The Research On Defense Techniques For Distributed Denial Of Service Attack

As people's dependence on computer networks becomes stronger, network security is getting more and more important. Because of its distributed characteristics, Distributed Denial of Service (DDoS) attacks have more attack resources and more destroying power. So they are very difficut to defense. Currently, there are three kinds of DDoS attack defense policies which are based on the attacking source networks, the victim networks, and the intermediate networks, respectively. For these three policies, there are already some mature technologies and systems, for example, intrusion detection systems on the victim networks, DDoS firewalls, and core router packet filtering technology.Many defense systems have been designed in the academic and commercial communities to counter DDoS attacks, yet the problem remains largely unsolved. This dissertation explores the problem of DDoS defense from two directions.(1) The origin of the problem and all its variations are discussed, a survey of existing solutions is provided, and the theory and classification of DDoS attacks, the DDoS attacking tools, and the defense tactics are analyzed. The DDoS defense methods are analyzed in detail which is the basis of DDoS defense.(2) The design and implementation of a DDoS firewall is presented that prevents ongoing attacks from the distributed attacking networks. We focus on Gbps DDoS firewalls, bandwidth depletion DDoS defense in high-speed networks, and active defense of third party against DDoS defense model. However, firewalls or DDoS defense algorithms are not the complete solution to DDoS attacks. This dissertation addresses the victim-end defense (implemented in the Firewall system), the middle network defense, and the third party defense. These methods can detect and prevent a significant number of DDoS attacks, do not incur significant cost for its operation, and can offer good services to the legitimate traffic during the attacks.A GA algorithm is proposed based on the research on high-speed network DDoS defense. Mainly because the low-speed filtering equipment cannot be used for high-speed network environments, we use routers to filter bandwidth depletion DDoS traffic. The main idea is to use statistical approaches to allocate weight for the traffic at the routers. We propose a new method based on Genetic Algorithm to filter traffic on the routers and maximize goodput. The feasibility and effectiveness of our approach is validated by measuring the performance of an experimental prototype against a series of attacks. The advantages of the scheme are discussed and further research directions are given.Considering the entire Internet DDoS defense, the third party DDoS defense method is proposed for the first time. If the third party has enough resources to defense against the attackers, then the DDoS defense for the victim network and the servers will succeed. A new DDoS defense model is proposed based on Differential Games theory. Four main actors are included:Attacker, Defender, Victim, and Botnet. It is believed that Victims who experience an attack should cooperate with the Defender to defend against DDoS attacks. The Differential Games model are used to determine the minimum number of Bots that should be controlled by the Defender to block the DDoS attacks effectively. The feasibility and effectiveness of this approach is validated by simulation experiments with NS2. The advantages of the scheme are discussed and further research directions are given.At the present time, DDoS firewalls all adopt the ASIC or X86 architecture. There are no DDoS firewalls based on a Network Processor. NP has both the advantages of ASIC and X86. After analyzing the problems with the classical DDoS firewalls and the merits of IXP2400 network processors, a Gbps DDoS firewall is designed and a statistical analysis algorithm for the high-level protocols, an active defense algorithm in the application layer, and a state Bloom Filter algorithm are proposed. The feasibility and effectiveness of this approach is validated by measuring the performance of an experimental prototype against a series of attacks. The advantages of the DDoS firewall are great capabilities by a single firewall, lower workload under attacks, zero exit bandwidth consumption, high efficiency in dealing with both small and big TCP/UDP packets, and with good effect on application level DDoS.