The Research Of DDoS Attack And Detection Technology

Denial of Service(DoS)is a breach of availability of network service.It makes victim hosts or networks could not receive and handle request from outside,or response to the request from outside in time,therefore,the victim hosts or networks can not apply services in gear to legality users,and come into Denial of Service.Distributed Denial of Service(DDoS)makes use of sufficient machines which are cipher in algorism to produce a great number of data packets in order to attack one or more victims,exhaust the victims’resources,make the victims lost the ability of providing network services up to stuff.DDoS has already been one of the most serious threaten to network security nowadays,it is the challenge to the reliability of network.It makes the attack more imperceptibleness to use rebound attack and the technique which fake the source IP address.Recently there has been a LDDoS (Low Distrubuted DoS) Low speed distributed Denial of Service attacks. Because the traffic of the attack is small, it is hard to find through the traditional test methods.Considering today’s network status,every corner of the world is able to be attacked by DDoS,however,as long as we can detect this kind of attack and response as soon aspossible,the expense could be reduced to lest degree. So,the researches on DDoS attack detection get attention all the time.We have comprehensively studied DDoS attack and DDoS attack detection.There are three contributions in the paper:1) Combined with the latest researches on DDo attack detection methods,we carry on system analysis and research to the technique,analyse and compare different methods with each other.The results are useful and can be put into the future DDoS attack detection researches;2) Because the most DDoS attacks forge the source IP address.The assumption based on the research that a source IP address which sends two or more packets is called as the packages of this IP address sends are normal data packages. The research puts forward that the source IP address information of the packages in the queue of router buffer are mapped by Bloom Filter technology, and statistics the number of the normal data packet in the queue of router buffer when the queue of router overflows, determines whether there has been LDDoS attack accding to process of decreasing the number of the normal packets;3) The fact shows that the density of the data flow will significantly change when DDoS attack occurs.The research of algorithm shows that the density of the data flow is statisticed in the the source of attacks every a certain time,and then to detect the change point of the the time of data flow desity to detect the presence of DDoS attacks.