| With the development of computer science, communication technologies and the Internet industry, network has more and more influence on modern life. However,there are a variety of network security problems that cannot be ignored. DOS(Denial of Service) and DDOS(Distributed Denial of Service) are hugely damaging and difficult to defend in vast ways of network attack. Under the basis of current slow-developing network prevention technology, it is still hard to tackle and track DOS.This paper try to go into more detail to DOS and DDOS, exploring a host-hopping communication strategy which apply to sub-domain network. This strategy can efficiently resist the DOS attack, so that the security of network communication between multiple domains can be guaranteed. Here, the network is managed in the manner of multiple subdomain. The sub-domain network is consist of a number of hosts with different IP address, it serve as a whole to communicate other sub-domains. During the communication process, the management center of sub-domain network is responsible to select hosts according to an agreed-upon protocol. A communication process require several hosts to finish, so that the dynamic IP address communication can prevent DOS.Compared with current resisting DOS methods, the processed strategy has following advantages. 1) Time synchronization is not needed. Pre-attaching between a pair of hosts is triggered by negotiated hopping interval, then the next hop host is selected after another hopping interval. The communication transfer is not affected by time synchronization. 2) Better security is guaranteed. As we all know that the security depends on the confidentiality of the host-hopping protocol and the secrecy of the hosts' address table. In this strategy, the IP address of two sides of communication is dynamically changing all the time. The session key is used to encrypt information transmitted when the host-hopping protocol is negotiating, so as to ensure the confidentiality of protocol and hosts' address table. Information transportation among sub-domain is executed within the network, in this way internal communication can resist Do S. 3) The network segment attack can be prevented efficiently. The reason is that the addresses of hosts which belong to the same domain are different and even not belong to one network segment. 4). It is easy to achieve. The central server that is an internal server acts as a negotiation center, it is only responsible to coordinate hosts within its domain without communicating with external network. The insecurity is lowered down significantly, so the security of total process is simplified into the communication security between domains.In this paper, the design of system architecture is introduced. The proposed strategy is applied to practical module configuration, which can attack Do S effeciently. |
PDF Full Text Request