METHOD FOR IDENTIFYING A DENIAL OF SERVICE ATTACK AND APPARATUS FOR THE SAME

摘要

PURPOSE: A DoS(Denial of Service) attack detection method and an apparatus thereof are provided to detect DoS attack impossible to be detected. CONSTITUTION: If extracted body size is smaller than the maximum segment size, a packet size comparing unit(330) increases the number of attack distrust series packet as 1. If the number of attack distrust series packets is greater than the minimum series packets, an attack determining unit(340) determines service denying attack about a corresponding session. A session blocking unit(350) blocks the session. [Reference numerals] (310) Packet detecting unit; (320) Attack determination initializing unit; (330) Packet size comparing unit; (340) Attack determining unit; (350) Session blocking unit; (360) Determination termination unit; (91) Total transmission schedule data size; (92) Accumulated data size; (95) Minimum successive packet number; (96) Attack core successive packet number; (97) Packet size; (98) Maximum segment size; (AA) Zombie PC; (BB) Packet transmission