| Defending distributed denial of service attacks(DDoS) has become one of the most difficult issues in network security,because of the existence of a large number of insecure network equipment,the popularity of DDoS attack tools,the variety and rapid development of DDoS attacks.As a result,it is particularly necessary to research on defense models against DDoS attacks.Firstly,this thesis analyzed a variety of detection algorithms after introducing the current researches against DDoS attacks at home and abroad,and figured out that most of the defense approaches either found the attacks late or detected illegal flows with low accuracy even excessive resource consumption.How to balance the detection accuracy and the response timeliness is still a problem.So the concept of roaming honeypots was introduced.Secondly,a two-phase model using roaming honeypots to prevent DDoS attacks was proposed.The model can accurately identified the early characteristics of DDoS attacks in the first phase,then a set of effective detection characteristics were automatically chosen,using rank sum test,to compute distances from barycenter,which was able to differentiate between legal and illegal flows,and prepare for roaming the legitimate flows timely.Thirdly,a new kind of roaming honeypots based on Bayesian Nash equilibrium was proposed,which used the behavior characteristics of DDoS attacker as its focus.The experimental results show that the new roaming honeypots could not only roam with selecting the best roaming time and location of the hosts according to the changes of DDoS attack's behaviors,but also forecast the attacker optimal strategy in the next time. This honeypots fundamentally improved the response timeliness of the existing roaming honeypots in protecting the hosts from DDoS attacks, and effectively expanded the defense scope to the point that the attacks will occur.Finally,the results of this research were summarized at the end of the chapter,including pointing out the further work in this field. |
PDF Full Text Request