在過去的幾十年中,DDoS 攻擊繼續成為計算機和網絡世界的主要威脅。儘管已經在這個安全領域投入了大量的研究工作,但有效的解決方案仍然沒有出現在現實世界中。造成這一結果的一個主要原因是 DDoS 攻擊不斷發展。最近,一種新的 DDoS 攻擊形式,Connection flood的DDoS 攻擊,將俄羅斯最大的互聯網公司給攻陷時引起關注。Connection flood與選定目標建立許多 TCP/IP 連線,以至於普通新用戶無法與目標建立 TCP/IP 連線。隨著許多物聯網設備的控制變得容易,攻擊者很容易發起連接洪水攻擊。在本論文中,我們計劃開發一種可以監控服務器每一條 TCP/IP 連接的吞吐量的機制。當新用戶無法與服務器建立 TCP/IP 連線時,我們的系統將檢查每一條 TCP/IP 連線的吞吐量,並在吞吐量低於閾值的情況下斷開所有 TCP/IP 連接。同時,低吞吐量連接中涉及的主機將被列入黑名單,避免它們進一步發起攻擊。實驗結果表明,我們的系統可以有效地保護我們的系統再次受到connection flood攻擊。;In the past several decades, DDoS attacks continue being a major threat to the computer and network world. Even though many research efforts have been invested in this security threat, effective solutions still do not appear in the real world. One major reason of this result is that DDoS attacks continue evolving. Recently, one new form of DDoS attacks, connection flood DDoS attack, catches people’s eyes when it shut down Russia’s largest Internet company. Connection flood attacks establish many TCP/IP connections with a chosen target to a degree that no normal new user can establish a TCP/IP connection with the target. With the easiness to grab the control of many IoT devices, it is easy for an attacker to launch connection flood attacks nowadays. In this thesis, we plan to develop a mechanism that can monitor the throughput of every TCP/IP connection of a server. When a new user is not able to establish a TCP/IP connection with the server, our system will check the throughput of every TCP/IP connection and disconnect all TCP/IP connection with throughput which is under a threshold. Meanwhile, the hosts involved in the low throughput connections will be put into a black list to avoid them launch further attacks. Experimental results show that our system can effectively protect our system again Connection flood attacks.
