Three-layer loop flow detection supported and DDOS attack resisted shunting system and method

The invention provides a three-layer loop flow detection supporting and DDOS attack resisting shunting system and method. In the shunting system, characteristics of the system are utilized to detect the flow of a three-layer loop and resisting DDOS attacks. A characteristic library and a resolver module are introduced, a shunting device obtains a message key field matching characteristic library,a threshold is set to confirm a flow identification content, a learning module is added for messages that cannot match the characteristic library so as to adapt to the diversity of network messages, and the characteristic library is adjusted dynamically in real time; and according to the identification content, the resolver processes the messages further by shunting the messages to specific deviceor dropping the messages. 本发明提供种支持三层环路流量检测以及抗DDOS攻击的分流系统及防反，在分流系统中利用系统特性，实现三层环路流量检测和抗DDOS攻击功能。其中，引入特征库和裁决器模块，通过分流设备获取报文关键字段匹配特征库，通过设置阈值来确认流量标识内容，对于无法匹配特征库报文，增加学习模块以适应网络报文多样性，增加特征库的动态实时调整；裁决器根据标识内容，对报文做进步处理，包括分流到特定设备或者丢弃包文等操作。