The Research For TCP/IP-Based DDOS Detection And Defense

With the rapid development of the internet in recent years, the internet is widely used in our daily life and business area. The security problem will effect the future development of the internet directly. Denial of service (DOS) attack and distributed denial of service (DDOS) attack, with easy to operate, hard to protect and difficult to trace, are one of the greatest difficulties in the network security area. Thus how to detect the attack and reduce the damage of this attack has become the topic of network security research throughout the world at present. Analyzing the principle and the features of the denial of service attacks and the distributed denial of service attacks, we find most of the denial of service attacks and the distributed denial of service attacks are due to the defect of TCP/IP protocol. TCP/IP is the most popular protocol model in the internet. However, at the beginning of the design of TCP/IP, there is no consideration of security. Which have dramatically damaged the availability of internet. The research on denial of service attack based on TCP/IP protocol is important to reduce economic losses and reduce the damage of the network performance.This paper describes the characterristics and the existing state of affairs of denial of service attack, introduces the detection and defense methods, styles, principle of the denial of service attacks, fully analyzes the TCP/IP protocol and proposes a TCP-based method of detection and defense the DDOS attacks. The main research content is shown as follows:(1) This paper analyzes the priciple and the process of distributed denial of service attack and points out the defect of defense methods of distributed denial of service attack.(2) Analyzing the drawbacks of TCP/IP protocol and introducing the reason why denial of service attack is difficult to solve.(3) In view of the above analysis, we propose a TCP-based method of detection and defense the DDOS attack which is divided into DDOS attack detection module and DDOS attack defense module. DDOS attack detection methods is through detecting the changes of every two flags'correlation, we can not only find whether a flooding attack occurs, but also identify which kind of flooding attack is taking place. In the paper, we describes the theoretical basis and workflow. Defense method is based on retransmission timeout of three-way handshake. Which is through monitoring and tracing the packets to defense DDOS attacks.(4) Presenting the processing, key technology, data structure of the detection method, realizing the system.(5) we do the experiments under the laboratory conditions to test and verify the performance of the detection and defense methods proposed by this paper. Experiment results show that this method can detect and defense the DOS/DDOS attacks promptly and efficiently.Finally, a summary is given and the future research directions are also pointed out.