| The traditional DDoS detection and prevention models will deployed in the position betweennetwork links and the protected nodes, and the function in the model like the detection,statisticscal,computing and the filtering functions in the model are concentrated in the security sideof the device. These models do not use the computing capacity in the network nodes.By studying various methods of DDoS attacks, and various kinds of defence technologies. theabnormal packet filtering is selected after summarizing. For it can resist the unknown species ofDDoS attack and hybrid DDoS attack. By taking full account of the common types of DDoS attackprevention technologies,This paper researches the defense scheme based on NetFlowtechnology.However, for the equipment in backbone network computing is insufficient, can noteffectively connected to defense large-scale distributed attack. This paper proposes statisticalcapabilities in network nodes,analytical calculation in the additional calculation module, filtering infirewall to realize hierarchical multi threshold packet filtering mode.The calculation, statistics,filterfunction in DDOS model are isolated from concentrated.In threshold generate section, the prevention use single threshold or dual-hreshold to determineaggressive behavior, and the threshold generated after statistics by NetFlow, this paper realizesmulti-threshold according to filter results to designing recycling loop mechanism for feedbackcalculation to filtering threshold,thereby used to reduce the lag between the thresholds generationand the network flow changes, so as to improve the overall sensitivity of the defense model, and thefilter accuracy. Run-time experiments and simulations indicate that this hierarchical multi-thresholdDDoS detection prevention model owes high efficiency and precise filtration while faced to thenormal network services and unknown or mixed types of DDoS attacks. |
PDF Full Text Request