| The internet technology has been widely applied to many industries and domain. The internet was originally designed for scientific research. As a result, the internet which is open and interconnected faces serious security problems. The Denial of Service attack (DoS) and the Distributed denial of service (DDoS) attack is a grave threat to internet services and even to the network itself. This kind of internet abnormal incidents gives the entire society huge economic loss. Therefore, in order to safeguard the network security, either the detecting or the early finding of large scale DDoS attack & computer worm attack is extremely essential.Both the detecting and the defense of DDoS face different challenges originated from technology and society. Technological challenge originates from the complexity of DDoS which attacks itself, while social challenge is that it involves political, economical and social benefits to detect and defend DDoS attack.In the paper first router coarse-grained detect the client's data flow. Filtering out the unauthorized clients, and integrate the other servers'evaluation about the client, thus gained a more compete and accurate client reputation. In this paper, Boundary-router also be used to filter the forged source IP address on the border of AS. Then in the server Fine-Grained detect the client's data flow, identity the cunning attack and low-flow attack from the communication. Finally quantitatively calculate clients reputation, make use of the clients'reputation distinguish the legitimate clients from malicious clients. in accordance with clients'reputation to arrange their priority access request.At last, the experimental results show the CDDACR model can detect and defend the DDoS attack real-time. And reduce the probability of server be attacked when the network is on the abnormity. |
PDF Full Text Request