| With the significant development of the Internet technologies and the application of networks, Network Security is becoming more and more important. Denial of Service (DoS) Attack is one of the greatest difficulties in the network security area, because it is easy to operate, hard to protect, and difficult to trace. TCP/IP is the most popular protocol model in the Internet application. However, at the beginning of the design of TCP, there is no consideration of security. TCP/IP's broad utilization and its connatural defects lead to plenty of TCP-Based DDoS attacks, which have dramatically damaged the availability of Internet. Thus, research on TCP-Based DDoS attacks is of great importance. This thesis is mainly devoted to the intensive study on TCP-Based Flooding attacks and coming up with an effective protection proposal, with the emphasis on the design of the detection algorithm.Firstly, this thesis analyzes in detail TCP-Based DDoS attacks and the superiorities and deficiencies of the present approaches for the attacks detection, in particular TCP Three-way Handshake, SYN Flooding, ACK Flooding, Connection Flooding, SYNcookie, SYNcache, SYNProxy and other statistical-based detecting algorithms.Then, inspired by the Covariance Analysis Model for DDoS Attack Detection, we propose a detection model which is based on the changes of TCP flags' correlation. Through detecting the changes of every two flags' correlation, we can not only find whether a flooding attack occurs, but also identify which kind of flooding attack is taking place. Subsequently, according to the identify result we take effective actions to control corresponding attacks.Finally, we demonstrated the performance of the Detection Model through several experiments under laboratory conditions. Experimentation results indicate that the Detection Model is effective in detecting the TCP-Based Flooding DDoS Attacks and distinguishing the attack type. This is helpful in informing the victim to start an applicable response. |
PDF Full Text Request