| The basic properties of network security are confidentiality, integrity, legality and availability. The attackers are those people who try their best to destory these properties. The aim of distributed denial of service attacks (DDoS) is to destroy the network's availability. Web service is one of the most important busineses in internet area, and it can be used to obtain or release information by those people who surf the internet. So web security is a hot topic nowadays. As the key protocol of the web applications, the HTTP (Hyper Text Transfer Protocol) is used to implement the DDoS attacks, and the attacks become difficult to detect and defense.In this paper a method for detecting DDoS which based on HTTP protocol (HTTP-Flood) attacks is present, and this method can eliminate or reduce the impact of HTTP-Flood.Firstly, we make a summary of the current detection and defense algorithms, and some defects are present. Secondly, the HTTP protocol is introduced briefly, and the principles and forms of HTTP-Flood attack are analyzed, and the source code of the CC (Challenge Collapsar) tool is analyzed detailedly. Thirdly, the ratio of the inflow and outflow is introduced into the methods which can detecte HTTP-Flood attack based on web access characteristics. The experimental environment is set up and some simulations are done, the results proved that this method can detect high consumption HTTP-Flood attack. And two optimization methods are given. Fourthly, a defense technology which can be called HTTP Cookie is described, and its usage is optimized. Finally, a system for detecting and defensing HTTP-Flood attack based on a linux transparent bridge is designed and implemented, and the function and performance of this system are tested. |
PDF Full Text Request