A Research-Based Honeynet To Prevent Distributed Denial-of-Service

Nowadays Distributed Denial of Service ( DDoS ) attack has become to be one of the greatest troubles in Network Security . There seem to be no substantial imProvement in anti一DDoS research on atiack defending , detecting and retorting yet , nor did any effective or nicety method appear to predict the DDoS attack in timeThe detection and defending of DDoS attack is one ofthe frontiers of Network Security .Reactive techniques that try to detect such an attack and throttle down malicious traffic prevail today but usually requirean additional infrastructure to be really effective.In this paper we show that preventive mechanisms-based on honeynet can be as effective with much less effort: We present an approach to (distributed)DoS attack prevention that is based on the observationthat coordinated automated activity by many hosts needs a mechanism to remotely control them. To prevent such attacks, it is therefore possible to identify, infiltrate and analyze this remote control can mechanism and to stop it in an automated fashion.At the same time, the paper proposed an idea to modify the tool of Sebek. It can conceal Sebek in a much better way and improve the efficiency of the system as well. At last, the paper made a conclusion of several valuable DDoS defence systems which have been in use.