The Study Of Defense Strategy Under Distributed Denial Of Service Attacks

Distributed Denial of Service(DDoS) attacks are one of the most serious threats facing the Internet today. DDoS attacks overwhelm a system or network by sending large amounts of network traffic,thereby exhausting the target's computational or communication resources. A single attacker,using a DDoS attack tool,is able to direct thousands of systems in a coordinated Denial of Service(DoS) attack against a target system. how to defend DDoS attacks has become a severe problem catching a every one's attention. This thesis designs a DTM model to defend DDoS attacks based on the full analysis of DDoS attacks defending strategies. There are three parts in the model: detection, traceback and mitigation.In this article, the principles and characteristics of DDoS attacks are analyzed, the tools of DDOS attacks in common use are discussed, and , the source codes of TFN2K are unscrambled. According to characteristics of DDoS attacks, three kinds of technologies including mode matching, anomaly detection and system resource scouting are applied in this DTM model on the base of full discussions on diversified methods of denial of service attacks detection. That's to say, mode matching is used to detect known attacks, anomaly detection is used to detect the unknown ones, and system resource scouting will find attacks from the angle of resource. The combined usage of above three kinds of technologies could perceive any attack as early as possible, then, the tracing system is triggered. The combined usage of backscatter traceback, collapsar route and sink hole will make the attack origin oriented quickly and exactly after detecting DDoS attacks. collapsar route is used to absorb all message and drainer router is used to collect ICMP unreachable message to find out the attack origin.For the sake of reducing the damage caused by attacking to the least, making an ample analysis of filter technology, the DTM model puts forward the filtration rules adopting triple, furthermore making the filtration closing with the attacker at most. The design of this model bases on the distributed networking environment. Each kind of technology aiming at three parts respectively is scalable. In other words, they have good scalability. The model has been put into effect of the current SYN Flood attack defending and proved to be feasible.