Research On Application Layer DDOS Attack Detection Technology Aimed To HTTP And DNS

Posted on:2020-03-23

Degree:Master

Type:Thesis

Country:China

Candidate:D W Zhang

Full Text:PDF

GTID:2428330572469907

Subject:Electronics and Communications Engineering

Abstract/Summary:

PDF Full Text Request

With the rapid development and widespread application of network information technology,the types of web application services have become more complex and diverse It also brought about tremendous changes in cyberattacks.Cyber attacks began to move toward low thresholds,high destructive power,and high concealment,and gradually launched attacks on high-level network protocols.Among all application layer attacks,DDOS attacks are undoubtedly the most harmful.Compared with the network layer DDOS,the application layer DDOS attack has the characteristics of low traffic,strong concealment and difficult detection.How to effectively defend against DDOS attacks against application layer protocols has become an urgent problem to maintain network orderFirst of all,this paper introduces the research background of application layer DDOS attack,and then analyzes the two most important protocols of the application layer-HTTP protocol and DNS protocol DDOS attack,and proposes detection methodsSecondly,for the two DDOS attacks of HTTP protocol,this paper proposes a detection scheme based on similarity coefficient,analyzes the difference of source IP address,data packet and other attribute entropy values when different attacks occur,and obtains similar values by jaccard similarity coefficient.And compare,to achieve high-accuracy detection and differentiation of the DDOS attack on the HTTP protocolThirdly,for the DNS amplification attack of DNS protocol,this paper proposes a detection scheme based on K-means++algorithm,which analyzes the data by analyzing the difference between the entropy value of the attribute such as the request rate and the information gain rate and the normal traffic.Calculation and threshold analysis,and using the HOP-count hop count method to filter illegal traffic packets,effectively and accurately detect and identify DNS amplification attacks and filter attack traffic.Compared with the experimental results,the detection rate is higher and the error rate is smallerFinally,the paper summarizes the work of this paper and looks forward to further work.

Keywords/Search Tags:

DDOS attack Detection, HTTP-Flood, slow connection attack, DNS amplification attack

PDF Full Text Request

Related items

1	Design And Implementation Of A Web Server Defense System Against Slow HTTP Connection Attacks
2	The Research On Detection And Traceback Technology Against Web Application Layers DDoS Attack
3	Research And Implementation Of Network Intrusion Detection And Protection Technology Based On HTTP-Flood Attack
4	Research On DDoS Attack And Prevention Technology
5	Research On Analysis And Detection Of Low Rate Denial Of Service Attack Based On HTTP Protocol
6	A Source-End Defense Method Against DDoS Attacks
7	Research On Entropy-based Detection And Defense Methods Against DDoS Amplification Attack In SDN
8	Distributed Denial Of Service Attack Defense Research And Implementation
9	Firewall Filtering DDoS Attack Detection Technology Research
10	The Research On Common WEB Attack Methods And Security Countermeasures