| 抵御模仿人类行为DDoS的软件防火墙 |
| |
| 引用本文: | 袁志. 抵御模仿人类行为DDoS的软件防火墙[J]. 计算机系统应用, 2015, 24(4): 148-152 |
| |
| 作者姓名: | 袁志 |
| |
| 作者单位: | 广州大学 华软软件学院,广州,510990 |
| |
| 摘 要: | 模仿人类行为的 HTTP 洪水是一种分布式拒绝服务攻击。提出一种抵御方法,它包括三个关键点:使用会话号标示请求者身份,通过分析单位时间的请求消息序列发现傀儡主机,通过丢弃或修改傀儡主机的请求消息中断其攻击。基于该方法实现了一种软件防火墙,它包括统计模块和转发模块,统计模块用于发现傀儡主机,转发模块用于丢弃或修改傀儡主机的请求消息。防火墙部署在网站服务器上,管理员根据网站特征设置运行参数,能以较小的代价使服务器从HTTP洪水中脱困。
|
| 关 键 词: | 网站安全 HTTP洪水 分布式拒绝访问攻击 用户识别 防火墙 |
| 收稿时间: | 2014-07-29 |
| 修稿时间: | 2014-09-22 |
Software Firewall Against DDoS Mimicking Human Behavior |
| |
| YUAN Zhi. Software Firewall Against DDoS Mimicking Human Behavior[J]. Computer Systems& Applications, 2015, 24(4): 148-152 |
| |
| Authors: | YUAN Zhi |
| |
| Affiliation: | South China Institute of Software Engineering, Guangzhou University, Guangzhou 510990, China |
| |
| Abstract: | HTTP floods mimicking the human behavior is a kind of distributed denial of service attack. This paper presents a resist method, it includes three key points, uses session ID to identify users, discovers the puppet computer by analyzing the request sequence in unit time, interrupts the attacks by discarding or modifying the request message. A software firewall is implemented based on this method, it includes a statistics module and a forwarding module. The statistics module is used to discover the puppet computers. The forwarding module is used to discard or modify the request messages of puppet computers. The firewall is deployed on a web server, the administrator sets the running arguments according to the site characteristics, help rescuing the server from HTTP floods at a low cost. |
| |
| Keywords: | Website security HTTP Floods distributed denial of service user identification fire wall |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机系统应用》浏览原始摘要信息 |
|
点击此处可从《计算机系统应用》下载全文 |
|
