| As the Internet becomes widely used in our daily life,the security problem will effect the future development of the Internet directly .Network attacks damaged networks and users,among which DOS(Denial of Service)attacks become one of the common networks attack techniques by the characteristics,such a extensive area,strong concealment,simpleness and efficiency,etc.DoS attacks greatly affected the effective service of network and host systems,especially among which,DDoS(Distributed Denial of Service)attacks are greatly threatening Internet,since they are difficult to recognize and defense due to their concealment and distribution.Firstly,this paper analyzes DoS/DDoS attack principles and their features. Secondly,it is made a statistic analyzed model about normal network flow and is detected DDoS attacks by the model.This system is composed of event generator, event analyzer, event database and response unit.Event generator captures data packet and analyzes their protocols. Event analyzer uses two detection teckniques,namely anomaly detection and misuse detection. Misuse detection compares captured network packet with known attack model(detection rules).If it finds the harmonizer,it thinks this is a attack event,reports to response unit and logs the primitive information and analyzed results in the event database.But anomaly detection uses based-on statistic analyzed model detection "anomaly" network actions.When there are intrusion events,response unit makes alarm information and reports to the administrator.Event database storages intrusion object data information which is used when the system needs these information. |
PDF Full Text Request