Design And Implementation Of DDoS Attack And Defense System

With the increasing of Internet coverage and developing of application based on PC and mobile device,more and more people could benefit from the high speed data and convenient Internet service.People could shopping online,making payment for their bills on the mobile phone,reserving tickets on iPads and so on.But at the same time,Internet attack and virus infection become frequently.In recent decade,Internet security became more and more important in current Internet research situation.DDoS(Distributed Denial of Service)is one of the most common Internet attack,which is easily to build and widely to spread.Therefore the defense of DDoS becomes a hot research direction.Traditional DDoS attack focus on the Network layer and Transport layer.Since the development of defense method,people built lots of method to defense the attack on that two layers.But in recently,some Internet attacks distract to infect the Application layer,which becomes a new topic in the Internet defense technology research.Firewall is the core device of Internet security.To protect customer's device,the firewall could monitor all the message flowed through it.When the firewall finds illegal message,it would remove the source of illegal message and record that source in the black list.Therefore this paper introduces a firewall system which has the ability to defense DDoS attack.More detail of design and implement a DDoS defense firewall would be talked in this paper.Firstly,this paper introduces the state-of-the-art of DDoS attack,then the structure and protocol interaction of Application layer,Transport layer and Network layer will be explained.In this defense system,different defensing methods will be set up for corresponding messages and protocols.The defense of Application layer attack will be the most important part in this paper.Furthermore,this paper will talk about DDoS defense system implementation built on firewall,which is based on specific system requirement analysis and design.In the end,the basic function,performance and stability of this defense system will be manually and automatically tested.This defense system has real-time configuration function,which could realize real-time optimization of the configuration to apply correct action to defense attacks.The action includes checking authenticity of message source,removing illegal message and recordinginfected source to black list.Source certification is the core of this defense method,when the source certificating is turned on,the system will send the certified massage of structure to massage source.If the source could correctly response,then the source and its message will be confirmed as no threat.As soon as the source passes through the certification,it would be added to the authorized list,however,this list has renew cycle.If the source exceeds the authorized time period,the source should be certified again if the source wants to send message to the device again.The testing results show that this system is stable to defense DDoS attack.