Reserach Into Anti-DoS Attack Model

With the development of the computer technology, network is rapidly popularizing and developing. When enjoying the benefits arsing from network, people are on the other hand facing the attack of Hackers,one of which attack is named DoS (Denial of Service)attack. The DoS is an effective and usual network attack technique, which employs the bugs of protocols or systems to launch the attack in a disguisd or fake way and finally disables the victim computer due to resources exhcaust and failure to reponse properly and results in the failure to supply normal service to legitimate users.Such attack appears ordinary .However it is simple but effective with a wide scope of attack and high degree of hiding,which to great extent affects the effective service of network and operational host.Among the other things,DDoS (Distubuted Denial of Service) is more notorious of its massive scale,hiding and difficutly of defending. This article will first expound the types of DDoS attack, among which several typical attacking methods and its prevention such as Surf,SYN flooding,DDos,TFN, DRDOS will be emphasized.Then, in the light of well-established theory of DoS attack, it is suggested to employ IDS to defend, including anomaly detection,arbitrary detection, and data mining.This article will focus on the establishment of a anti-DoS attack model.Such model,based on data mining theory, employs association rules, frequent episode rules and BP network rules to analyse the network flow in the logo and employs the BP network rules to train the neuro-net model,establish the trend curve of flow, define a dynamic variable threshhold and assess the anomaly flow and in addition employs the network connection message snatched by sensible module to mine an association model and frequent episode model by means of association rules, frequent episode rules,and then matches them with the corresponding rules in the database and if the matching succeeds, it can be determined that the attack happens.Consideraing the characters of some typical attacks are obvious, such model designs IP mining module and ports mining module so that the usual attacks can be precisely detected. In addition, when the new characters of attack are found, they can be added to database.In the light of network flow's connection with social background,such model integrates the manual assessment and automatic assessment so that new rules can be made accordingly and wrong assessment and drop of assessment can be avoided as much as possible. The experiment of some modules of this model has been conducted at my working site and some predominant anti-attack effects has been achieved.