| DDoS attack is one of the most serious threat to the Internet security. And much urgent need for defense is ever growing due to the increasing crackers and reforming attack utilities. So the importance of the problem turns academia into focus on the transition from static defense unity to active prevention architecture, among which goes one possible way to the combination of the active networking and DDoS prevention system.The paper presents the DDoS prevention technologies at first. These include intrusion detection, DDoS defense and traceback. Then it investigates the structure and composition of the active network. At last it looks into the DDoS prevention idea and model based on the active network.The paper makes an anlysis and implementation on the DDoS prevention system based on the active network. Firstly it describes the arctecture and procedure of the whole system. Secondly it designs the detection module, analysis module and execution module in terms of logic function, and also details the makeup, process, code of the thress modules. Moreover it discusses some critical technologies. The detection module introduces bayesian network and puts forward a self-adaptive improvement to settle the static invariability of detection pattern. And the execution module imports the sign field compression and proposes the route compressing packet marking to solve the data redundancy of traceback.The proposed system in this paper organizes several active node to make a collaborative detection and an dynamic defense, which extends the defense perimeter and enhances the system flexibility. The DDoS prevention system based on the active network is an userful attempt and definitely has many pitfalls, but it comes into much broader application along with ever-maturing active networks. |
PDF Full Text Request