Distributed Denial Of Service Attacks Defense Mechanism Based On Secure Routing Alliance

Distributed denial of service(DDoS)attacks have become one of the key issues affecting cloud security.According to the sources of security threat of cloud computing platform,a secure routing alliance is built to filter and traceback the DDoS attacks,design data forwarding mechanism,early warning mechanism and fault nodes replacement mechanism.Data forwarding mechanism is based on the secure overlay services strategy,combined with the structure characteristics of the ubiquitous routing platform,making the secure overlay services have a hierarchical physical structure.According to the distance of the router nodes in the physical network,it is grouped from two aspects: time and space,making the whole network a Chord ring which is made up of multiple Chord type node groups.It avoids the Chord algorithm to ignore the forwarding process of the physical path many times.In order to make the Chord algorithm more suitable for the hierarchical physical topology,only the first three steps of the Chord algorithm query are taken,the Chord ring is divided into three areas: access area,middle area and core area.Early warning mechanism deploys Attack Flow Recognition Module(AFRM)in the routers,using flow entropy to recognize attack flow.In addition,a traceback method based on MPLS is used.Traceback the DDoS attacks by establishing traceback marks on the routers and reconstructing the attacks paths.Fault nodes replacement mechanism uses the virtual machine technology to convert the nodes in the network into a large number of virtual nodes,and serve as the backup nodes of the nodes in the secure routing alliance,replace the attacked nodes in time so that the impact of the attacks on the secure routing alliance is minimized.The simulation results show that the data forwarding mechanism can ensure that the secure routing alliance has a high data transmission rate when there are many attack nodes,ensuring data security.Early warning mechanisms can effectively recognize DDoS attack flow under low attack strength.The DDoS attacks can be traceback quickly and accuratelyunder low overhead,compared to other methods,the tracback accuracy can be improved by20%.Fault nodes replacement mechanism can replace the attacked nodes before the DDoS attacks affect the secure routing alliance,avoiding the SOS method in which the fault nodes simply exit the secure overlay network,causing its performance to gradually decline.