正态分布与分布式拒绝服务攻击的主动预防

随着信息技术的发展和应用的普及,网络安全问题已经成为人们关注的焦点问题。目前分布式拒绝服务(DDoS,Distributed Denial of Service)攻击已经成为影响Internet正常运行的一个比较严重的问题,并影响合法用户获得正常的服务。文中首先阐述了DDoS形成的原理,然后分析了预防DDoS攻击的措施和机制。随后借助于SSFNet(Scalable Simula-tion Framework Net)仿真软件构建相应的网络环境,模拟了一种分布式拒绝服务攻击。针对在实验中发现的攻击特征,即攻击发生时通过路由器的新IP数量呈现正态分布的变化趋势,结合统计学中正态分布的概率理论知识,提出了一种通过正态分布模型结合网络中新IP数量变化趋势应对分布式拒绝服务攻击的主动防御方案。然后利用实验中采集的数据,对所提出的应对分布式拒绝服务攻击的防御方案进行了验证。

Normal Distribution and Active Denial-of-Service Defense Mechanisms

As the development and prevalence of information technology,network security is currently a hot issue in the Internet.The DDoS is becoming a serious problem to affect the running of the Internet by preventing legitimate users of a service from using the desired resource.The theory of DDoS is introduced at first in this paper.Then discuss the countermeasures and mechanism of DDoS.Relying on SSFNet simulation software,sets up corresponding network environment,and simulates a DDoS attack.Whereafter,regarding remarkable characteristics of the attack found in the experiment,namely the normal distribution trend which is presented by the number of new IP addresses passing the router,and combining with normal distribution probability theory in statistics,it comes up with an active defense scheme against DDoS attack.Subsequently,by taking advantage of collected data and integrating with abnormity detecting method raised from the scheme,it tests the validity of DDoS defense scheme.