| Summary: | 碩士 === 樹德科技大學 === 資訊管理系碩士班 === 100 === With the rapid development of Internet, Internet technology had increasingly reshaped people''s lives. Especially in the growing e-commerce, the prominent issue is network security. In this paper, we first analyze the states during DoS or DDoS attacks and realize the inherent defects of TCP protocol. Therefore, we propose a DDoS detection scheme based on TCP to perceive and react to the occurrence of DDoS attacks. In addition, we build up an DDoS environment in our lab to test our model.
In our detection model, we assume the ratio between the number of TCP segments carried with specified flag fields during the three-way handshaking for connection setup must below a threshold in the DDoS-free situation. By way of the statistical analysis, we can approach a threshold deduced from the ratio between each specified flag of TCP segments. Next, we conduct four different experiments including DDoS-free, DDoS with one attacker, DDoS with two attacker, and DDoS with three attacker to accumulate TCP segments according to each specified flags. Finally, we determine the numerical result of these thresholds.
|
|---|
