A Source-End Defense Method Against DDoS Attacks

Distributed Denial of Service(DDoS) attack is the second serious threat to worm virus on the Internet nowadays, which can result in an annual economic over hundreds of billion US dollars.Since it utilizes loophole of system and potential security hazards of Internet to make attacks, which is featured in natural behaviors and difficult to defense, researches on the security mechanism to defense DDoS attacks have become a hotspot in the network security field. Till now, we still don't have any effective DDoS defense mechanisms to thoroughly solve this problem. While in all DDoS attacks 90% is SYN Flood attack.Based on research of DDoS attack theory, this thesis analyzes existing defensive mechanisms, and summarizes characteristics and problems of these mechanisms according to their different performing locations.By detecting the attack characters, a Source-End Defense Method is designed to defense DDoS attack, which has a higher accuracy rate,a lower false positive rate and a shorter response time. SEDMD is most characterized by its capability of detecting all the DDoS attack within areas it covers and filtering attack packets at source-ends. Afterwards, based on this defense method, the paper proposes a corresponding strategy of avoidance in the attacker's perspective.Then the paper improves the defense method put forward previously, that is, even if the attacker uses the strategy, his attack packets can still be detected and filtered accurately and efficiently.Lastly, some simulation experiments have been done for this paper. The result shows that the method advanced in this paper can indeed defend the attack effectively.What's more, the rate of detection accuracy, false alarm and response time is superior to the same defensive mechanism currently employed.In addition, this paper analyses and evaluates the expense of this system, and makes a comparison of the benefit, which proves that the expense is comparatively large, but it still has a realizable value.Besides,its expense is directly consistent with its coverage area, which enables us to find a balance in the affordable range of expenditure.