| Denial-of-Service (DoS) is one of the major network security threats, while network-DoS (N-DoS) incidents appear in different forms, a large portion of the cases target the vulnerabilities inside Internet protocols and the Internet infrastructure, except for those exploiting flaws in specific applications. The lack of security and reliability in the TCP/IP suite and the Internet infrastructure are the two major factors contributing to the lack of network resource availability - network DoS.This dissertation analyzes the features and vulnerabilities in the TCP/IP suite and Internet infrastructure, expatiates how to use these vulnerabilities for different N-DoS, and explores detection methods and defense strategies against N-DoS in Internet-protocol-based networks.First, network DoS is classified into several categories based on protocol types, N-DoS Symptoms, and senders' intent. Next, the reasons resulting in N-DoS are analyzed, and the N-DoS detection methods are researched. Finally, an HMM-based abnormal detection method of network DoS attacks is presented based on protocol types and N-DoS Symptoms. And based on this method and pattern match technique, a network DoS detection system is developed. So the detection system can detect not only the known but also the unknown network DoS attacks and the efficiency and flexibility of detection are improved.The main components of the system include event generators, event analyzers, response units and event databases. The paper describes the structure, design and construction of the system and tests and analyzes the performance of the system. The experiment shows that our system can effectively detect N-DoS. |
PDF Full Text Request