微信服务号

微信订阅号

2025-6-5- 17
Home > Archive>Volume 18, Issue 9, 2007 >2245-2258
PDF HTML XML Export Cite reminder
DDOS Attack Detecting and Defending Model
Author:
Affiliation:

  • Article
    • | |
  • Metrics
    • |
  • Reference [27]
    • |
  • Related [20]
    • |
  • Cited by [12]
    • | |
  • Comments
    Abstract:

    This paper presents the APA-ANTI-DDoS(aggregate-based protocol analysis anti-DDoS)model to detect and defend the DDoS attack.APA-ANTI-DDoS model contains the abnormal traffic aggregate module,the protocol analysis module and the traffic processing module.The abnormal traffic aggregate module classifies the network traffic into normal traffic and the abnormal traffic;the protocol analysis module analyzes the potential features of DDoS attack traffic in the abnormal traffic;the traffic processing module filters the abnormal traffic according to the current features of DDoS attack,and resumes the non-attack traffic with the help of testing the congestion control feature of the traffic.The paper then implements the APA-ANTI-DDoS system.The experimental results show that APA-ANTI-DDoS model can primely detect and defend DDoS attack and resume the non-attack traffic at the time of miscarriage of justice to guarantee the legal communication traffic.

    Reference
    [1]Meyer L,Penzhorn WT.Denial of service and distributed denial of service-today and tomorrow.In:Proc.of the IEEE 7th AFRICON Conf.Vol.2,2004.959-964.
    [2]Chen Y,Hwang K,Kwok YW.Filtering of shrew DDoS attacks in frequency domain.In:Proc.of the IEEE Conf.on Local Computer Networks,30th Anniversary.2005.786-793.
    [3]Wang HN,Zhang DL,Shin KG.Detecting SYN flooding attacks.In:Proc.of the 21st Annual Joint Conf.of the IEEE Computer and Communications Societies.Vol.3,2002.1530-1539.
    [4]Xiao B,Chen W,He YX,Sha EHM.An active detecting method against SYN flooding attack.In:Proc.of the 11th IEEE Int'l Conf.on Parallel and Distributed Systems.Vol.1,2005.709-715.
    [5]Park KH,Lee HJ.On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack.In:Proc.of the 20th Annual Joint Conf.of the IEEE Computer and Communications Societies.Vol.1,2001.338-347.
    [6]Savage S,Wetherall D,Karlin AR,Anderson T.Practical network support for IP traceback.ACM SIGCOMM Computer Communication Review,2000,30(4):295-306.
    [7]Snoeren AC,Partridge C,Sancheq LA,Jones CE,Tchakountio F,Kent ST,Strayer WT.Hash-Based IP traceback.ACM SIGCOMM Computer Communication Review,2001,31(4):3-14.
    [8]Li J,Manikopoulos C.Early statistical anomaly intrusion detection of DOS attacks using MIB traffic parameters.In:Proc.of the IEEE Systems,Man and Cybernetics Society,Information Assurance Workshop.2003.53-59.
    [9]Kim YW,Lau WC,Chuah MC,Chao HJ.Packetscore:Statistical-Based overload control against distributed denial-of-service attacks.In:Proc.of the 23rd Annual Joint Conf.of the IEEE Computer and Communications Societies.Vol.4,2004.2594-2604.
    [10]Chan EYK,Chan HW,Chan KM,Chan VPS,Chanson ST,Cheung MMH,Chong CF,Chow KP,Hui AKT,Hui LCK,Lam LCK,Lau WC,Pun KKH,Tsang AYF,Tsang WW,Tso SCW,Yeung DY,Yu KY.IDR:An intrusion detection router for defending against distributed denial-of-service (DDoS) attacks.In:Proc.of the 7th Int'l Symp.on Parallel Architectures,Algorithms and Networks.IEEE,2004.581-586.
    [11]Jin C,Wang HN,Shin KG.Hop-Count filtering:An effective defense against spoofed DDoS traffic.In:Proc.of the 10th ACM Conf.on Computer and Communications Security.2003.30-41.
    [12]Sun ZX,Tang YW,Zhang W,Gong J,Wang RC.A router anomaly traffic filter algorithm based on character aggregation.Journal of Software,2006,17(2):295-304 (in Chinese with English abstract).http://www.jos.org.cn/1000-9825/17/295.htm
    [13]Sun ZX,Tang YW,Cheng Y.Router anomaly traffic detection based on modified-CUSUM algorithms.Journal of Software,2005,16(12):2117-2123 (in Chinese with English abstract).http://www.jos.org.cn/1000-9825/16/2117.htm
    [14]Ferguson P.Request for network ingress filtering.RFC 2827,2000.http://rfc.net/rfc2827.html
    [15]Mirkovic J,Reiher P.D-WARD:A source-end defense against flooding denial-of-service attacks.IEEE Trans.on Dependable and Secure Computing,2005,2(3):216-232.
    [16]Siaterlis C,Maglaris V.Detecting incoming and outgoing DDoS attacks at the edge using a single set of network characteristics.In:Proc.of the 10th IEEE Symp.on Computers and Communications.2005.469-475.
    [17]Bloom B.Space/Time trade-offs in hash coding with allowable errors.Communications of the ACM,1970,13(7):422-426.
    [18]Gremillion LL.Designing a bloom filter for differential file access.Communications of the ACM,1982,25(9):600-604.
    [19]Mullin JK.A second look at bloom filters.Communications of the ACM,1983,26(8):570-571.
    [20]Fan L,Cao P,Almeida J,Broder AZ.Summary cache:A scalable wide-area web cache sharing protocol.IEEE/ACM Trans.on Networking,2000,8(3):281-293.
    [21]Chang RKC.Defending against flooding-based distributed denial-of-service attacks:A tutorial.IEEE Communications Magazine,2002,40(10):42-51.
    [22]Claffy K,Polyzos G,Braum H.Application of sampling methodologies to network traffic characterization.Computer Communication Review,1993,23(4):194-203.
    [23]Cheng G,Gong J,Ding W.Distributed sampling measurement model in a high speed network based on statistical analysis.Chinese Journal of Computers,2003,26(10):1266-1273 (in Chinese with English abstract).
    [24]Drobisz J,Christensen KJ.Adaptive sampling methods to determine network traffic statistics including the Hurst parameter.In:Proc.Of the 23rd Annual Conf.On Local Computer Networks.1998.238-247.
    [12]孙知信,唐益慰,张伟,宫婧,王汝传.基于特征聚类的路由器异常流量过滤算法.软件学报,2006,17(2):295-304.http://www.jos.org.cn/1000-9825/17/295.htm
    [13]孙知信,唐益慰,程媛.基于改进CUSUM算法的路由器异常流量检测.软件学报,2005,16(12):2117-2123.http://www.jos.org.cn/ 1000-9825/16/2117.htm
    [23]程光,龚俭,丁伟.基于统计分析的高速网络分布式抽样测量模型.计算机学报,2003,26(10):1266-1273.
    Comments
    Comments
    分享到微博
    Submit
Get Citation

孙知信,姜举良,焦琳. DDOS攻击检测和防御模型.软件学报,2007,18(9):2245-2258

Copy
Share
Article Metrics
  • Abstract:5233
  • PDF: 7169
  • HTML: 0
  • Cited by: 0
History
  • Received:December 30,2005
  • Revised:June 01,2006
Links:Institute of Software, CASChina Computer FederationCASNSFC
You are the first2051453Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063