| With the development of network application, the network is more and more important in human's life. However, the hacker attack events emerge one after another incessantly, the network security problem becomes the key problem gradually which the network service and its application further develops must solve. Distributed Denial of Service (DDoS) attack is one usual type of attacks in the network, which has caused huge economic loss in the recent years. Research on them has become a hotspot in network security fields. So, doing research on DDoS attack and its countermeasures is not only a challenge but also very important.By proposing some taxonomies, the attack mechanism of DDoS attacks is analyzed in detail and classification of DDoS attacks means are given. Then, the research and estimations of the counter measures in existence are made in detail, and the research pays more attention to the detection and response technology.Regarding remarkable characteristics of TCP FLOOD attack found in experiment, namely the increasing trend which is presented by the number of new IP flows passing the Router. Combining with probability theory in statistics, the Flow Connection Entropy (FCE) time series analysis is proposed. It uses non-parametric CUSUM algorithm to complete the detection task of DDoS attacks. At the same time, According to the reliability of packets, we make different priority queues, then implement different policies. We also describe our detection-response prototype. This model composed of some system modules deployed among the victim-network. Through the analysis of it, elaborated this model merit and the insufficiency, and proposed the next step of work.The experiment demonstrates this model can detect DDoS attack as early as possible with high detection accuracy. The Detection and defense scheme of DDoS proposed by this paper can be used for a reference to the related works. |
PDF Full Text Request