A Lightweight Permit Agreement For Stopping Malicious Packets

Today, the rapid development of the Internet in the computer network security has become a major threat to the development of the Internet security issues. A variety of defense mechanisms and attacks have emerged. Which proliferation of malicious data streams in the network is one of the key issues of today’s Internet security.Malicious data stream usually from unauthorized access and intrusion, denial of service attacks, port scan or other attacks, a large number of data streams phenomenon, it is constituted by a large number of packets contain malicious data; major attack to deny service attack or a distributed denial of service attacks. Such attacks in the network to generate a lot of unnecessary data stream, resulting in network congestion, the computer equipment failure, etc., and its Internet hazards evident. This malicious data streams attacks-denial of service attacks or distributed denial of service attacks, malicious data to propose a solution, which to some extent reduce or even prevent malicious data streams in the network the flood.This article first briefly DoS (Denial of Service) attacks and DDoS (Distributed Denial of service) definition, principles and ways of working, and analysis of security mechanisms today to respond to such attacks and their limitations, and through the analysis of the current security policy, research and inspired the design of the protocol. The agreement for the existing key exchange protocols in the protection the communications identity information and defense of DDoS attacks, this paper proposes a new key exchange protocol based on secondary certification of a trusted third party. More detailed definition of the trusted key exchange protocol to achieve security target protocol message formats and message specific content and exchange on a trusted key exchange protocol feasibility and safety of argument.The design basis of the agreement is to ensure the openness of the Internet at the same time, improve the security of Internet information transmission based on the idea of the agreement early in the design IP packet structure-based authentication that uses a more simple and effective. Therefore, this paper, based on the IP protocol, a simple packet structure, design a safety certification mode. This authentication mode in the IP packet insertion of a protocol certification package, named LPA package, the packet contains a certification license information. The mechanism by the target host awarded each application source packet access licenses and to receive validation licensed to determine the packet’s source of reliability, and thus reduce the possibility of malicious data streams generated from the source, and to some extent to reduce or prevent a malicious packet flooding in the network. Design advantage in that the design based on the IP protocol to make it more easy to expand and in the network; It supports established between the domain and the domain corresponding defense mechanism, the host or network ofattack, which can be determined within a shorter time, for processing; largely reduce theintrusion detection system (IDS) need to filter packets, so that the intrusion detection system(IDS) can focus on response to the load under serious threat.