| DDoS, issued in recent years, is one of the severe threats on the Internet. DDoS uses many attack means and styles, including flooding and source address spoofing. So it needs to protect systems in the Internet from internal or external attacks. To defend DDoS attack effectively, many people do a lot of research on attack fashions, characterristics and recovery means to solve the problems meeting at different stages of the attack.At first, this paper analyzes the characterristics and styles of DDoS. Then, it does some research for existed DDoS characterristics and styles. Then it implements a DDoS system platform based on extendable security framework, which ensures the usual operation of Internet.Subsequently, the paper describes how to design and implement the high-speed filter. It first deeply researches into the filter and verifies the feasibility. Then it explains packet validation mechanism, connection maintaince, and with taking the system platform into consideration, design and implement a Improved-Syncookie model.At last, we design several performance test cases. The test cases show that the high-speed filter can protect away from the SYN Flood attack effectively, at the same time it has been much more improved than traditional protect ways on the filtering and processing capacity. |
PDF Full Text Request