| Distributed Denial of Service(DDoS) Attack is a newly developed attack type, which is the extension of Denial of Service(DoS) Attack. Due to its distributed characteristic, DDoS attacks possess more attack resources and have more destroying power. So, it is very difficult to keep them away. DDoS attacks bring much great threats to Internet security and research on them become a hotspot in network security fields.By proposing new taxonomies, the attack mechanism of DDoS attacks is analyzed in detail and a thorough study and classification of DDoS attacks means are given, with the emphasis on the common used TCP flooding attacks. Then, the research, comparisons and estimations of the counter measures in existence are made in detail, and the research emphasis is put on the detection - filtering mechanism and the IP traceback technique.Two new kinds of detection-filtering mechanism are proposed in this paper. They are Distributed Attack Detection-Filtering mechanism (DADF) and Local Attack Detection-Filtering mechanism (LADF). An abnormal detection technique based on Statistic distribution characteristic of IP addresses presented to provide intrusion detection. In addition, the "shock" detection technique is proposed to counter TCP flooding attacks, which can improve the efficiency of detection. Of the two new mechanisms, the former can act as the security infrastructure, which can be deployed on the Internet core routers or key routers in local autonomic systems. And the latter can be disposed on the victim and its upstream ISP network, which can counter TCP flooding attacks in effect.
|
PDF Full Text Request