| With the development of Internet, the Internet security events occurs more and more frequently which takes a big threat on the Internet users' information security and confidence. Among all kinds of the internet attack events DoS (Denial of Service) and DDoS (Distributed Denial of Service) attacks have the more and more high occurrence frequency because of the following characters of the kind of attach tools: easily to be gained and operated, wide attack scope, good concealment, more and more intelligent etc., which give a big influence on the Internet and all kinds of service system's effective running.Traffic control means all kinds of network behavior to avoid congestion within a computer network in order to fulfill some specific target. In the network security protection system, the purpose of traffic control is to provide the good quality service with the high security via the effective usage of the network resources.The DoS protection and traffic control have a very close relationship since they are the important architecture components of each other. Firstly, the anti-DoS equipments provide the security for the network traffic control. Secondly, as the network security equipments, they are the neck points between outside and inside of the network and need provide different bandwidth for the different service, different sub-network and different equipments. It will definitely influence the network performance whether the security equipments have a good traffic control. In a word, it is very necessary and urgent to do some research on the traffic control in the anti-DoS system.Based on the above points, we realized the traffic control module in the anti-DoS system, which has the following components:(1)Traffic control based on the rules: it can process the data package having the obviously attack character based on the rules configured by network administrator or the default rules.(2)Traffic control based on the weighted dangerous value: it can work together with the DoS/DDoS detection and protection mechanism and weigh the dangerous value of the data package via the attack target positioning, fingerprint addressing, data mining etc. According to the weighed value, it can process the data package accordingly.(3)Traffic control based on the rate restriction: it can process the data package according to the flow threshold configured by the system administrator and the system history average rate value to adjust the data flow in the anti-DoS system dynamically.Additionally, the DoS/DDoS was research deeply in the article and the familiar traffic control technologies were introduced in detailed and one perfect anti-DoS system was designed according to the article requirements. |
PDF Full Text Request