Design And Implementation Of DDoS Defense System Based On Flow Cleaning

With the rapid development of computer technology and the increasing popularity of internet applications, network becomes the main way to get information and communication. As network security is becoming more and more important, all kinds of computer viruses and malicious network attacks come into being. In recent years, the denial of service attack (DoS) has become one of the most serious threats to the network. And distributed denial of service attack (DDoS) is the expansion of the dangers of DoS. DDoS attacks has become one of the major threat, because of the great attacking flow, the difficulty of filtering attacking sources from a large number of clients and identifying true IP addresses with false ones, and the more subtle features owing to the indirect attack identity.The paper analyses the attack principles and characteristics of the DDoS and then comes up with a DDoS defense system based on flow cleaning technology. In consideration of the common DDoS defense methods, we propose the concept of flow cleaning technology. The system detects mirroring traffic of the protected network and it will draw the traffic to the cleaning platform when the attacks occur, then the traffic will be cleaned and the normal ones will be re-injected into the protected network. Therefore,the network is protected from DDoS attacks and the defensive performance is enhanced.Compared to the traditional defense methods like firewall,the system has great advantages such as the defensive accuracy and real-time.Based on this system,we design the architecture model and elaborate the design and implementation of the user management, IP address management and policy statistic modules. Finally,a corresponding software program is developed according to the system.The test result and relating analysis of the system performance is provided. We show that the defense system in this work meets the design requirements; it can be applied on current high-end storage devices of a communications company and has wide prospect in application.