Remission information processing method, server and file tracking system

文档序号：291261 发布日期：2021-11-23 浏览：6次中文

阅读说明：本技术 一种缓解信息处理方法、服务器及文件跟踪系统 (Remission information processing method, server and file tracking system ) 是由陈美玲于 2020-05-18 设计创作，主要内容包括：本发明提供了一种缓解信息处理方法、服务器及文件跟踪系统,涉及网络安全技术领域。该缓解信息处理方法,应用于服务器,包括：接收缓解提供商设备在完成缓解后发送的缓解结果；使用区块链协议完成区块共识,将所述缓解结果以及与所述缓解结果对应的缓解请求写入文件跟踪系统区块链。上述方案,能够解决不同抗DDoS各自为政,缺少信息的共享机制的问题。(The invention provides a relief information processing method, a server and a file tracking system, and relates to the technical field of network security. The remission information processing method is applied to a server and comprises the following steps: receiving a mitigation result sent by the mitigation provider device after the mitigation is completed; and completing block consensus by using a block chain protocol, and writing the relieving result and a relieving request corresponding to the relieving result into a block chain of the file tracking system. By the scheme, the problem that different anti-DDoS systems are respectively administrative and lack of an information sharing mechanism can be solved.)

1. A mitigation information processing method is applied to a server and is characterized by comprising the following steps:

receiving a mitigation result sent by the mitigation provider device after the mitigation is completed;

and completing block consensus by using a block chain protocol, and writing the relieving result and a relieving request corresponding to the relieving result into a block chain of the file tracking system.

2. The method of claim 1, wherein before the performing block consensus using a blockchain protocol and writing the mitigation result and a mitigation request corresponding to the mitigation result to a file tracking system blockchain, the method further comprises:

and storing the mitigation result in a first block corresponding to the server.

3. The mitigation information processing method of claim 1, wherein prior to receiving the mitigation result sent by the mitigation provider device after the mitigation is completed, further comprising:

receiving a request success message returned by the relieving provider equipment;

and storing the relieving request in a first block corresponding to the server according to the request success message.

4. The mitigation information processing method of claim 3, wherein prior to the receiving the request success message returned by the mitigation provider device, further comprising:

receiving a relieving request sent by a file tracking system client;

wherein, the request for relieving carries distributed denial of service telemetry information.

5. The mitigation information processing method of claim 1, wherein the mitigation request comprises at least one of:

the total attack flow, the total attack connection number, the attack urgency degree, the attack type description, the attack starting time, the attack ending time, the attack source number and the first N attack sources with the maximum attack flow;

wherein N is a positive integer.

6. The mitigation information processing method of claim 1, wherein the mitigation result comprises at least one of:

the total remittance flow, the attack type, the number of attack sources and the first N attack sources with the maximum attack flow;

wherein N is a positive integer.

7. A server, comprising:

the first receiving module is used for receiving a relieving result sent by the relieving provider equipment after the relieving is finished;

and the writing module is used for finishing block consensus by using a block chain protocol and writing the relieving result and the relieving request corresponding to the relieving result into a block chain of the file tracking system.

8. A server comprising a transceiver and a processor;

the transceiver is configured to: receiving a mitigation result sent by the mitigation provider device after the mitigation is completed;

the processor is configured to: and completing block consensus by using a block chain protocol, and writing the relieving result and a relieving request corresponding to the relieving result into a block chain of the file tracking system.

9. A server comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the mitigation information processing method according to any of claims 1-6 when executing the program.

10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the mitigation information processing method according to any one of claims 1 to 6.

11. A file tracking system, comprising:

the attack monitoring module is used for monitoring whether the distributed denial of service attack is received;

the client is used for sending a relieving request to the server under the condition that the attack monitoring module finds the distributed denial of service attack;

the server is used for sending a notification message to the mitigation provider equipment according to the mitigation request, receiving a mitigation result sent by the mitigation provider equipment after the mitigation is completed, completing block consensus by using a block chain protocol, and writing the mitigation result and the mitigation request corresponding to the mitigation result into a block chain of the file tracking system;

and the mitigation provider equipment is used for performing mitigation operation according to the notification message sent by the server and sending a mitigation result to the server after the mitigation is completed.

12. The file tracking system of claim 11, wherein the server is configured to store the mitigation results in a first block corresponding to the server.

13. The file tracking system of claim 11, wherein the mitigation provider device is configured to send a request success message to the server after receiving the notification message sent by the server;

the server is used for storing the relieving request in a first block corresponding to the server after receiving the request success message.

14. The file tracking system of claim 11, wherein the mitigation request comprises at least one of:

wherein N is a positive integer.

15. The file tracking system of claim 11, wherein the mitigation results include at least one of:

the total remittance flow, the attack type, the number of attack sources and the first N attack sources with the maximum attack flow;

wherein N is a positive integer.

Technical Field

The invention relates to the technical field of network security, in particular to a relief information processing method, a server and a file tracking system.

Background

In order to defend against Distributed Denial of Service (DDoS) attacks on a network-wide (global) basis, the Internet Engineering Task Force (IETF) has proposed a Document Tracking System (DOTS) framework. The framework is used for an automatic and standardized DDoS strategy and can shield the difference of various anti-DDoS schemes.

The DOTS frame includes the following four parts: an attacked object (Attacktarget), a DOTS Client (DOTS Client), a DOTS Server (DOTS Server), and a Mitigator provider (Mitigator); the method comprises the steps that an attacked object monitors DDoS attack, the DOTS Client is informed of attack details, the DOTS Client sends a relieving request to a DOTS Server, and the DOTS Server receives the request and informs a mediator to start relieving service. The attack information sent by the DOTS client to the DOTS server is called telemetering (telemetering) information, and the telemetering information is divided into information before, during and after mitigation.

The telemetric information comprises total traffic, total attack connection number and attack details, wherein the attack details comprise: attack urgency, attack type description, attack start time, attack end time, attack source number, and attack source top N.

DDoS attacks exist in a global scope, at present, anti-DDoS services built by operators, anti-DDoS service providers and manufacturers have DDoS defense capability to a certain extent, and various resources such as equipment and systems with the anti-DDoS capability in the global are fully utilized to resist the DDoS attacks by the aid of the proposed DOTS. All nodes participating in defense against DDoS attack can deploy DOTS servers, but the existing DOTS standard only specifies transmitted information and lacks of specification for storage; and at present, the global DDoS resistance is respectively administrative, and an information sharing mechanism is lacked.

Disclosure of Invention

The embodiment of the invention provides a method for processing release information, a server and a file tracking system, which are used for solving the problems that the existing DOTS standard only standardizes transmitted information, lacks of storage standardization, and lacks of information sharing mechanism because the existing global anti-DDoS system is respectively responsible.

In order to solve the foregoing technical problem, an embodiment of the present invention provides an information processing alleviating method, which is applied to a server, and includes:

receiving a mitigation result sent by the mitigation provider device after the mitigation is completed;

Optionally, before the performing block consensus by using a blockchain protocol and writing the mitigation result and a mitigation request corresponding to the mitigation result into a blockchain of a file tracking system, the method further includes:

and storing the mitigation result in a first block corresponding to the server.

Optionally, before receiving the mitigation result sent by the mitigation provider device after the mitigation is completed, the method further includes:

receiving a request success message returned by the relieving provider equipment;

and storing the relieving request in a first block corresponding to the server according to the request success message.

Further, before the receiving the request success message returned by the mitigation provider device, the method further includes:

receiving a relieving request sent by a file tracking system client;

wherein, the request for relieving carries distributed denial of service telemetry information.

Specifically, the request for mitigation includes at least one of:

wherein N is a positive integer.

Specifically, the mitigation result includes at least one of:

the total remittance flow, the attack type, the number of attack sources and the first N attack sources with the maximum attack flow;

wherein N is a positive integer.

An embodiment of the present invention further provides a server, including:

the first receiving module is used for receiving a relieving result sent by the relieving provider equipment after the relieving is finished;

The embodiment of the invention also provides a server, which comprises a transceiver and a processor;

the transceiver is configured to: receiving a mitigation result sent by the mitigation provider device after the mitigation is completed;

The embodiment of the present invention further provides a server, which includes a memory, a processor, and a computer program stored in the memory and capable of running on the processor, and when the processor executes the program, the method for processing mitigation information is implemented.

An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps in the mitigation information processing method described above.

An embodiment of the present invention further provides a file tracking system, including:

the attack monitoring module is used for monitoring whether the distributed denial of service attack is received;

the client is used for sending a relieving request to the server under the condition that the attack monitoring module finds the distributed denial of service attack;

Optionally, the server is configured to store the mitigation result in a first block corresponding to the server.

Optionally, the mitigation provider device is configured to send a request success message to the server after receiving the notification message sent by the server;

the server is used for storing the relieving request in a first block corresponding to the server after receiving the request success message.

Wherein the request for mitigation comprises at least one of:

wherein N is a positive integer.

Wherein the mitigation result includes at least one of:

the total remittance flow, the attack type, the number of attack sources and the first N attack sources with the maximum attack flow;

wherein N is a positive integer.

The invention has the beneficial effects that:

according to the scheme, the problem that different anti-DDoS systems are in different roles and lack of information sharing mechanisms can be solved by receiving the relieving result sent by the relieving provider equipment after relieving is completed, using a block chain protocol to complete block consensus, writing the relieving result and the relieving request corresponding to the relieving result into the block chain of the file tracking system.

Drawings

FIG. 1 is a flow chart illustrating a mitigation information processing method according to an embodiment of the invention;

fig. 2 is a schematic diagram showing the data content recorded in the zone block;

FIG. 3 is a block chain diagram of a DOTS server;

FIG. 4 is a detailed flow diagram of a chain of mitigation information write blocks;

fig. 5 is a block diagram of a server according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in detail with reference to the accompanying drawings and specific embodiments.

The invention provides a method for relieving information processing, a server and a file tracking system, aiming at the problems that the existing DOTS standard only standardizes transmitted information, lacks of standardization for storage, and respectively takes global DDoS resistance as the basis at present and lacks of an information sharing mechanism.

As shown in fig. 1, a mitigation information processing method according to an embodiment of the present invention is applied to a server, and includes:

step 11, receiving a mitigation result sent by the mitigation provider device after the mitigation is completed;

and step 12, using a block chain protocol to complete block consensus, and writing the mitigation result and a mitigation request corresponding to the mitigation result into a block chain of the file tracking system.

It should be noted that, in the embodiment of the present invention, the server refers to a DOTS server in a DOTS framework, and the mitigation provider device refers to the same concept as the mitigation provider in the DOTS framework.

According to the embodiment of the invention, after the relieving result is obtained, the relieving result and the relieving request corresponding to the relieving result are written into the block chain of the file tracking system, so that the storage of the related information in the DOTS standard is realized, and the server stores the related information in the DOTS block chain, so that each server can access the specific attack event, the relieving result, the relieving request and other relieving information, and the conflict settlement of the cleaning flow can be completed accordingly.

It should be further noted that, before the step 12, the mitigation information processing method further includes:

and storing the mitigation result in a first block corresponding to the server.

It should be noted that, here, the mitigation result is stored locally before being written into the DOTS block chain, so as to facilitate management of information.

It should be further noted that, before step 11, the mitigation information processing method further includes:

step 13, receiving a request success message returned by the release provider equipment;

it should be noted that the request success message is sent to the server when the mitigation provider device starts to perform mitigation; further, before receiving a request success message returned by a mitigation provider device, a server should receive a mitigation request sent by a DOTS client (for short, a client), specifically, the mitigation request is sent to the server by the DOTS client when an attacked object (which may also be regarded as an attack monitoring module) in a DOTS framework discovers a DDoS attack, where it needs to be noted that the DOTS client also needs to carry detected distributed denial of service Telemetry (DDoS telemeasure) information in the mitigation request.

Specifically, the DDoS telemeasurement information includes at least one of the following:

wherein N is a positive integer.

Step 14, storing the mitigation request in a first block corresponding to the server according to the request success message;

it should be noted that, when writing in the DOTS block chain, the mitigation result and the mitigation request are written together, and when the mitigation result is not obtained, the information cannot be written in, at this time, the mitigation request needs to be locally stored first to wait for obtaining the mitigation result corresponding to the mitigation request.

It should be further noted that the mitigation request and the mitigation result written in the DOTS block chain are mainly stored in the block body, as shown in fig. 2, which is a schematic diagram of data content recorded in the block body, as can be seen from fig. 2, each block in the DOTS block chain correspondingly stores a mitigation request and a mitigation result written by a server, the block includes a block header and a block body, and the block body mainly stores the mitigation request and the mitigation result, specifically, the mitigation request specifically includes at least one of the following:

wherein N is a positive integer.

In particular, the mitigation result specifically includes at least one of:

the total remittance flow, the attack type, the number of attack sources and the first N attack sources with the maximum attack flow;

wherein N is a positive integer.

It should be further noted that all servers using the DOTS framework protocol for DDoS attack mitigation qualify for DOTS blockchain writing, as shown in fig. 3.

It should be noted that, in the embodiment of the present invention, a mitigation provider, a DOTS client, and a DOTS server in a DOTS framework are mainly used to implement writing of information into a block chain, specifically, after the DOTS server receives a mitigation request of the DOTS client, the DOTS server notifies the mitigation request to the mitigation provider, the mitigation provider feeds back that the mitigation request has been successfully received and starts to be mitigated, the DOTS server stores the mitigation request and the carried information into a block, the provider returns a mitigation result after the mitigation is completed, the DOTS server writes the mitigation result into the same block, and finally writes the result into the block chain through a block consensus algorithm, as shown in fig. 4, the specific flow of information writing is:

step 41, when the attacked object finds the DDOS attack, sending a release request by using the DOTS client;

specifically, the release request carries DDoS telemeasure information detected by the attacked object.

Step 42, the DOTS server receives the release request;

step 43, the DOTS server judges whether the request is successful, if the request is successful, step 44 is executed, otherwise, the release failure is determined, and the release failure information is returned to the DOTS client;

step 44, the mitigation provider starts the mitigation;

it should be noted that, when the mitigation provider starts to perform mitigation, a request success message needs to be returned to the DOTS server, and the DOTS server needs to store the mitigation request first;

step 45, the mitigation provider determines that mitigation is over;

it should be noted that, when the mitigation is finished, the mitigation provider needs to return a mitigation result to the DOTS server, and the DOTS server needs to store the mitigation result;

step 46, the DOTS server writes the relief information into the block;

it should be noted that the mitigation information includes a mitigation request and a mitigation result, where the two pieces of information are respectively stored in the block by the DOTS server at different times;

step 47, the DOTS server performs block consensus;

and 48, after the consensus is completed, writing the release information into the block chain by the DOTS server.

It should be noted that, by adopting the embodiment of the present invention, it is possible to implement that different DOTS servers form a block chain network, a feasible method is provided for different operators/relief providers to use DOTS to commonly defend DDoS attacks and perform traffic hedge settlement, and it is possible to implement that different relief providers use relief records stored on a block chain to perform traffic hedge settlement.

As shown in fig. 5, a server 50 according to an embodiment of the present invention includes:

a first receiving module 51, configured to receive a mitigation result sent by a mitigation provider device after the mitigation is completed;

a writing module 52, configured to complete block consensus using a block chain protocol, and write the mitigation result and a mitigation request corresponding to the mitigation result into a block chain of the file tracking system.

Optionally, before the writing module 52 completes the block consensus by using a blockchain protocol, and writes the mitigation result and the mitigation request corresponding to the mitigation result into the file tracking system blockchain, the method further includes:

and the first storage module is used for storing the mitigation result in a first block corresponding to the server.

Optionally, before the first receiving module 51 receives the mitigation result sent by the mitigation provider device after the mitigation is completed, the method further includes:

the second receiving module is used for receiving a request success message returned by the mitigation provider equipment;

and the second storage module is used for storing the relieving request in a first block corresponding to the server according to the request success message.

Further, before the second receiving module receives the request success message returned by the mitigation provider device, the method further includes:

the third receiving module is used for receiving a relieving request sent by the file tracking system client;

wherein, the request for relieving carries distributed denial of service telemetry information.

Specifically, the request for mitigation includes at least one of:

wherein N is a positive integer.

Specifically, the mitigation result includes at least one of:

the total remittance flow, the attack type, the number of attack sources and the first N attack sources with the maximum attack flow;

wherein N is a positive integer.

It should be noted that, the server provided in the embodiment of the present invention is a server capable of executing the mitigation information processing method, and all implementation manners in the embodiment of the mitigation information processing method are applicable to the server, and can achieve the same or similar beneficial effects.

The embodiment of the invention also provides a server, which comprises a transceiver and a processor;

the transceiver is configured to: receiving a mitigation result sent by the mitigation provider device after the mitigation is completed;

Optionally, before the processor completes the block consensus by using a blockchain protocol and writes the mitigation result and a mitigation request corresponding to the mitigation result into a blockchain of a file tracking system, the processor is further configured to:

and storing the mitigation result in a first block corresponding to the server.

Optionally, before the transceiver receives a mitigation result sent by the mitigation provider device after the mitigation is completed, the transceiver is further configured to:

receiving a request success message returned by the relieving provider equipment;

the processor is further configured to: and storing the relieving request in a first block corresponding to the server according to the request success message.

Further, before the transceiver receives the request success message returned by the mitigation provider device, the transceiver is further configured to:

receiving a relieving request sent by a file tracking system client;

wherein, the request for relieving carries distributed denial of service telemetry information.

Specifically, the request for mitigation includes at least one of:

wherein N is a positive integer.

Specifically, the mitigation result includes at least one of:

the total remittance flow, the attack type, the number of attack sources and the first N attack sources with the maximum attack flow;

wherein N is a positive integer.

An embodiment of the present invention further provides a server, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor implements each process in the above-mentioned method for mitigating information processing when executing the program, and can achieve the same technical effect, and details are not repeated here to avoid repetition.

The embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the computer program implements each process in the above-mentioned method for mitigating information processing, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here. The computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.

An embodiment of the present invention further provides a file tracking system, including:

the attack monitoring module is used for monitoring whether the distributed denial of service attack is received;

the client is used for sending a relieving request to the server under the condition that the attack monitoring module finds the distributed denial of service attack;

Further, the server is configured to store the mitigation result in a first block corresponding to the server.

Further, the mitigation provider device is configured to send a request success message to the server after receiving the notification message sent by the server;

the server is used for storing the relieving request in a first block corresponding to the server after receiving the request success message.

Specifically, the client sends a mitigation request to the server, where the mitigation request carries distributed denial of service telemetry information.

Wherein the distributed denial of service telemetry information comprises at least one of:

wherein N is a positive integer.

Specifically, the request for mitigation includes at least one of:

wherein N is a positive integer.

Specifically, the mitigation result includes at least one of:

the total remittance flow, the attack type, the number of attack sources and the first N attack sources with the maximum attack flow;

wherein N is a positive integer.

It should be noted that the file tracking system in the embodiment of the present invention is a system corresponding to the DOTS framework mentioned in the above embodiment, and the file tracking system can implement all the processes shown in fig. 4 in the above embodiment.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-readable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block or blocks.

These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While the preferred embodiments of the present invention have been described, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the following claims.

14页详细技术资料下载

Remission information processing method, server and file tracking system

相关技术

网友询问留言