Research On DDoS Attack Defense System Based On FlowCleaning Strategy

With the rapiddevelopment and wide application of Internet technology,networks are non-substitutable in our social life.However,the security problem of the networks is also increasingly serious,all kinds of attacks emerge in endlessly,which not only causes more and more economic losses,but also has effects on the social stability.The network security problems seriously restrict the development of network applications,which gains more and more attentions.The DDo S attack is one of the greatest threat of the current network,which is easy toachieve,difficult to prevent and at the same time the attack effect is obvious,that is,the network performance and service quality will be reduced by a large margin,even the networks collapse.In current network threats,about 80% of the attacks come from DDo S attacks,therefore it is the most urgent requirement to have a research on the defense of DDo S attacks,which has an important application value.In view of the above situation,we have done the following research work.Firstly,the basic principle and method of DDo S attacks are analyzed and the classification of DDo S attack modes and several typical attack methods are summarized.Secondly,a set of DDo S attack defense system based on flow cleaning strategy is designed for the real application system.The main feature of the system is that the protection strategy has a dynamic adjustment mechanism,which can enable the targeted cleaning technology based on the identified different types of attacks,and improve the protection ability of the whole system to the maximum extent.Finally,a simulation experiment platform of the proposed attack defense system based on practical scenarios is built to verify the above design scheme.In the platform more typical attack types of the DDo S attack was implemented,such as SYN Flood,UDP Flood,ICM Flood,HTTP GET and hybrid attacks,and a white list strategy is also implemented.At the same time,the experiments and analysisesof the function module correctness test and the typical attack sub-item test are performed on the platform.Experimental results show that the DDo S attack defense system designed in this paper has a good DDo S defense effect.