Based Distributed DDoS Attacks And Prevention Research

Posted on:2012-09-02

Degree:Master

Type:Thesis

Country:China

Candidate:Q Huang

Full Text:PDF

GTID:2178330335461606

Subject:Computer application technology

Abstract/Summary:

The Internet has become increasingly important to current society. It is ch anging our way of communication, business mode, andevene veryday life. U nfortunately, because of the deficiency in the network (especially the TCP/IP p rotocol), there are a lot of attacks, among which DoS (Denial of Service) attacks become the common network attacks techniques by the characteristics, such as extensive area, strong concealment, simpleness and eficiency, etc. And DoS attacks affected the effective service of network and host systems. In particular, DDoS (D istributed Denail of Service) attacks are greatly threatening Internet, since they are difficult to recognize and defense due to their concealment and distribution.In this paper, we fast analyze the principle of DoS/DDoS attacks, after s urveying the DoS/DDoS's definition and typical attack approaches, we update the classification of DDoS/DRDoS attacks, including 3 categories such as bandwidth consumption-type attacks,resourse exhaustion attacks,programming defective attacks. Next,we make a brief introduce of the common defense methods to the DDoS,The common defense methods include that bandwidth/traffic restriction policy, network hardening strategy of the border,attack monitoring strategy and attack response strategy.Based on the common preventive measures,we propose a new defensive measures ,that is the DDoS defense using the collaboration of client and servers. To defend against distribute denial of service(DDoS) attack,A special DDoS defense scheme that the collaboration of puppet machine and servers is hereby proposed. For the connectionless oriented attack,Such as UDP flood and ICMP Smurf attack, We are mainly using the method of traffic monitoring and protocol analysis on puppet-side. For the connection oriented attack, We adhere the technology of SYN Cookie which using the collaboration of client and servers, Therefore, it is effective and initiative to defend against the DDoS attack. Simulation results validate the effectiveness of said scheme. Finally ,this paper describes the knowledge about the network simulation, Using OPNET network simulation software to do simulation experiments, it initially verify the effective of the DDoS defense that using the collaboration of client and servers.

Keywords/Search Tags:

DDoS, the collaboration of client and servers, puppet machine, OPNET

Related items

1	Research On DDoS Attacks And Defense System
2	Towards SDN Based DDoS Defense Framework With Cross-Plane Collaboration
3	Target Testing Network For DDoS Attacks Detection And Defense Simulation Research
4	The Defense And Detection Method Of The DDoS Attack Of Application Layer
5	Research And Implementation Of Key Techniques For The Client Layer Of The Progressively Weakened DDoS Attack Defensive System
6	Client-server computing model and comparison of commercially available database servers
7	Research On The Detection And Defense Of DdoS Based On Routing Collaboration
8	Design And Development Of Resource Management Platform For Life Cycles Of Servers In A Cluster
9	Ddos Attacks Defense Technology And Model
10	Design And Implementation Of DDoS Defense Mechanism Based On Machine Learning In Smart Identifier Network