Study On The Distributed Denial Of Service Detection And Prevention Technology

With the development of the information technology, information is becoming the more and more important resource in the process of making decision and information security gets more and more attention. Distributed denial of service is an attack damaging the information usage that threatens the security of information on the Internet. Because of the built-in defect of TCP/IP protocol design and sharing of attack tools, it is no necessary for one who wants to launch a DDoS attack to master profound technology, but it is very difficult to detect and prevent DDoS attack in technology, which makes the DDoS one of the most dominating threaten in the Internet.The DDoS detection and prevention technology are deeply studied in the paper. First, the paper expounds the detection algorithm with the computing model based on covariance matrix and Chebyshev inequality and introduces new statistical indicators, strength coefficient, sequence move and optimization in the model, which makes the algorithm not only show the existence of DDoS attack , but also express the attack level. Because covariance can express the quantity relationship between two random variables, so the protocol type DDoS attack uses can be analyzed by the combination of random variables. Second, in the reflection DDoS attack prevention, Bloom Filter algorithm is introduced and a new packets classification algorithm is designed to reduce computing complexity according to the characteristic of TCP/IP protocol. In source address spoof prevention, the paper improves the TTL Credit algorithm, and designs a new IP address aggregation algorithm. TTL Credit algorithm has high discrimination at the cost of simple computing. Finally, Self-adaptive Deficit Round Robin(SADRR) scheduling algorithm utilized by this paper takes the schedule policy to prevent the application player DDoS attack. The algorithm can suppress or differentiate attack packets from real IP address with the purpose of protecting the "good" packets to get the opportunity to be scheduled and guarantee their quality of service.