| The network more and more widespread and is important in the human society life, however, the hacker attack events emerge one after another incessantly, the network security problem becomes the key problem gradually which the network service and its application further develops must solve. Distributed denial-of-service attack (DDoS) is one usual type of attacks in the network, it has caused huge economic loss in the recent years. So it is an very important target in the network security field to establish more effective defense mechanism against DDoS attack.The general systems against DDoS attack use the firewall primarily, intrusion detection system for auxiliary. But this method has the very big flaw, usually carries on the examination with difficulty to the characteristic of DDoS attack, and because system disposition near the main protected victim, it often has already occurred the serious congestion on the network link before system examined the attack, the network service quality has also come under the influence.This paper tried to research and summarize the network flow control, the congestion control mechanism, the packet filtering, the monitoring and analysis of the log file and so on. And proposed an distributed system model to defend the DDoS attack. This model constructs the system by various nets territory in cooperation way, take the router as the elementary operation unit, by the system module deployed among the middle-network and the vitim-network, based on the congestion control method which gathers differentiates the attack flow with the normal flow, carried out the flow monitoring and rate limiting. Through the analysis of it , elaborated this system merit and the insufficiency, and proposed the next step of work.Carried on the simulation to this system partial modules function to test, had proven this model have the good resistance to defense distributed denial of service attack. |
PDF Full Text Request