摘要:随着信息时代相关技术的快速发展,电脑、手机的遍及,当今世界早已步入信息智能化时代,但随之产生的网络安全危机越来越明显,且越来越难以检测和防御。
本文论述针对Web服务器发起的应用层DDOS攻击,着重通过对这种攻击的行为轨迹进行研究和分析,从而得出检测其攻击特征的方法,并总结出相应的控制防御措施,来减少对web服务器的威胁。
本文最先对网络层和传输层的DDOS攻击的原理进行简要分析,了解它们的攻击过程,通过分析得到:TCP/IP协议的设计漏洞是传统DDOS攻击成功的主要原因。网络安全研究人员已经对其进行了深入的研究,并得出了相应的防御措施。如针对僵尸攻击的引流治理、针对地址伪造攻击的UnicastRPF的缓解地址伪造技术、针对攻击反射点的RRL模块技术来缓解DDOS放大攻击等防御技术。
综合上述对传统DDOS攻击的控制防御策略,本文将着重研究应用层DDOS攻击,与上述两种DDOS攻击进行比较,得出它们的相似处与不同处,从而分析出传统的基于网络层和传输层的DDOS攻击的检测与控制防御方法很多难以套用于基于应用层的DDOS攻击的原因,并举例常见的应用层洪水攻击和慢速攻击。如DNSQUERY洪水攻击、CC攻击和慢速POST请求攻击等,通过分析这些攻击的特征,利用用户访问网页的特征行为的信任机制,对应用层DDOS攻击进行检测与控制防御。
在本文中,模拟实验是对搭建服务器发起CC攻击,得出实验数据,而后加入编写的检测和控制防御策略来验证策略的有效性。
关键词:DDOS;应用层;CC攻击;用户行为
Abstract:With related technologies rapidly developing in the information time, computers and mobile phones have spread, and the world has already entered the era of information intelligence. However, the network security crisis is becoming increasingly obvious, and it is more and more difficult to detect and defend.
This paper discusses the application layer DDOS attack initiated by Web server. The core studies and analyzes the behavior trajectory of this attack, and then obtains the method of detecting the attack characteristics and develops the corresponding control defense measures to reduce the impact on the web server Threaten.
In this paper, we first analyze the principle of DDOS attacks on the network layer and the transport layer, and understand their attack process. Through the analysis, the design loopholes of TCP / IP protocol are the main reasons for the success of traditional DDOS attacks. Network security researchers have conducted in-depth research, and come to the corresponding defensive measures. Such as the governance of zombie attacks, the relieving address forgery technology for Unicast RPF for address forgery attacks, the RRL module technology for attack reflection points to mitigate the defense techniques such as DDOS amplification attacks.
Based on the above-mentioned control strategy of traditional DDOS attacks, this paper will focus on the application of DDOS attacks, and compare with the two DDOS attacks to get their similarities and differences, so as to analyze the traditional network layer and transport layer DDOS attacks are much more difficult to apply to DDoS attacks based on application- level DDoS attacks and examples of common application layer flood attacks and slow attacks. Such as DNS QUERY flood attack, CC attack and slow POST request attack, through the analysis of the characteristics of these attacks, the use of user access to the characteristics of the web page of the trust mechanism, DDoS attacks on the application layer to detect and control the defense.
In this paper, the simulation experiment is to build a server to initiate a CC attack, get experimental data, and then add the prepared detection and control defense strategy to verify the effectiveness of the strategy.