AN APPROACH OF DEFENDING AGAINST DDOS ATTACK  被引量：1

作　　者：Wu Zhijun Duan Haixin Li Xing 

机构地区：[1]Network Research Center, Tsinghua University, Beijing 100084, China [2]Tianjin Key Lab for Advanced Signal Processing, Civil Aviation University of China, Tianjin 300300, China

出　　处：《Journal of Electronics(China)》2006年第1期148-153,共6页电子科学学刊（英文版）

基　　金：Supported by the National High Technology Research and Development Program of China (863 Program)(No.2003AA142080, 2005AA775060)the National Natural Sicence Foundation of China(No.60203004)National Basic Research Program of China (973Program) (No.2003CB314805)the National Outstanding Youth Foundation (No.60325102)

摘　　要：An approach of defending against Distributed Denial of Service (DDoS) attack based on flow model and flow detection is presented. The proposed approach can protect targets from DDoS attacking, and allow targets to provide good service to legitimate traffic under DDoS attacking, with fast reaction. This approach adopts the technique of dynamic comb filter, yields a low level of false positives of less than 1.5%, drops similar percentage of good traffic, about 1%, and passes neglectable percentage of attack bandwidth to the victim, less than 1.5%. The prototype of commercial product, D-fighter, is developed by implementing this proposed approach on Intel network processor platform IXP1200.An approach of defending against Distributed Denial of Service （DDoS） attack based on flow model and flow detection is presented. The proposed approach can protect targets from DDoS attacking, and allow targets to provide good service to legitimate traffic under DDoS attacking, with fast reaction. This approach adopts the technique of dynamic comb filter, yields a low level of false positives of less than 1.5%, drops similar percentage of good traffic, about 1%, and passes neglectable percentage of attack bandwidth to the victim, less than 1.5%. The prototype of commercial product, D-fighter, is developed by implementing this proposed approach on Intel network processor platform IXP1200.

关 键 词：Distributed Denial of Service （DDoS） DEFENDING Flow model Flow detection IXP1200 Dfighter 

分 类 号：TN91[电子电信—通信与信息系统]