| DDoS, developed in recent years, is a novel distributed attacking approach. Based on the Client-Server architecture, DDoS uses encrypted information for communication and now it tends to be one of the most severe threats on the Internet. Many ways of attacking technique, including flooding and source address spoofing are applied by DdoS. Thus, defending this threat is very difficult. And it is badly needed to prevent attacks from both internal LANs and the external Internet effectively. To defend DDoS attacks, much research work has been done on attack fashions, characters and recovery means to solve the problems encountered at different stages of the attack.At first, this paper analyzes the characters and styles of DDoS. Then, it does some research for existing DDoS characters and styles. Based on these preparations, the paper brings forward and implements a DDoS system platform based, extendable security framework, which ensures the usual operation of Internet.Subsequently, the paper describes how to design and implements the security framework. It first makes a deep research into the filter and verifies its feasibility. Then it explains packet validation mechanism, and researches on connection maintenance, and taking the system platform into consideration, design and implement an improved Syn cookie model.At last, we design several performance test cases. The test cases show that, with added the security mechanism, the system's performance cost has increased very much. But we can improve the security mechanism to lower the performance cost.
|
PDF Full Text Request