| 摘要 |
Since an existing static threshold scheme responds to an attach regardless of a user profile and a server state and responds to a packet exceeding a specific threshold without discriminating a normal user, a normal service may not be provided by removing a packet of the normal user. Accordingly, an embodiment of the present invention suggests a technology for responding to a distributed service denial attack which efficiently detects and responds to the distributed service denial attack by collecting service request pattern information by hosts, for example, a service request time, a request service, and a service use time based on time series, and storing and managing the collected service request pattern information in a traffic profile table. Further, by estimating and adjusting a traffic amount introduced into a server using information of a traffic profile table and a server state table, it is possible to respond to the distributed service denial attack and a service of a serve can be continuously and normally maintained. In addition, it is possible to store and manage state information such as the number of service requests in a CPU and a memory of various types of servers located at a sever farm. [Reference numerals] (10) Network; (100) Traffic profile information collector; (102) Traffic profile table; (104) Server state information collector; (106) Server state table; (108) Distributed service denial attack responding unit; (12) Server farm |
