基于源目的IP地址对数据库的防范DDos攻击策略

提出了一种基于源目的IP地址对数据库的防范分布式拒绝服务攻击(distributed denial of service attacks,简称DDos)攻击策略.该策略建立正常流量的源目的IP地址对数据库(source and destination IP address database,简称SDIAD),使用扩展的三维Bloom Filter表存储SDIAD,并采用改进的滑动窗口无参数CUSUM(cumulative sum)算法对新的源目的IP地址对进行累积分析,以快速准确地检测出DDos攻击.对于SDIAD的更新,采用延迟更新策略,以确保SDIAD的及时性、准确性和鲁棒性.实验表明,该防范DDos攻击策略主要应用于边缘路由器,无论是靠近攻击源端还是靠近受害者端,都能够有效地检测出DDos攻击,并且有很好的检测准确率.

Defending DDos Attacks Based on the Source and Destination IP Address Database

This paper proposes a scheme to defend distributed denial of service attacks (DDos) based on the source and destination IP address database. The scheme establishes the source and destination IP address database (SDIAD) by observing the normal traffic and storages SDIAD in a three dimension Bloom Filter table. Then this paper cumulates and analyses the new pair of source and destination IP address based on the slide non-parametric cumulative sum (CUSUM) algorithm to detect the DDos attacks quickly and accurately. The secheme updates SDIAD by using a delayed update policy to keep SDIAD timely,accurate and robust. This secheme is mainly applied in the edge router and it can detect the DDos attacks efficiently either the edge router or the last-mile router is the first-mile router. The simulation results display that the secheme do a good performance in detecting DDos attacks.