Research On The Detection And Defense Of DdoS Based On Routing Collaboration

Due to easy implementation, difficult prevention and difficult following, Distributed Denial of Service (DDoS) attack becomes one of most difficult problems for network security and threats the network society. The current DDoS defense system has relatively high false positive rate, as a result, it affects legitimate users seriously. In order to decrease false positive rate of DDoS defense system and reduce the impact on legitimate users, we design a DDoS defense system based on routing-based collaboration. The thesis contains following work.First, this thesis describes the principle of DDoS attacks in details. Based on the principle of DDoS attacks, we classify DDoS attacks. Based on the classification of DDoS attacks, the thesis introduces three defense methods of DDoS attacks, including terminal-based defense, source-end defense and intermediate network-based defense. By comparing the three defense strategy, the thesis introduces our defense method—distributed denial of service detection and prevention based on routing-based collaboration.Based on intermediate network-based defense strategy, the thesis takes router as single defense node of P2P defense network. Then, every defense node, according to the measure of characteristic of attack traffic, computes confidence to evaluate which node is under attack. If the confidence exceeds certain threshold, the target may be under attack and then the node begins to take rate limit according to the determining traffic attribute. The node then spreads the tuple containing confidence to the neighbor nodes by directional gossip communication mechanism. The gossip communication mechanism can spread message fast among routers. In short time, every node can gain the global message of attack behaviour, and then the node can limit the traffic more accurate.Based on above theory and design, the thesis implements a specific defense system. We perform three tests in the defense system. In the first test, we perform test run for normal use, under attack without response, and under attack with distributed cooperative response. Through the test, we compare the rate of packets. In the second test, we test system performance with increased deployment. In the last test, we compare the additional overhead due to routing-based cooperative mechanism. Through above tests, our defense system with low false positive rate and low false negative rate, meets our requirement.