Reflection attack detection method, system and device and computer readable storage medium

The invention relates to a reflection attack detection method, system and device and a computer readable storage medium. According to the invention, by counting the source IP pairs accessing the same destination port of the same destination IP in the same time window and the number of the time windows in which the source IP pairs appear, the normal access traffic and the abnormal access traffic of the source IP in the intranet can be effectively distinguished, and the situation that the normal access traffic and the abnormal access traffic are mixed together and cannot be accurately detected is avoided. Meanwhile, according to the embodiment of the invention, each source IP of the target IP is analyzed and counted, so that the situation of missed judgment caused by dispersion of reflection attack traffic to a plurality of source IPs is improved, and the accuracy of internal network reflection attack detection is further improved. 本公开涉及一种反射攻击检测方法、系统、设备及计算机可读存储介质。本公开通过统计同一时间窗口内访问同一目的IP的同一目的端口的源IP对，以及该源IP对出现的时间窗