TCP abuse defense method based on ANN and heuristic rule

• Main Authors: ZUO CHENGUANG, TANG DAN
• Format: Patent
• Language: Chinese; English
• Published: 26.04.2024
• Subjects: ELECTRIC COMMUNICATION TECHNIQUE; ELECTRICITY; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION

The invention discloses a TCP abuse defense method based on ANN and heuristic rules in a data plane, and belongs to the field of computer network security. The method comprises the following steps: for optimistic ACK, selecting an ACK sequence number step length as a feature, after collecting feature data, detecting a flow as a normal flow and a suspicious flow through ANN, and then performing packet loss processing on the suspicious flow by using a heuristic switch rule. For ECN abuse, the length of an outlet queue of a switch is selected as a feature, after feature data are collected, a flow is detected as a flow under a normal condition and a flow under a congestion condition through an ANN, and finally, a data packet processing logic written based on a data plane is used for carrying out message modification processing on the flow, so that the flow conforms to a rule of the ECN. The method provided by the invention can be used for defending the abuse of the two types of TCP protocols, and is an effective