| Denial of Service (DoS) is a breach of availability of network service. It makes victim hosts or networks could not receive and handle request from outside, or response to the request from outside in time, therefore, the victim hosts or networks can not apply services in gear to legality users, and come into Denial of Service. Distributed Denial of Service (DDoS) makes use of sufficient machines which are cipher in algorism to produce a great number of data packets in order to attack one or more victims, exhaust the victims'resources, make the victims lost the ability of providing network services up to stuff. DDoS has already been one of the most serious threaten to network security nowadays, it is the challenge to the reliability of network. It makes the attack more imperceptibleness to use rebound attack and the technique which fake the source IP address.Considering today's network status, every corner of the world is able to be attacked by DDoS, however, as long as we can detect this kind of attack and response as soon as possible, the expense could be reduced to lest degree. So, the researches on DDoS attack detection get attention all the time. We have comprehensively studied DDoS attack detection. There are three contributions in the paper:(1) Combined with the latest researches on DDoS attack detection methods, we carry on system analysis and research to the technique, and compare different methods with each other.The results are useful and can be put into the future DDoS attack detection researches.(2) Based on Bloom Filter to pick up the abstract of packets, and then make use of the abstract to detect abnormity. The method can avoid the false alarm of normal congestion. In precondition of this work, an efficient light-weight method based on change point compute technology for defending against DDoS attacks at the source-end and another method based on Hurst parameter technology for defending against DDoS attacks at the source-end is designed. In experiment environment DARPA data is replayed and the results show that the purposed methods obtain the more accurate detection result with less computation than other similar methods. These methods can find out the DDoS intrusion against the large scale network, which does not arouse the sharp changes of the network traffic.(3) Based on Entropy technology, the third method for defending against DDoS attacks is designed in this paper. The entropy method based on a sliding window was used to compute the randomness of destination IP address of network packets in time. Then, VTP technology was used to detect abnormity. This method can detect the existence of DDoS attacks on line. According to experiments, the method in this paper fits the large scale network and can apply to the wider scale. |
PDF Full Text Request