Research On Detection And Defense Against DDoS Attack In Xen

With rapid development of Internet, Cloud Computing plays a more important role in computer application. It denotes the intensification, large-scale and specialization of IT, and it's in a deep revolution. As a crucial part of Cloud Computing, the cloud platform security is the base of data security in Cloud Computing. Xen, which is an Open Source object, has a position which is not ignored and is the platform of subject by most attack which would bring greate lost. DDoS is one of the most harmful attacks, which is developed based on DoS. DDoS attacks easily and is hard defended and has a lot of attack forms. In this thesis, Flooding Attack is focused on, includes sending a mass o f packet, for example, requesting of connection in TCP, or making the victim machine receive a lot of response packets by IP spoofing.Based on the structure of Xen and related works, the thesis focuses on the problem that in Xen DDoS attacker uses bots to send vast data packets or uses IP spoofing to make some VM in Xen receive abundant packets in a short time. The problem makes the queue in NIC driver keep full, which result in preventing normal VMs in Xen from corresponding with outer space. To solve the problem, the thesis puts forward a solution in which there is a cache queue, and employs data packet control and polling transmission rule on it. Namely set up a cache and some methods in it between DomU and the netback driver in DomO, which can relieve the effect DDoS has on the cloud platform. What's more, the thesis uses the vif which corresponds with netfront as a object and focuses on the characteristic of DDoS to study some detection techniques against DDoS which is based on traffic statistics.Then the thesis puts forward the improved method and corresponding method of closing port of attacker.Related experiments on Xen were designed, and the effect of the proposed cache-based defense method was verified by simulating DDoS attacks. The results show that the proposed method has good performance on the effect of network efficiency and defending DoS/DDoS attacks.