| With the popularization and application of computers and networks, the relationship between internet and people is closer. At the same time, Internet security is highly valued by many countries and organizations. Lots of attacks against Internet rised, and DDoS is a relatively simple, yet very powerful technique to attack Internet resources. It greatly affects the effective function of the network business. The traditional network defence strategy is very hard to work on this kind of attack. Some corporations and government departments, whose business activities and confidential information transmission depend on Internet, are very hunger for a kind of effective security mechanism to protect their network devices and Internet activities. It is special important to research and develop an anti-DDoS production which can really defense the DDoS attack.The primary contributions of this dissertation are:(1)A DDoS defence architecture which works well with special network processor is brought forward. An anti-DDoS system is implemented, which combines the defence architecture and CAVIUM corporation's OCTEON3120 double-core network processor. Anti-DDoS system is a network security equipment integrated with hardware and software, it makes use of the high performance of the OCTEON3120 network processor, supported by other computer servers, constructs a DDoS defence net structure, accesses to the network transparent, detects and intercepts DDoS attacks flow.(2)A abnormity detection module is designed and implemented, according as the covariance analysis model. Abnormity detection module makes use of the association of packets' different attributes, calculates these attributes' covariance matrix of sample packets, then calculates the Euripides-Distance between this covariance matrix and the expectation of covariance matrixs in history. The distance is considered as a measurement value to judge whether the network abnormity takes place or not. Square estimate was adopted to endue Abnormity detection module the ability of self-learning, and reliability estimate was introduced to reduce the misinformation rate.(3)A method to evaluate packets' dangerous level is brought forward. According as Bayes theorem, each key attribute of packets is divided to different kinds by the attribute value, then calculates the probabilities of every certain kind packet is normal. If a packet is normal, its probability will be close to the average value of normal flow. In this method, every single packet's probability is calculated, and mapped to different dangerous levels that will be considered as references by DDoS defence engine. |
PDF Full Text Request