| With the development of Internet, IPv4 addresses resources will run out, IPv6 network began in popularity in recent years. Network security has always been the highlight of the Internet, IPv6 network will not be an exception. DDoS attacks can be expected to be IPv6 network is one major security issue, because DDoS attacks is to use TCP / IP protocol vulnerabilities to launch a simple but deadly attacks, IPv6 does not repair these vulnerabilities.In the IPv4 network environment, since 1999,after the first occurrence of DDoS attacks, people put a lot of effort to study how to defend DDoS attack, put forward many effective methods, these methods can provide us a good reference to study how to defend DDoS attacks in the IPv6 network environment. However, IPv6 has many new features, And some new features lead to IPv6 and IPv4 are not compatible. This makes DDoS attacks in the IPv6 network environment and in the IPv4 network environment have different characteristics, and there will be new requirements on how to defend DDoS attack in the IPv6 network environment. Therefore, this article study how to defense DDoS, the following are the major work done in this article:Discusses characteristics of some of the typical DDoS attacks and some of the typical DDoS attack tools. Analysis of some typical DDoS defense methods and point out their advantages and disadvantages. Research on IPv6 protocol framework and its security problems. These security problems can be summed up in two: Some means of attack in the IPv4 network environment is still valid in the IPv6 network environment and IPv6 new features leads to the threat of new attacks. In the threat of new attack in the IPv6 network environment, DDoS attacks on the most prominent. This article discusses several major new IPv6 features, According to these new features to analysis of new characteristics and development trends of DDoS attacks. Analysis of the original method of DDoS defense in IPv4 environment deficiency in IPv6 environment.Improvement based on statistical features of DDoS defense methods. The article according to the new IPv6 features and development trend of DDoS attacks in IPv6 environment to improvement based on statistical features of DDoS defense methods, makes its targeted DDoS attacks in IPv6 environment. This method is improved, it combines the rate filtering and the fingerprint filtering, has the advantages of both, overcome the shortcomings of their respective, makes the efficiency and the accuracy of ?the defense to achieve a balance. This improved method from two different perspectives on statistics and analysis and filter of packets. First, from the perspective of the package to distinguish between normal network packets flow and abnormal flow, reduce the processing of normal packets, achieve their goals of improve the efficiency of filtration. Second, from the perspective of the property rate of abnormal packets. Introduction of variance as the weights, achieve their goals of distinguish between normal burst traffic and DDoS attack.Last, analysis of the linux firewall framework NETFILTER, and on it to achieve the improved synthesis based on statistical characteristics of DDoS defense systems to test the validity of the method proposed by this article. the results show that this method is effective and feasible. |
PDF Full Text Request