Ddos Attacks Guard System

As the Internet becomes widely used in our daily life, especially in business area, the security problem will effect the future development of the Internet directly. Many network security technologies, such as firewalls, Intrusion Detection system, have been developed and adopted. And these systems are the chief targets to attack. DoS/DDoS attack has become a dangerous method not only because it has simple and rapid operation but also because attacker remains in concealment and its effects immediately gains.First, this paper analyzes and summarizes the familiar DoS/DDoS attack methods and their features. It can't meet the need of detecting DoS/DDoS attack by detecting (or searching) default character string (or port or password) in the attack tools. So the audit information about space should be added. Further more, the machine should remove its critical server when it undergos flood attack. At the same time the attack source should be traced by the attack character. According to these thoughts, the system of resisting DDoS attack is proposed. The system is composed of three parts:detection part,defense part,traceback part.Following are the main points of the paper:In the detecting part the audit information about space is added. Defending Alliance Protocol is proposed and the related design is studied. We give the implementation of the communication between center agent and local agent. The framework of the system in Linux operating system is proposed.In the defense part we gives a design model including hiding critical host and component and removing them undergoing attack. Security analysis is done.In the traceback part we introduce the method of recording the router address in the IP packet's Identification field. The victim host can make use of the recording information reconstruct attack path set and traceback attack source. The marking algorithms and reconstructing algorithms are studied.