The Design Of Website Security Defense Platform

With the rapid development of science and technology today, the application of the WEB site is more and more colorful, which brings great convenience to people's life. But on the other hand, the defect existed in Network protocol turns network security into a more and more serious problem. In the application layer, only a little request sent by the client can greatly consume the server's resources. APP-DDOS aiming at WEB site just takes advantage of this point. Among the security threats confronted by web site, the proportion of APP-DDOS attack is larger and larger, and also more and more difficult to defense. Therefore, effective detection, control and filtration of APP- DDOS attack is of great significance for the protection of website security.Based on relevant research on APP-DDOS defense technology at home and abroad, this paper design and implement a defense platform for website security. The platform can effectively defense and control APP-DDOS attacks and meanwhile leaves an interface for security threats such as Web tampering, injection attacks so as to better integrate and extend website security defense. This Platform adopts three key technologies: the URL dynamic mapping method, integral payment policies and incentive mechanism. From the perspective of hiding the real resource address of the server, URL dynamic mapping method tries dynamic mapping on the resource address requested by the client each time. Only when the mapping address matches database records will the response be obtained from the back-end WEB server. At the same time, the mapping address cannot be cracked by force, thus the attacker cannot accurately aim at attacking target so that denial service is available. Integral payment strategy is the improvement of black-white list method by proposing integration and service price to measure the server's resource conditions; when the server is attacked,this strategy can minimize it as a certification of normal users' delayed access, and reduce the calculation burden of the URL dynamic mapping method. Incentive mechanism integrates the thought of the Turing test, making new users prove themselves as normal users in a series of related operations, therefore reducing the delay of new users' access to service.Finally, the thesis creates the experimental environment, and carries out simulation experiment on the web security defense platform designed andimplemented in the paper. The experimental results show that the defense platform has a good defense effect on APP- DDOS attacks.