Exception Of Ddos Traffic Filtering System

Posted on:2009-06-28

Degree:Master

Type:Thesis

Country:China

Candidate:M F Zhou

Full Text:PDF

GTID:2208360245460846

Subject:Information security

Abstract/Summary:

PDF Full Text Request

As mankind enters the information age, the relationship between internet and people is closer. The internet brings a lot of convenience, but it also has brought many new problems. Internet security is highly valued by many countries. DDoS is a relatively simple, yet very powerful technique to attack Internet resources. It greatly affects the effective functioning of the network business. So, it is very important for us to develop the system to detect and defend the DDoS. The DoS protection and abnormal traffic filtering have a very close relationship, since they are the important architecture components of each other. The hardest thing in DDos protection is how to distinguish the illegal packets and legal packets when the attack is happening.Based on the above points, we realized the abnormal traffic filtering subsystem in the anti-DoS system. Using many filtering technology, it can filter the abnormal traffic effectively. It is composed of the following parts:(1) A filtering technolgy which is based on fingerprint extraction is made creatively. The packet's statistics information is defined as the fingerprint. The idea is that when there is something wrong with the network, the packet's statistics information will change. We can extract the normal fingerprint when the network is ok, or we'll extract the abnormal fingerprint. By comparing them, we find that the characteristics of abnormal traffic. Therefore, we can conduct a risk assessment for the packet, as the basis for the filtering.(2) Technology of attack locating. System will be trying to find the target which is attacked when the attack is happening. Once we have located successfully, the information about IP and traffic will be extracted. Abnormal traffic will be distinguished through the IP information and traffic information, so it can be filtered better.(3) Abnormal Traffic Filtering based on white list. System is based on IP white list, including the administrator white list and automatic learning white list. Administrator white list can be configured by administrator. Automatic learning white list will learn the IP itself when the network is ok. These white lists will be used to filter when attack is happening.Additionally, one perfect abnormal traffic filtering system based on network processor was designed according to the article requirements.

Keywords/Search Tags:

Distributed DoS, White list technology, Fingerprint Extraction, Attack Locating, Abnormal Traffic Filtering

PDF Full Text Request

Related items

1	Research On Network Attack Detection Technology Based On Abnormal Traffic Analysis
2	Bw-the Lvq Mail Filtering Model
3	Research And Implementation Of Anti-DDoS Attack System Based On Comware Platform
4	Research On DDoS Attack Detection Method Based On Network Traffic Abnormal In SDN
5	Research On Web Attack Traffic Extraction And Generation Technology Based On Symbol Execution
6	Automatic Fingerprint Verification System, Preprocessing And Feature Extraction Algorithms
7	Potimization And Implementation Of Abnormal Network Traffic Alarming System
8	Study Of White List-based Web Application Security Defense
9	Research On DPM Algorithm Based On Abnormal Traffic In IPv6 Network
10	A LDoS Attacks Detection Method Based On Abnormal TCP Data Traffic