| As the rapid development of the Internet, the more dependent on it, the more attention would be paid to network security. Unfortunately, because of the deficiency in the network (especially the TCP/IP protocol), various attack techniques increase dramatically, among which Denial of Service(DoS) Attacks become the common network attack techniques by the characteristics that extensive attack range, strong concealment, simpleness and efficiency, etc. They have greatly influenced the effective service of network and host systems. While Distributed Denial of Service (DDoS) Attacks are threatening network security, since it is difficult to recognize and defense due to their concealment and distribution.A key challenge for defense the attack is how to discriminate legitimate traffic from malicious traffic accurately. From this point of view, the main works are as follows:(1) After the method of DoS attacks is summarized systemically, DDoS attacks principles are analyzed, the development history of DDoS attacks tools is introduced, and the primary characteristic of three tools is compared. Then, On the basis of means of classification for DDoS attacks are introduced simply, a scheme of classification is proposed.(2) The thesis overviews the research of defense against DDoS attacks from four broad categories: attack prevention, attack detection, attack source identification and attack reaction. At the basis of classify, we discuss the advantages and disadvantages of each mechanism and point out that the current mechanisms still resist deficiencies.(3) In order to face the changing attacks, strengthen on reaction mechanism has more reality and feasibility. A defense model based on TCP_IP Header Analysis and Proactive Tests (THAPT) is proposed. These attacks were differentiated into Connection oriented and Connectionless oriented, thus we treat them differently using different means. Analyzing the TCP_IP Header against the well defined rules is designed to defend the Connectionless oriented attack, such as UDP flood attack. While the proactive test based differentiation technique was proposed to handle Connection oriented attack solely because TCP protocol has the built-in congestion control and reliable transmission mechanism that we can use to test every TCP flow to distinguish whether it is a malicious flow.(4) Simulation experiments of three typical DDoS attack using the OPNET software were set up. Preliminary simulation results have validated our design. |
