| DDoS is a simple and efficient attack of Internet, which has attracts many people to study it and the detecting and defending tecnologies. However, the attack methods and attack tools have been updated in the upgrade according to the detecting and defending research. Traditional DDoS attacks always happened in network-lay or transportation-lay, they usually employ the defect of IP/TCP protocol stacks, whereas, the new kind of attack appears recent years aim to attack application-lay, so we called it Application-Lay DDoS Attack. This kind of attack will cause more damage and is more difficult to detecting and defending.This paper firstly study the traditional DDoS attack, for example, SYN Flooding. We classify the attacks into three types, source-end, target-end and botnet detecting, because of the different location of the detecting system in network. Besides, we introduce many typical detecting and defending tecnologies.Application-Lay DDoS attack is the keystone of this paper. Similar to traditional DDoS attack, Application-Lay DDoS attack has two way to destroy the server, bandwidth-exhausting and host-exhausting, and the later is more popular. We analyse a general detecting and defending model of Application-Lay DDoS attack, which is named DOW. It classifies the application-lay attack into three types, session flooding, request flooding and asymmetrical attack, and it detect the current session according to the history sessions. The model also employ the encourage modle, which encourages the normal client to send more sessions.This paper propose a new method to detect and defend CC attack, which is a typical kind of Application-Lay Attack, which is make us of the entropy of request. Under normal situation, the entropy of request is steady and big because of the random accessing, but when the CC attack occurs, the entropy will decrease immediately, because there are many requests for the same resource. We employ redirect operation to identify the attack, and then block them. |
PDF Full Text Request