| With the diversification and individuation of web service, Service Selection Gateway (SSG) has emerged. But network security has also become increasingly prominent. In particular, denial of service attacks has become the biggest threat to Internet Content Service Providers. In this environment, how to combine the SSG existing access control model to design a reasonable defense scheme becomes the target of this study.Firstly, this paper studies the defense mechanism of denial of service. Taking into account the URL access control model in service select gateway, a connection control policy called TCP-SHIFT is proposed. TCP-SHIFT,combines SYN Cookie with the URL resource access control model,successfully resolves the limitations of the SYN Proxy and SYN Cookie in the practical application.Secondly, basing on TCP-SHIFT,Captive Portal which makes the certification services more user-friendly and Protocol Extension Framework which ensures a comprehensive protocol processing power are also realized. Finally, the result of the experiment in the simulation environment shows that TCP-SHIFT is able to guarantee the normal access of servers under the 80Mbps attack traffic. |
PDF Full Text Request