APPARATUS AND METHOD FOR COPING WITH APPLICATION LAYER DISTRIBUTED DENIAL-OF-SERVICE ATTACK

摘要

The present invention relates to an apparatus and a method for coping with an application layer distributed denial-of-service attack. The apparatus for coping with the application layer distributed denial-of-service attack comprises a packet acquiring part for acquiring a first packet directed from a client to a server after setting an HTTP session connection, if processing an HTTP packet is performed; a packet distinguishing part for distinguishing whether the first packet acquired in the packet acquiring part includes a preset request method; and an attack detection part for considering the session connection as an abnormal data transmission behavior and detecting the session connection as the distributed denial-of-service attack, if the first packet does not include the preset request method. Therefore, the apparatus and the method of the present invention are a solution to a problem of a traditional statistical scheme via a simple and clear algorithm; reduce the detection error rate almost to 0%; drastically reduce calculation processes needed for the detection to solve a performance problem; easily protect against even a new HTTP application layer based denial-of-service attack without other special modification; reduce application costs; and can be implemented by using a hardware logic using an FPGA as well as a software.;COPYRIGHT KIPO 2014