MDCI:一个分布式检测DDoS攻击的方法

鉴于DDoS攻击分布式、汇聚性的特点，实现分布在大规模网络环境中的多个IDS系统间合作检测有助于在攻击流形成规模前合成攻击全貌并适当反应．MDCI系统首次提出了环形合作模式，即构建一个环重要网络信息资源的IDS系统合作组，通过组内节点同信息共享和警报关联分析，迅速判定DDoS攻击、MDCI系统中，采用报头内容分析和反向散射分析相结合的方法对本地捕获的数据报进行分析并采用统一标准格式对可疑特征进行报警；采用数据流分类概率评估的方法实现合作结点间警报信息的关联分析，从而合成攻击的全貌．通过实验可以看到，该系统有效地提高了针对DDoS攻击的预警速度．

MDCI: a Distributed Approach to DDoS Attacks Detection and Response

Considering the distributed, aggregation nature of Distributed Denial of Service (DDoS) attacks, the data sharing and the cooperative detection among IDS systems distributed in a large scale network is critical important to piece together attack scenario before it aggregated into overwhelming flooding. The cooperative circle model is firstly proposed in MDCI system that means to set up a cooperative defense circle of IDS systems surrounding valuable network assets. With the information exchanging and alerts correlating among sites in the circle, the DDoS attacks can be identified more quickly and accurately. In MDCI system, the packet header contents analysis and backscatter analysis technologies are adopted to identify the attack signature with the information captured locally. The alerts in uniformed format are shared among the cooperative cites and the category probability evaluation method is used to form the overall attack scenarios. Through some experiments, we can conclude that the MDCI system improves detection performance effectively.