header characteristics information Log } are written: { M }:
the security module 3 analyzes the header information of the data packet with the passing source address marked as the address of the internet of things system server 1, and a timestamp t2, a TCP packet head SYN value, a TCP packet head ACK value, a TCP packet head Seq # value and a TCP packet head ACK # value when the data packet reaches the security module 3 are taken out to form a record and are recorded in a log; after a plurality of data packets pass through, the data packets are accumulated to form { N }, and the table structure is as follows:
t2 SYN2 ACK2 Seq2# Ack2#
the internet of things system server 1 analyzes the header information of the data packet which is sent by the internet of things system server and has the target address of the intelligent terminal device 2, and a time stamp t1, a TCP packet head SYN value, a TCP packet head ACK value, a TCP packet head Seq # value and a TCP packet head ACK # value when the data packet is sent are taken out to form a record and are recorded in a log. After a plurality of data packets pass through, the data packets are accumulated to form { M }, and the table structure is as follows:
t1 SYN1 ACK1 Seq1# Ack1#
s2, timestamp synchronization:
the security module 3 sends { N } to the system server, and takes the timestamp of the system server as a reference, synchronizes the timestamp values of t2 security modules 3 in the log to the timestamp value t1syn of the system server, and the { N } table after time synchronization has the following structure:
t1syn SYN2 ACK2 Seq2# Ack2#
s3, comparing the header characteristic information of the receiving and sending data packets one by one:
and (3) taking out records in { N } one by one in time sequence, taking the records as comparison reference items, and comparing the records with header characteristic information records of the sending data packets in the corresponding time period T in { M } one by one until the records of SYN2, ACK2, Seq2#, ACK2# which are completely consistent with the values of the reference items SYN1, ACK1, Seq1#, ACK1# are found, so that the data packets corresponding to the records are really sent out by the system server and IP address impersonation does not occur, the records in the comparison in { M } do not participate in subsequent comparison, and if the consistent items are not found, the IP address impersonation situation can occur.
Wherein, the time period T is a time window determined according to the reference item time parameter T1syn in { N }. The ending value of the time window is equal to t1syn, the starting value is equal to t1syn-t ', t' is a constant, theoretically, the maximum network delay value from the time when the system server 1 sends a data packet to the time when the intelligent terminal device 2 receives the data packet is obtained, and the specific value can be adjusted according to the network extension communication environment;
example 2:
the difference from the above example 1 is that:
in step S1, the entry of { N } includes only the timestamp t2, the TCP header Seq # value, and the TCP header Ack # value, and the table structure is simplified as follows:
t2 Seq2# Ack2#
the entry corresponding to { M } includes only timestamp t1, TCP header Seq1# value, and TCP header Ack1# value, and the table structure is simplified as follows:
t1 Seq2# Ack2#
in step S1, only when the packet header flag satisfies the condition "SYN is 1 and ACK is 0", the packet header feature information timestamp t, the TCP header Seq # value, and the TCP header ACK # are extracted to form a record, which is listed in the logs { M } and { N }.
The above embodiments are illustrative of the present invention, and are not intended to limit the present invention, and any simple modifications of the present invention are within the scope of the present invention.

Claims (5)

1. A method for discovering IP spoofing attack under the TCP of an intelligent terminal device is characterized in that: the method is based on the fact that a safety module (3) is connected in series with an internet communication port of an internet of things intelligent terminal (2) and is in communication with an internet of things system server (1) through an information transmission network, a communication white list is arranged in the safety module (3), the safety module (3) analyzes header information of communication data packets of internet of things equipment and a network layer and is matched and filtered with the communication white list, data packets conforming to the communication white list can pass through, and if the data packets do not conform to the communication white list, the data packets are blocked by the safety module (3), and the method comprises the following steps:
the first step is as follows: the safety module (3) records the characteristic information of the data packet head from the Internet of things system server (1) with the address as a record one by one, and a data packet head characteristic information log received by the system server is formed and recorded as: { passing a downstream packet header characteristic information log };
the second step is that: the characteristic information of the data packet head part sent to the safety module (3) is recorded one by the Internet of things system server (1) to form a data packet head part characteristic information log sent to the safety module (3) and recorded as: { sending packet header characteristic information log };
the third step: and (3) discovering IP spoofing attack under the TCP of the intelligent terminal equipment by adopting a receiving and sending record checking mode: checking each record in the { through downlink data packet header characteristic information log }, and when the corresponding sending record cannot be found in the time period corresponding to the { sending data packet header characteristic information log }, determining that IP cheating behavior under TCP is carried out on the security module (3) by an address and a port of a fake internet of things system server (1), or else, IP cheating behavior under TCP does not occur;
the method specifically comprises the following steps:
s1, establishing a { through a downlink data packet header characteristic information log } record of the security module: { N } and { Send packet header characteristics information Log } are written: { M }:
the safety module (3) analyzes the header information of the data packet, wherein the passing source address is marked as the address of the Internet of things system server (1), and the timestamp t2, the TCP packet header Seq # value and the TCP packet header Ack # value when the data packet reaches the safety module (3) are taken out to form a record and are logged, and the record is counted respectively: t2, Seq2#, Ack2 #; after a plurality of data packets pass through, accumulating to form { N };
the internet of things system server (1) analyzes the header information of a data packet with a target address as the address of the internet of things intelligent terminal (2), and a timestamp t1, a TCP packet header Seq # value and a TCP packet header Ack # value when the data packet is sent are taken out to form a record, and the record is recorded in a log and respectively counted as: t1, Seq1#, Ack1 #; after a plurality of data packets pass through, accumulating to form { M };
s2, timestamp synchronization:
the security module (3) sends the { N } to the Internet of things system server (1), and takes the time stamp of the Internet of things system server (1) as a reference, t2 items of security module (3) time stamp values in the log are synchronized to be the time stamp value t1syn of the Internet of things system server (1), and the record items of the { N } after time synchronization are respectively counted: t1syn, Seq2#, Ack2 #;
s3, comparing the header characteristic information of the receiving and sending data packets one by one:
according to the time sequence, taking out records in { N } one by one to serve as comparison reference items, comparing the records with header characteristic information records of the sending data packet in the corresponding time period T in { M } one by one, and when finding out records in which the values of Seq2# and Ack2# are completely consistent with the values of the reference items Seq1# and Ack1# respectively, sending out the data packet corresponding to the record for a system server, determining that the IP fake address condition does not occur, and not participating in subsequent comparison any more in the records in { M }; if the consistent item can not be found, the situation of IP address impersonation is possible to occur;
the time period T is a time window determined according to a reference item time parameter T1syn in { N }, the ending value of the time window is equal to T1syn, the starting value is equal to T1syn-T ', and T' is the maximum network delay value of a data packet sent by an Internet of things system server (1) to an Internet of things intelligent terminal (2) and received by the data packet.
2. The method for discovering IP spoofing attacks on intelligent terminal devices under TCP as claimed in claim 1, wherein: in step S1, the { N } entry further includes a TCP header SYN value and a TCP header ACK value, and the { N } entries respectively count as follows: t2, SYN2, ACK2, Seq2#, ACK2 #; the entry of { M } further includes a TCP header SYN value and a TCP header ACK value, and the entry of { M } counts respectively as: t1, SYN1, ACK1, Seq1#, ACK1 #; in the step S2, time stamp values of the t2 security modules (3) in the log are synchronized to a time stamp value t1syn of the internet of things system server (1), and record items of { N } after time synchronization are counted respectively: t1SYN, SYN2, ACK2, Seq2#, ACK2 #.
3. The method for discovering IP spoofing attacks on intelligent terminal devices under TCP as claimed in claim 2, wherein: the step S3 of taking out the records one by one as a comparison reference item, and the step S of comparing the records of the header feature information of the transmission data packet in the corresponding time period T in the { M } further includes: comparing the values of SYN2 and ACK2 with the values of the reference entries SYN1 and ACK1, respectively, and when the values of the entries SYN2, ACK2, Seq2#, and ACK2# are completely consistent with the values of the reference entries SYN1, ACK1, Seq1#, and ACK1#, respectively, determining that the data packet corresponding to the record is sent out by the system server and the IP address impersonation condition does not occur; otherwise, the situation that the IP address is forged may occur.
4. The method for discovering IP spoofing attacks on intelligent terminal equipment under TCP according to claim 3, characterized in that: in step S1, only when the header flag bits of the packet satisfy the conditions "SYN =1 and ACK = 0", the packet header feature information timestamp t, the TCP header Seq # value, and the TCP header ACK # are extracted to form a record, and the record is listed in the logs { M } and { N }.
5. The method for discovering IP spoofing attacks on intelligent terminal devices under TCP as claimed in claim 1, wherein: the communication white list is based on a TCP/IP protocol and comprises IP addresses, port numbers, service types and mac addresses of a source/target.
CN201811448541.5A 2018-11-30 2018-11-30 Method for discovering IP spoofing attack under TCP of intelligent terminal equipment Active CN109802937B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811448541.5A CN109802937B (en) 2018-11-30 2018-11-30 Method for discovering IP spoofing attack under TCP of intelligent terminal equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811448541.5A CN109802937B (en) 2018-11-30 2018-11-30 Method for discovering IP spoofing attack under TCP of intelligent terminal equipment

Publications (2)

Publication Number Publication Date
CN109802937A CN109802937A (en) 2019-05-24
CN109802937B true CN109802937B (en) 2021-08-17

Family

ID=66556318

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811448541.5A Active CN109802937B (en) 2018-11-30 2018-11-30 Method for discovering IP spoofing attack under TCP of intelligent terminal equipment

Country Status (1)

Country Link
CN (1) CN109802937B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110740144B (en) * 2019-11-27 2022-09-16 腾讯科技(深圳)有限公司 Method, device, equipment and storage medium for determining attack target
CN111918284B (en) * 2020-07-24 2022-02-11 郑州信大捷安信息技术股份有限公司 Safe communication method and system based on safe communication module

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101582833A (en) * 2008-05-15 2009-11-18 成都市华为赛门铁克科技有限公司 Method and device for processing spoofed IP data packet
CN105337929A (en) * 2014-06-24 2016-02-17 阿里巴巴集团控股有限公司 Verification method and apparatus of IP address
CN105959308A (en) * 2016-06-30 2016-09-21 中电长城网际系统应用有限公司 Internal network IP data packet management method and system, and devices
CN106101161A (en) * 2016-08-26 2016-11-09 网宿科技股份有限公司 A kind of method and system of the tcp data bag for processing forgery
CN107070851A (en) * 2015-11-09 2017-08-18 韩国电子通信研究院 The system and method that the generation of connection fingerprint and stepping-stone based on network flow are reviewed
CN108718320A (en) * 2018-06-14 2018-10-30 浙江远望信息股份有限公司 A method of forming data packet communication white list to close rule data packet intersection with similar configuration internet of things equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060265506A1 (en) * 2004-04-08 2006-11-23 World Extend Llc Systems and methods for establishing and validating secure network sessions

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101582833A (en) * 2008-05-15 2009-11-18 成都市华为赛门铁克科技有限公司 Method and device for processing spoofed IP data packet
CN105337929A (en) * 2014-06-24 2016-02-17 阿里巴巴集团控股有限公司 Verification method and apparatus of IP address
CN107070851A (en) * 2015-11-09 2017-08-18 韩国电子通信研究院 The system and method that the generation of connection fingerprint and stepping-stone based on network flow are reviewed
CN105959308A (en) * 2016-06-30 2016-09-21 中电长城网际系统应用有限公司 Internal network IP data packet management method and system, and devices
CN106101161A (en) * 2016-08-26 2016-11-09 网宿科技股份有限公司 A kind of method and system of the tcp data bag for processing forgery
CN108718320A (en) * 2018-06-14 2018-10-30 浙江远望信息股份有限公司 A method of forming data packet communication white list to close rule data packet intersection with similar configuration internet of things equipment

Also Published As

Publication number Publication date
CN109802937A (en) 2019-05-24

Similar Documents

Publication Publication Date Title
CN100508449C (en) Protection against denial of service attacks
US7478429B2 (en) Network overload detection and mitigation system and method
CN102143143B (en) Method and device for defending network attack, and router
US7992208B2 (en) Detection of nonconforming network traffic flow aggregates for mitigating distributed denial of service attacks
CN101136922B (en) Service stream recognizing method, device and distributed refusal service attack defending method, system
US7865945B2 (en) System and method for detecting and eliminating IP spoofing in a data transmission network
CN101848197B (en) Detection method and device and network with detection function
CN102739683B (en) A kind of network attack filter method and device
CN109587167B (en) Message processing method and device
CN101505218A (en) Detection method and apparatus for attack packet
US9143528B2 (en) Method and device for countering fingerprint forgery attacks in a communication system
CN101175013A (en) Method, network system and proxy server for preventing denial of service attack
US20080127324A1 (en) DDoS FLOODING ATTACK RESPONSE APPROACH USING DETERMINISTIC PUSH BACK METHOD
CN102098305A (en) Upper-level protocol authentication
KR20090094236A (en) Methods and apparatus for delivering control messages during a malicious attack in one or more packet networks
CN109802937B (en) Method for discovering IP spoofing attack under TCP of intelligent terminal equipment
CN107360182A (en) One kind is used for Embedded Active Networks system of defense and its defence method
CN102427460A (en) Multi-stage detection and defense method for ARP spoofing
CN106487790A (en) Cleaning method and system that a kind of ACK FLOOD is attacked
CN110022303B (en) ARP bidirectional defense system and method
RU2307392C1 (en) Method (variants) for protecting computer networks
CN110831009B (en) Wireless AP test method and test system for preventing wireless DOS attack
CN113765849A (en) Abnormal network traffic detection method and device
CN109688136A (en) A kind of detection method, system and the associated component of spoofed IP attack
CN108521413A (en) A kind of network of Future Information war is resisted and defence method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant