1. Technical Field
The present disclosure relates to the field of communications, and more particularly, to a method and an apparatus for detecting and defending against a Challenge Collapsar (CC) attack.
2. Description of Related Art
Accompanied with continuous development of the Internet technologies, the network security problem becomes more and more important. As one of the most commonly used means for network attacks, Distributed Denial of Service (DDoS) attacks have developed at a pace faster than the defense technologies in recent years. As the annual security report made by Arbor Networks Corporation in 2010 indicates, the traffic of DDoS attacks are increasing geometrically in recent years and have increased from 50 Gbps in 2009 to 100 GPs in 2010. Many international important events occurring in 2010 and 2011 can be attributed to DDoS attacks.
As a kind of DDoS attacks, Challenge Collapsar (CC) attacks mainly attack webpages. A CC attacker generally sends a lot of HTTP requests (e.g., forum searching) that consume system resources to a target server 11 via a proxy server 10 in the network. This will exhaust the system resources of the target server 11 and make the target server 11 unable to respond to requests of normal users.
Currently, there are only a few methods available for detecting and defending against CC attacks, and most of the methods suffer from a long lagging time and a high false rate. For example, a scheme that detects whether a server is subjected to a CC attack according to changes in a ratio of request messages to response messages just suffers from a long lagging time because the system may have already been attacked for a period of time when a significant change in the ratio of request messages to response messages is found. Furthermore, this method tends to determine a normal peak-hour access as an abnormal CC attack, so the false rate is high.