Research On DDoS Attack Based On The Application Layer

Along with the rapid development of computer technology, computer network has deeply into all aspects of People's Daily life, gives people's all activities brought convenient,but at the same time, the problem of network security, not be allowed to ignored,and the network crime increasingly serious. In many of the network security behavior, DDoS is undoubtedly one of the effective methods in the most often occur attacks. Able to form a larger destructive and DDoS attack means has diversity.Its causes a network protocol itself design problem, also have a lot of human factors, and attack means also is changing, give a huge threat of network security. This article proposed based on user behavior analysis and Verification mechanism testing technology that mainly aims at occurred in application-layer traversal of DDoS attackThis paper firstly analyses the principle of DoS and happen in the network layer and the transport layer that called traditional DDoS, explains the attack process of DDoS, the analysis results show that occurred in the network layer and the transport layer DDoS attack is mainly use network protocol of TCP/IP design loophole to attack. The researchers at such attack did a lot of research work,this paper analyzed some results, in view of the different detection technology also separately listed several typical defense method,such as the honeypot technology, SYN Cookie technology and network boundary filtering technology and so on.Combining network layer and the application layer, facing the attack occurred DDoS, this article focuses on the application layer DDoS attack occurred, analyzes the differences and similarities about the traditional DDoS attacks and occurrs in application layer, Analyzes the reason of why the traditional detection and prevention method is not suitable for and new-style DDoS attack, and lists the common attack modes,such as the DNS-DDoS attack, CC attack and so on. Through the analysis of the current study advantages and disadvantages of each method proposed a attack detection model that based on user behavior,its core thought is analyses user conduct, according to the network traffic produce abnormal situation, proving the IP address of suspected attack, Then find out the attacking source. This paper simulated experiment for CC attack, through the experiment data the result can be clearly seen, based on the user's behavior can find network anomalies flow, and through the verification mechanism can be sure abnormalities,which reduce the rate of false positives.