| Nowadays, Distributed Denial of Service (DDoS) attack has become one of the most serious threats faced by the Internet. It brings inestimable loss to Internet business.Because of its distributed characteristic, DDoS has more resources of attack on Internet than traditional Denial of Service (DoS) and causes more damage. Besides, it is more difficult to take precautions. DDoS attack analysis and defence has become one of the central issues in the field of network security.The thesis systmatically expounds the theory of DoS and DDoS. Typical tools of DDoS are researched and relevant methods of defending the DDoS attack are suggested. The thesis proposed Cumulative Entropy Detection (CED) algorithm and Time-Based Entropy Detection (TBED) algorithm. Meanwhile, verified the algorithms'effectivity by analyzing the testing results. In the end, designed a firewall based on the ameliorated detecting algorithm.The thesis is organized as follows. The first part is introductions of the backgroud and present situation of DDoS. The second part is the related technology, the theory of DDoS attack and defending. The third part is researching on the the entropy detecting algorithm.In this part, an ameliorated algorithm has been proposed and can be verified by testing result. The fourth part introduces Linux firewall and than designing, realizing and testing the DDoS defending system. The last part is the summarization and prospect on this field. |
PDF Full Text Request