摘要
DDoS(Distributed Denial of Service)攻击防护是目前的重要热点问题之一。我们提出了一套高效率的DDoS攻击防护方法,采用了一种基于元数据大数据分析的检测系统识别DDoS攻击包,总结经验数据而形成流量控制规则,通过分流器或者是内联设备(inline device,指内网防火墙APS,ADS或者负载均衡设备)采用了ACL(访问控制列表)进行了速率限制、流量清洗或丢包处理。我们的方法还实现了万兆流量线速处理,并且通过了运行商在网测试。总结了国内常见的主要的DDoS攻击,特别是应用型的DDoS攻击的流量特征。
Defenses approach against DDoS(Distributed Denial of Service) attacks is currently an important hot issues. We propose a new efficient defenses approach which adopts a detection system based on metadata analysis to identify the packages of DDoS attacks. The flow control rules are formed based on the summarized experience data. ACL (Access Control List) is applied through inline devices (firewalls and load balancers) or divider to limit rate, clean flow or drop package, lOGbps bandwidth HTTP requests, which contain malicious DDoS attacks packages, can be detected and cleaned completely in line-rate speed. We especially summarize th traffic characteristics of main domestic DDoS attacks.
出处
《系统仿真学报》
CAS
CSCD
北大核心
2017年第11期2898-2902,共5页
Journal of System Simulation
基金
江苏省重点建设实验室数字媒体艺术创意与应用实验室资金项目
江苏高校品牌专业建设工程资助项目