APPARATUS AND METHOD FOR DETECTING AND PREVENTING DDOS ATTACK BASED ON FLOW

摘要

The present invention relates to an apparatus and a method for detecting and preventing distributed denial of service (DDoS) attacks based on a flow, capable of preventing an overflow even if traffic is increased. The method for detecting and preventing DDoS attacks includes the steps of: checking whether a DDoS attack property is present in each input packet, and generating flow information including a flag indicating existence of the DDoS attack property and a DDoS counter indicating the number of times; detecting the DDoS attacks over IP by using a value obtained by aggregating the DDoS counter included in the flow information over IP; and as a result of the detection, selectively omitting bandwidth limitation and transmitting a packet, depending on correspondence of the packet transmitted to an IP under the DDoS attack to a flow of which service is analyzed beforehand.;COPYRIGHT KIPO 2016