【作者】 赵继俊；

【导师】 胡志刚；

【作者基本信息】 中南大学 ， 计算机应用技术， 2007， 硕士

【摘要】 网络在人类社会生活中的应用越来越广泛，但是由于黑客攻击事件层出不穷，网络安全问题逐渐成为网络服务和应用进一步发展所需解决的关键问题。分布式拒绝服务(DDoS)攻击是近年来网络上流行的、导致巨大经济损失的攻击之一，并成为目前网络安全界研究的热点。因此，研究拒绝服务攻击及其对策是极为重要的。本文详细剖析了分布式拒绝服务攻击的攻击原理；并对现有的攻击手段做了全面深入的研究、分类；对现有的防护措施分三个阶段进行了全面研究和评价，并将攻击的检测、响应技术作为了研究重点。本文针对在实验中发现的TCP FLOOD攻击的显著特征，即攻击发生时通过路由器的新IP数据流呈现急剧增加，结合统计学理论提出了基于流连接信息熵时间序列分析的检测算法。重点介绍了流连接的相关性概念、用信息熵来衡量数据包的多样性、利用非参数累计和算法进行攻击检测的概念与方法。同时，依据数据包的可靠性将到达的数据包划分为不同的优先级队列，对其实施区分服务的响应策略。此外，本文提出了防御DDoS攻击的检测响应模型，介绍了模型部分组件的功能，阐述了该模型的优点和不足，并提出下一步的工作。实验结果表明，本文提出的检测方法能够以较高的精确度及时地检测出DDoS攻击行为。本文提出的防御模型对分布式拒绝服务攻击的检测、响应相关研究具有一定的借鉴意义。更多还原

【Abstract】 With the development of network application, the network is more and more important in human’s life. However, the hacker attack events emerge one after another incessantly, the network security problem becomes the key problem gradually which the network service and its application further develops must solve. Distributed Denial of Service (DDoS) attack is one usual type of attacks in the network, which has caused huge economic loss in the recent years. Research on them has become a hotspot in network security fields. So, doing research on DDoS attack and its countermeasures is not only a challenge but also very important.By proposing some taxonomies, the attack mechanism of DDoS attacks is analyzed in detail and classification of DDoS attacks means are given. Then, the research and estimations of the counter measures in existence are made in detail, and the research pays more attention to the detection and response technology.Regarding remarkable characteristics of TCP FLOOD attack found in experiment, namely the increasing trend which is presented by the number of new IP flows passing the Router. Combining with probability theory in statistics, the Flow Connection Entropy (FCE) time series analysis is proposed. It uses non-parametric CUSUM algorithm to complete the detection task of DDoS attacks. At the same time, According to the reliability of packets, we make different priority queues, then implement different policies. We also describe our detection-response prototype. This model composed of some system modules deployed among the victim-network. Through the analysis of it, elaborated this model merit and the insufficiency, and proposed the next step of work.The experiment demonstrates this model can detect DDoS attack as early as possible with high detection accuracy. The Detection and defense scheme of DDoS proposed by this paper can be used for a reference to the related works.更多还原