阅读说明：本技术 Ddos大流量防御架构 (DDOS large-traffic defense architecture ) 是由 刘波 于 2018-07-24 设计创作，主要内容包括：本发明涉及网络安全防护技术领域,提供；一种DDOS大流量防御架构,防护平台包括主服务器、微型服务器和隐藏服务器,若干微型服务器建立连接池,通过负载均衡将与主服务器连接的IP和端口映射到各个微型服务器上的隐藏服务器的IP和端口,对连接池进行实时异常监控,监控到异常IP时迅速切换至新的IP和端口；本发明解决了现有技术的DDOS的防御系统的通用性差、价格昂贵不适于中小企业应用以及无法定位攻击源的问题。(The invention relates to the technical field of network security protection, and provides a network security protection method; a DDOS large-flow defense architecture comprises a main server, micro servers and hidden servers, wherein a plurality of micro servers establish a connection pool, an IP and a port connected with the main server are mapped to the IP and the port of the hidden server on each micro server through load balancing, real-time abnormal monitoring is carried out on the connection pool, and the connection pool is rapidly switched to a new IP and a new port when an abnormal IP is monitored; the invention solves the problems that the defense system of the DDOS in the prior art has poor universality and high price, is not suitable for small and medium enterprises and cannot position attack sources.)

1. A DDOS large-flow defense architecture is characterized in that a protection platform comprises a main server, micro servers and hidden servers, a plurality of micro servers establish a connection pool, IP and ports connected with the main server are mapped to the IP and the ports of the hidden servers on each micro server through load balancing, real-time abnormity monitoring is carried out on the connection pool, and new IP and ports are rapidly switched when abnormal IP is monitored.

2. A DDOS large flow defense architecture as claimed in claim 1, wherein the number of the IP and port single access connection can be controlled quantitatively, and when a certain number is reached, the IP is switched to a new IP, so that it can be ensured that after an IP is attacked, only the link of the current IP is affected, and other connections still operate normally.

3. A DDOS large flow defense architecture as in claim 1, wherein when an abnormal IP is found, the abnormal connection is switched to a new IP and a new port rapidly, and the abnormal connection is recorded; and reallocating a batch of new IP at the part with the abnormal IP, wherein the switching time is less than 2 seconds, and the normal operation of the service is ensured.

4. A DDOS large flow defense architecture according to claim 1, characterized in that the unique connection of the abnormal IP is determined by locking the abnormal IP layer by layer, so as to realize the locking of the attack source and defense against the persistent attack.

5. The DDOS large-flow defense architecture according to claim 1, wherein the hidden server adopts a stand-by defense mode, and after the hidden server is connected to the defense platform, the website of the analysis user returns a network dike safety defense node IP, and the source station IP of the user is not exposed any more, so that attacks on the source station are completely blocked, and the source station safety is ensured.

6. A DDOS large flow defense architecture as in claim 1, wherein the protection platform provides clear and detailed attack logs and flow reports, provides transparent attack status display, and facilitates and rapidly masters the real-time protection status of the website.

Technical Field

The invention relates to the technical field of network security protection, in particular to a DDOS (distributed denial of service) large-flow defense framework.

Background

DDOS attacks occupy a large amount of network resources through a large number of legal requests, so as to achieve the purpose of breaking down the network. The relatively mature DDOS defense in the market is the DDoS high-protection IP of the Alice cloud and the cloud shield DDoS high-protection IP, the paid value-added service is released under the condition that an internet server (including a non-Alice cloud host) suffers from large flow and the service is unavailable after DDoS attack, and a user can drain the attack flow to the high-protection IP by configuring the high-protection IP, so that the stability and reliability of a source station are ensured.

Disclosure of Invention

Solves the technical problem

Aiming at the defects of the prior art, the invention provides a DDOS large-flow defense architecture, and solves the problems that the defense system of the DDOS in the prior art is poor in universality, high in price, not suitable for small and medium enterprises and incapable of positioning attack sources.

Technical scheme

In order to achieve the purpose, the invention is realized by the following technical scheme:

a large-traffic defense framework of DDOS, the protection platform includes main server, miniature server and hides the server, a plurality of miniature server set up the connection pool, map IP and port connected with main server to on each miniature server through load balancing hide IP and port of server, to connect pool carry on the real-time abnormal monitoring, switch over to new IP and port rapidly when monitoring to the abnormal IP.

Furthermore, the number of the IP and the number of the single access connection of the port can be quantitatively controlled, and when the number reaches a certain number, the IP is switched to a new IP, so that the condition that only the link of the current IP is influenced and other connections still run normally after one IP is attacked can be ensured.

Furthermore, when an abnormal IP is found, the abnormal connection is quickly switched to a new IP and a new port, and the abnormal connection is recorded; and reallocating a batch of new IP at the part with the abnormal IP, wherein the switching time is less than 2 seconds, and the normal operation of the service is ensured.

Furthermore, the unique connection of the abnormal IP is determined by locking the abnormal IP layer by layer, so that the locking of an attack source is realized, and the persistent attack is defended.

Furthermore, the hidden server adopts a stand-by defense mode, after the hidden server is accessed to the protection platform, the website of the analysis user returns the internet embankment safety protection node IP, the source station IP of the user is not exposed any more, the attack to the source station is thoroughly blocked, and the source station safety is ensured.

Furthermore, the protection platform provides clear and detailed attack logs and flow reports, provides transparent attack condition display, and is convenient for rapidly mastering the real-time protection state of the website.

Advantageous effects

The invention provides a DDOS large-flow defense framework, and compared with the prior known technology, the DDOS large-flow defense framework has the following beneficial effects:

1. by the design of constructing the connection pool and hiding the user source station, the organized DDOS large-flow defense architecture supports TCP/UDP/HTTP/HTTPS to be suitable for various service scenes such as finance, electronic commerce, games, portals, media and the like, the cost is low, the attack source can be basically positioned, various services can be commonly used by one defense pool, and the trouble of respectively deploying each service is avoided.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

FIG. 1 is a schematic diagram of the architecture of the present invention;

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.