The Study Of The DRDoS Defense Technique On Base Of Flow Lead And The History Filtering

The Distirbuted Reflection Denial of Service Attack is a new style of DoS attack method.The aggressors send out the SYN conjunction claim which has the drive aggressor IP address through a great deal of legal server to wrap,these servers send out a great deal of legal ACK inquiry wraps to drive aggressor.Because of the high performance and data of the server wrap of legitimacy,drive aggressor can not resist a big discharge data to wrap,and the fire wall or the defense technique also would give these legal datas wrap to let go, the bandwidth of the driver aggressor is consuming,so the aggressor attain the purpose of the attack at last. This dissertation put forward the DDoS defense technique study on the base of Flow lead and the History Filtering, this system has a big discharge data of holdout to wrap the function that the attack filters the attack data to wrap and precision in the meantime.Main work is as follows:1. Through the thorough analysis of the DRDoS attack technique, the conclusion is that the aggressor consume the bandwidth of target machine,so it is important to reposit and handle the attack discharge;In the meantime because the DRDoS uses legal ACK inquiry the data pack of the legal server to carry on an attack,logarithms according to wrap of discriminate,filter as well count for much.2. Through the technique exchanges of green alliance science and technology in Peking company,the amount of convection led this technique to carry on a detailed research.Discharge's lead is a kind of technique which can separate the normal discharge and attack discharge,from the anti- DoS equipments come specialized resist DoS attack,assurance normal the discharge passes to wrap by resisting a big discharge data an attack smoothly.3. In the discharge lead the model adoption Hash the rare function set up the sou-ce address database and carry on a data to wrap percolation,design according to this way of thinking a kind of carry out calculate way,make the separation technique more accurate and perfect.At last,through build an experiment the analysis of the platform and experiment result,prove this system has obvious result and accuracy more than the traditional way to defend against DRDoS attack.