| Since the birth of IPv4network,Denial of Service attackhas always been one ofthe important issues of the network security threat.With the continuous developmentof IPv6technology and the gradual popularization of IPv6network, the DoS attackalso appear in IPv6network, and began to affect the normal operation of the IPv6network.This paper first analyses the existing IPv6network security problems and theresearch status of IPv6network security problem, and then introduced the IPv6features and IPv6address forms.Through analyzing the multi-addresses property ofNative IPv6and IPv6Tunnel hosts, this paper puts forward the concept of virtualhost.Subsequently, this paper points out that the attacker can make use of themulti-addresses property of IPv6hosts, and combined with the tunnel to get a lot oflegal IPv6addresses make as virtual hosts. And then perform amplificationDoSattacks on the target device. Compared with IPv4network, this method of usingvirtual host to implement DoS attack can effectively magnified the number of attackhost, and through the cooperation ofeach virtual host, to reduce or even escapefromthe effect of traditional detection and prevention strategy based on IP.Therefore,for the attacker, this attack method can effectively enlarge the number ofattack nodeor greatly reduced the number of the actual attack node.To the end, this paper presents a defense framework based on addressesclassification(DFAC). The basic principle of the DFAC framework is: classifyingand aggregating contain the same features of the source IP address, to build featuresubset which containsmany different links, and then to detect and defense this kindof DoS attack on the basis of feature subset, so as to solve the amplification attackproblem which caused by the use of virtual host. On the study of the DFAC decisionmodule, this paper proposes a based on the similarity of attack methods under thefeature subset level, then introduces the attacks decision algorithm based on featuresubset and the running processes of decision module.Finally, the paper designs and implements a prototype system which can detectHTTP Get Flood attack, and set up a special simulation experiment environmentaccording to the experiment request.Experimental results show that the defenseframework based on addresses classification(DFAC) which proposed by this topic, can effectively reduce the system operation process of computation and memoryusage, and improve the response ability of the system to the amplification DoS attackbased on virtual host. |
PDF Full Text Request