DRDoS Method and System for DRDoS Request Detection based on Suspicious Traffic Adaptive Threshold

摘要

The present invention provides a method and system for reducing network congestion and impact of DRDoS attack by detecting DRDoS attack request traffic before DRDoS attack traffic is amplified using an adjustable sampling rate and a detection threshold generated in traffic information of IoT gateway sub network based on SDN for preventing generation of amplified attack traffic of DRDoS in advance. According to an embodiment of the present invention, the method comprises the steps of: collecting traffic of IoT network through IoT gateway; and analyzing the collected traffic to detect a DRDoS attack request. Accordingly, by adjusting a sampling rate and a detection threshold depending on a situation of IoT subnetwork, the method and system may detect DRDoS attack request traffic in a small size to reduce impact of the DRDoS attack amplified in the future and prevent damage to a victim and network congestion from DRDoS amplification attack.