| With the advent of the information age,Internet technology has flourished,bringing great convenience to people's daily lives,but it also hides many network security risks.In recent years,malicious network attacks have occurred frequently,bringing incalculable losses to both countries and individuals.Among various network security problems,DDOS(Distributed Denial of Service)attacks are particularly harmful,and it is one of the network security threats that cannot be ignored in the modern Internet environment.At the same time,with the rise of the Internet of Things in recent years,smart devices are widely generated in the Internet environment.Since many smart devices use SSDP(Simple Service Discovery Protocol),the application of SSDP is more and more widely,which leads to SSDP's DDOS attack has evolved into a major source of application-layer DDOS attacks.Compared with the traditional DDOS attack,this type of DDOS attack has lower cost,higher magnification and more difficult tracking,which makes the DDOS attack more and more harmful to the Internet environment.Therefore,research on SSDP-based DDOS attack defense issues has become particularly important.This paper first studies DDOS attacks,summarizes the common methods of DDOS attacks,the development process,and illustrates the harm caused by DDOS attacks in recent years,and analyzes the current research status of DDOS attacks.At the same time,the research and analysis of SSDP are carried out,including the research on the UPnP network system in which SSDP is located,the working process of SSDP,and the composition of messages at each stage.Next,the reason why the standard SSDP is easily exploited by the DDOS attack is analyzed,and the reflection amplification caused by the defects in the protocol design level is gradually unfolded.Firstly,the attack process of SSDP-based DDOS attack is studied,and then the attack model is abstracted.Combined with the reflection magnification and the abstract attack model calculated in the actual DDOS attack,the reflection magnification is disassembled and analyzed separately.According to the analysis,the ratio of the timeout retransmission mechanism implicit in SSDP and the number of bytes of data packets in the request/response process is the source of its reflection amplification factor.Then,the existing security protocol schemes against DDOS attacks are discussed.By analyzing their principles,the degree of DDOS attacks,communication overhead and computational overhead can be defended,and their advantages and disadvantages are analyzed and compared.Next,for the protocol characteristics of the standard SSDP,two improvements are proposed.First,the specific content of the message and the response message will be re-requested with a timeout.Through the above two improvements,the reflection magnification of the SSDP can be eliminated.Next,the improved SSDP is coded to verify its usability in the actual Internet environment,and the same intensity DDOS attack is initiated on the machine using the standard SSDP and the machine with the improved SSDP,and the reflection magnification is compared.Finally,the stochastic model based on the Semi-Markov process is used to analyze the security of the improved protocol.The performance analysis is compared with the existing security protocols,and the security and efficiency of the improved scheme are demonstrated. |
PDF Full Text Request