| At present the Internet safety faces one of the most serious threats: DoS (Denial of Service), which is of easy implementation, serious damage and difficult defense. However, DDoS (Distributed Denial of Service) does more harm for the Internet and it has become a question which the Internet safety urgently awaits to be solved.This paper has made deep studies on DDoS tools, the attacking principles and attacking methods. Then it discusses the defending technology and the location of network attacking source. Because of some shortcomings in the original system this paper proposes the traffic authentication system based on the autonomous region. The way in which the autonomous region works as a unit greatly reduces the security costs. What's more, the paper introduces the secondary authentication mechanism, which adjusts the size of the authentication by the heuristic safety strength coefficient so that the system can support a serious of different authentication collocation to suit diverse safety requirements.Finally, this paper comes up with DDoS prevention system which integrates detection, response and prevention. Working with the deployment unit of autonomous region, this system is of high feasibility and takes the partial deployment in the Internet into account. By this way it can defend the attack of uncontrolled Internet outside the system. There are edge router, access router and defense router in the system. It can defend effectively the current various flooding-style attacks by the collocation among the three nodes and autonomous region. By comparising the other prevention systems, it has a better defensive effect on account of considering the attack from the uncontrollable Internet. |
PDF Full Text Request