Research On The Method Of Detecting DDoS Attacks Based On Traffic Self-similarity In IPv6 Network

With the development of network technology, network security becomes especially important. DDoS applies hundreds of distributed masters to control thousands of slavers with procedures implanted to initiate the conduct of large-scale attack simultaneously. That IPv6 will replace IPv4 as next generation of Internet protocol is an inevitable trend. Although IPv6 is superior to IPv4 in address space, addressing mode, IPsec, QoS and scalability, there still have specific security and protocol vulnerability leading to DDoS attacks. Even now DDoS is still the major threat in network including IPv6, because of implementing easily, preventing and tracking hardly.The thesis makes a deep research on the DDoS attacks principle, pattern, and tools, a detailed analysis of the IPv6 specific security. Considering IPv4 traditional detection methods, a real-time and high-precision detection method based on traffic self-similarity in IPv6 is proposed. It applies functional module design. The main works of the paper are summarized as follows:Firstly, as IPv6 packet format changes, we improved the data structure. WinPcap have three major functions, data link access technology, a specific packet filtering technology, operating the statistical model under Windows. It uses the WinPcap for the realization of"flow"data real-time capturing, monitoring and analysis in IPv6. Secondly, considering choose and realization of Hurst parameter estimation. Owing to IPv6 Routing fragment mechanism saves storage and reduces the complexity of the algorithm.Whittle MLE makes a balance point between high precision and complexity, and is applied firstly to detection real-time data.Then Hurst difference value is the further judgement to find potential attacks and improve high-precision.Thirdly, we construct IPv6 LAN communication, combine with the characteristics of DDoS attacks in IPv6, write C program of DDoS attacks thread to attack special host, and then collect flow changed situation between the normal network and introduction of DDoS attacks network.Finally, experiments and analysis on the feasibility, real-time and precision of the proposed detection method are performed.Detection is the first step in defense.The proposed method provides the necessary premise for defending DDoS attacks in IPv6, good application value.