| With the development of network technologies, the Distributed Denial of Service (DDoS) intrusion has been growing the importance security hidden trouble. The DDoS intrusion is developed from the Denial of Service (DoS) intrusion, but the damage of the DDoS is more serious than that of the DoS. The DDoS intrusion is a behavior using normal data packages to attack the network, so it is hard to detect by traditional approaches.The theme aiming at the DDoS attacking brings forward an intrusion detecting system modal based on the network. Through Libpcap data package capture function data captures network data packages. System adopts the means of mode matching to filtrate data packages. The data packages of more danger to the system, attacking character distinctness and structure simpleness are filtrated to alleviate the burden of the system. Aiming at the fragment attacking the theme brings forword the fragment recombined checking algorithm-FRD to avoid system breakdown by reason of fragment recombined error. Among the threshold value detecting period, the theme brings forword maximum average and standard difference modal to find suspicious data flux. During the analyzing the data packages of the suspicious data flux, the theme aiming at the character of the DDoS brings forward an algorithm to detect the DDoS intrusion. During the system response phase, the theme uses the Quality of Service (QoS) controlling mechanism to restrict attacking flux and avoid the appearance of the Denial of Service as possible as can.Through experiments, the system has been proved that it is effectual to detect and withstand the DDoS intrusion. Therefore, the study result has the practical significance to build security system for the enterprise and the Intrusion Detecting System. |
PDF Full Text Request