Design And Implementation Of A Multichannel Hopping Communication Scheme For Mitigating DDoS Attacks

We are now living in an information age, in which every aspect of human society is linked closely with the Internet. Along with the rapid development of Internet, the situation of network and information security is becoming increasingly rigorous, especially Distributed Denial of service(DDo S) attacks have extremely proliferated in recent years, causing severe service disruptions. Due to the large number of distributed attack sources, the most common solution that passively detects and blocks attacks has an undesirable blocking effect and is not real time. In recent years, because a new category of cyber defense called moving target defense(MTD) has been brought out, the so called end hopping(EH) technique which is motivated by frequency hopping is thought to be essential and efficient for mitigating DDo S attacks.End hopping technique prevents an attacker from acquiring a static target to launch an effective DDo S attack by randomly hopping end information such as port number and IP address. Existing EH schemes are mainly port/IP hopping schemes, barely nothing has been done for researching on the more secure protocol hopping scheme, so these schemes has too single network protocols and small hopping space. The purpose of this thesis is to designing and implementing an end hopping system by introducing protocol hopping technology that is more effective in defending DDo S attacks than port hopping schemes.First, this thesis researches on protocol hopping technology which has the highest technical difficulty and fewest achievement among EH schemes, and finds out that the definition of end information is defective, by which protocol hopping can’t completely described. After fixing the definition, this work figures out the congruence of goal for EH technique and covert channel technique in steganography field, then propose a new EH scheme named channel hopping(CH) by combining EH technique and covert channel technique. CH technique is an end hopping technique that both protocol and protocol subtype is hopping. CH technique is compatible with traditional port hoping technique, meanwhile, has protocol hopping ability and undetected communication channels. Finally, this thesis presents a multichannel hopping communication scheme by including redundancy communication technology in CH technique, and the software implementation of this scheme is universal and platform independent. Experiments demonstrate that this scheme has flexibility, large hopping space, concealment and effective Do S prevention ability.