It reframes the traceback problem as a polynomial reconstruction problem , and uses techniques from algebraic coding theory to provide robust methods of transmission and restriction . the scheme is a new solution to the traceback problem during a dos attack ; the honeypot for ddos , which is a tool of traceback , lures the attacker to believe that he successfully compromised a slave for his needs , convincingly simulating the architecture of a potential ddos attack ; the source - based approach to ddos defense , which is a useful adjunt to traceback systems , deploys a ddos defense system at source - end networks . attacks are detected by monitoring two - way traffic flows , and the attacks originating from source networks are stopped by rate - limiting ; the routing mechanism based on pushback treats ddos attacks as a congestion - control problem 最后,就有关ddos攻击反向追踪问题,从四个方面对其解决方案进行了研究:在分析比较几种反向追踪算法的基础上,着重研究了代数方法编码反向追踪信息的方案,该方案把追踪重构问题当作多项式重构问题,使用代数编码理论技术提供鲁棒的传送和重构方法,是dos攻击过程中的反向追踪问题的一种新的解决方法; ddos陷阱作为反向追踪的工具,引诱攻击者相信自己成功与所需的傀儡主机通话,令人信服地模拟出潜在ddos攻击体系结构;基于源的ddos防御方法作为反向追踪有用的补充,将防御系统部署在源网络,通过监控双向流量检测攻击和限制速率终止来自源的攻击;基于向后倒推的防御ddos的路由机制把ddos攻击看作拥塞控制问题,添加功能到每个路由器来检测并优先丢弃可能属于攻击的包,通过向后倒推上级路由器也得到通知而把这样的包丢弃。
Then the taxonomies are integrated into a victim - based network attack description system under rdf model . associating with the deeply research of dos attack and protection technology , completer " protect - detect - response " countermeasures are proposed ; furthermore better expansibility , descriptive power and application of the description system are shown 再结合对典型攻击? ? dos攻击与防范技术的深入研究,不仅提出了一套比较完整的“预防?检测?响应”对策,更展现了描述体系优异的扩展性、描述性和应用性。
Then , the paper present a protocol misusage ids in application layer based on markov chain , and obtain the following results after test : the system can have good effection on detecting the probe packet , dos attack and novelty attack . the system can overcome part of disadvantages in traditional intrusion detection system , and adapt requirements with different network . the experiment shows that the system can improve the detection accuracy rate , reduce the false negatives probability 通过对检测系统的测试分析,系统对扫描探测报文、 dos攻击报文和新的攻击报文等有较好的检测率。基于马尔可夫链建立的网络异常检测系统可以克服传统入侵检测系统的部分缺陷,能够适应不同网络环境的要求,同时也有效提高了系统的检测能力和检测效率,降低了误报率。
We further developed an adaptive packet marking scheme based on one of our router numbering schemes . the maiking scheme is better than others in that there is leys workload , fewer false positives and fewer packets are required in path reconstruction . the last also reduces the time delay before responding to dos attacks 我们在此基础上提出了一个基于路由器编码的自适应包标记方案,该方案无论在路径追踪的运算量上、在追踪的误报率上,还是在追踪所需的数据包的数量上(这与在攻击中进行追踪所需的时间紧密相关,从而直接影响到对攻击响应的快慢)等多个方面都比同类的方法优越。
Secondly , this dissertation describes the technical detail of pppoe , ppp and the ability of resisting the attack of denial of service . thirdly , this dissertation presents some methods to resolve these problems . lastly , the implementation of pppoe server with the ability of resisting dos attack is proposed in this dissertation 为此,本文主要研究了以下几个方面的内容:首先简要介绍了bras ,接着在分析pppoe协议和ppp协议原理的基础上,讨论了pppoe协议中抵抗拒绝服务攻击的能力,然后针对这些主要的拒绝服务攻击手段提出了一些解决方案根据这些分析,最后把这些解决方案加入到最终实现的pppoe服务器中。
Firstly it uses data mining and statistic algorithms to detect dos attacks , and then determines the feature of attack flows , lastly uses various defense methods to weaken or eliminate the effect of attacks . the system ensures that when the network or victim systems are being attacked , they can continue to serve legitimate users 它利用数据挖掘和统计算法等检测技术检测dos攻击,确定攻击流量的特征,并采取多种防御措施来削弱和消除攻击流量对网络和系统的影响,确保在攻击发生的情况下,仍能为合法用户提供服务。
