| With the development of Internet, the tools of distributed denial of service attacks can be available everywhere and operated easily. So distributed denial of service attacks happen frequently. Distributed denial of service attacks have been considered as one of the most difficult security problems. Especially, there is no effective defense to bandwidth depletion attacks.This paper mainly researches into methods to defend against distributed denial of service attacks. Firstly, the method of Mahajan etc is improved in IP trace back and differentiating good and bad packages. The improved method can protect network bandwidth resource between attack sources and victim, and legitimate packages in un-attack paths. It can also protect legitimate packages in attack paths to a certain extent. Secondly, a probabilistic edge marking-based method to locate attacker is presented. This method can resolve such problems as Probabilistic Edge Marking can't give the locations of attack sources and attackers forge markingfield. It can achieve more exact attack path. Finally, a method to let the router delect DDoS attacks is proposed in order to detect and response them quickly. The methods to detect and control distributed denial of service attacks on the router are given. The method is validated by network simulation experiment. Experiment results show that the method can detect distributed denial of service attack and control it in time. It can reduce the time to detect and control distributed denial of service attack, and it can control attack before it prevails when parameters are settled suitably.
|
PDF Full Text Request