| Denial of service attacks(DoS) has become one of the most common methods ofcyber-attacks, especially the latent period, the more hidden and more destructiveattack of Distributed Denial of Service(DDoS) have brought serious security threatsand will bring a serous loss to the internet.In this paper, the basic principles of DDoS attacks, the basic characteristics of theattack and DDoS analytical methods were introduced systematically. The advantagesand disadvantages of the current DDoS attack detection methods and defensemechanisms have been compared and summarized after the relative materialincluding home and abroad having been analyzed. It was found that DDoS attackswill make network traffic change dramatically, and it will cause the statisticalcharacteristics exception of the input and output of the router terminal port. Itsstatistical characteristics and traffic self-similarity have been obviously changed; in anetwork denial of service attacks, header contents have some similarcharacteristics,through packet cluster analysis, legitimate traffic and attack traffic canbe analyzed and filtered. An improved algorithm based on traditionalCUSUM(cumulative) algorithm(MCS) was proposed after the correlation of thenetwork abnormal flow characteristics having been analyzed. The algorithm adopts amatrix and multi-statistic MCS (multiple cumulative statistics) algorithm to detect theattack of terminal flow and to analyze the abnormal flow characteristics by clusteranalysis. It also finishes the defense of DDoS attacks by extending the Bloom Filteralgorithm to filter the abnormal flow.In order test the effectiveness of the algorithm, an experiment combined with anactual simulation testing environment has been taken. During the simulation testingprocess, several common DDoS attacks had been simulated, and the algorithm is alsocompared with the traditional filtering algorithms based on packet ratio imbalance.The results demonstrate that the algorithm is of correctness, reliability and efficiency. |
PDF Full Text Request