| DDos attacks have been a serious threat to the availability of Internet and its applications,the continuous growth of security threats benefit from a means of concealment,easy-implementation,the apparent attack effect and the difficulty of attack,etc.This behavior to make the web server with a large amount of information which need to response,and made the network bandwidth and system resources consumption,ultimately lead to system or network security is so overwhelmed that become paralyzed and stop provide normal network services.Yahoo! Amazon,CNN,ZDNet and eBay and other famous American Web sites have suffered massive denial of service attacks,although the attack only lasted for several hours,even without destroying the site content,nevertheless,the impact of attack caused the heavy losses on business,also deeply shocked the entire IT industry.In this context,the academia has sprung up the research and development over technology for denial of service attack detection.The main master thesis aim is to research on the existing distributed denial of service attacks in-depth and comprehensive,discovery its essence character,design and implement the detection model and correlated core algorithm of distributed denial of service attack,so that it can effectively integrate into the whole system of information security.The article first discusses the classification of attack methods,in view of the characteristics of attack classification method,the feature representation and analysis method based on set theory model and frame representation method are proposed.And then put forward a general detection model of distributed denial of service attack in the study of distributed denial of service of inspection technology;Clustering by packet transport layer connection address,and proposes a set of abnormal packet decision rules can be used for feature filtering and the corresponding implementation mechanism based on the IP Spoofing technique,the distribution intensity of the attack node is analyzed,and the single node attack strength is analyzed based on the abnormal state of the transport layer connection;and then,the attack detection of two core algorithm is proposed in this paper based on the results of the abnormal packets to determine:denial of service based on IP flow detection algorithm and denial of service based on the new IP and HOPCOUNT detection algorithm,with CUSUM algorithm without parameters,there are respectively from the attack network and intermediate network collaboration point of view for the implementation of effectively detection of denial of service attacks,compared with other algorithms in the detection latency?completeness?detection rate and false alarm rate analysis,the detection model has more obvious advantages. |
PDF Full Text Request