DDOS攻击检测和防御模型

提出了基于聚集和协议分析防御分布式拒绝服务攻击(aggregate-based protocol analysis anti-DDoS,简称APA-ANTI-DdoS)模型来检测和防御DDoS攻击.APA-ANTI-DDoS模型包括异常流量聚集、协议分析和流量处理.异常流量聚积把网络流量分为正常流量和异常流量;协议分析寻找异常流量中DDoS攻击流量的特征;流量处理则根据当前的DDoS攻击流量特征,过滤异常流量并测试当前聚积流量的拥塞控制特性,恢复被误判的流量.随后实现了APA-ANTI-DDoS系统.实验结果表明,APA-ANTI-DDoS模型能很好地识别和防御DDoS攻击,能在误判时恢复非攻击流量,保证合法的正常网络通信.

DDOS Attack Detecting and Defending Model

This paper presents the APA-ANTI-DDoS(aggregate-based protocol analysis anti-DDoS)model to detect and defend the DDoS attack.APA-ANTI-DDoS model contains the abnormal traffic aggregate module,the protocol analysis module and the traffic processing module.The abnormal traffic aggregate module classifies the network traffic into normal traffic and the abnormal traffic;the protocol analysis module analyzes the potential features of DDoS attack traffic in the abnormal traffic;the traffic processing module filters the abnormal traffic according to the current features of DDoS attack,and resumes the non-attack traffic with the help of testing the congestion control feature of the traffic.The paper then implements the APA-ANTI-DDoS system.The experimental results show that APA-ANTI-DDoS model can primely detect and defend DDoS attack and resume the non-attack traffic at the time of miscarriage of justice to guarantee the legal communication traffic.