DDoS Attack Detection And Trackback Research

The increasing popularity of web_based appliacation has led to several critical services being over the internet.This has made it imperative to guarantee network sercurity and availability of resources.Recent years,a lot of critical applications are threatened by network intrusions, such as the electrical network applications, the bank networks, and some of the most important web servers.Distribute Denial of Service,which depletes the network's resources and denies service to legitimate users,is one of the hardest security problems of the internet.Although there are a lot of researches on DDoS,it still seem to be no substantial improvement which can precisely and quickly detect the attack and traceback the attack source yet.Aimed to detecting the DDoS attack, this papar has done a lot of researches on the theory of network self-similarity and compared the performance of some common calculation methods of Hurst parameter with the comfirmed of strict self-similarity characteristic of LAN traffic. The quantitative influence on Hurst parameter caused by DDoS attack is studied through a lot of experiments. Based on the analysis of these simulated experiment data, a precise criterion of start and end to DDoS attack is put forward by analyzing the variance of Hurst parameter. Finally the effectiveness of this method in real project is analyzed and proved. Compared with the traditional anti-DDoS method, it doesn't need to inspect the content of the packet, so has more efficiency and can be used on the node with huge traffic.Aimed to traceback the attack source of DDoS attack, this papar analyzed the characteristic of DoS/DDoS attacks, we introduce the basic theory of fragment marking scheme,then this paper proposed a improved fragment marking scheme and verification improved fragment marking scheme.Compared with traditional ways,it means expanded hash fields,and also increases the veracity ,and simplifies the complexity of recombine .Simulation experiments validated that this two method can trace major DDoS attacks exactly, provided with well real-time,low processing overhead,small bandwidth and low deployed cost.