ddos 中文意思是什麼

The new software named " d - gun " for ddos is carried out, which completed in windows 2000 and rethat linux. three characteristics of d - gun are lied out. first, it can complete all steps of attack automatically ; secondly, it support a lot of method of ddos, especially support echo attack method and pulsant attack method

本課題開發完成了一個獨立的分散式拒絕服務攻擊軟體，開發平臺是windows2000和redhatlinux ，其特色是跨平臺自動傳播，自動實現ddos攻擊的全步驟；支持多種攻擊模型，特別是構造了反射拒絕服務攻擊和脈動攻擊模型，攻擊強度高且難追溯；有一定繞過防火墻的能力。

How to defend against ddos attacks

如何防禦ddos攻擊

The study of ddos and tcp syn flood becomes the hotspot of research about information security. many foreign and home manufactures develop the special products

對于ddos及tcpsynflood攻擊的研究已成為信息安全研究的熱點，國內外一些廠家也開發出了專門的應對產品。

Being a widely utilized public ip platform, it is susceptible to security attacks of all nature, as outlined in the following areas : the open nature of the ip internet systems - increase of foreign attacks, for example dos / ddos attacks ; the current weakness of the existing operating system ' s internet protocol ; mainframe, and lack of an evaluation standard for back office systems, the inevitable problem of illegal internal access, the lack of guidelines for record keeping and post attack documentation processes, hi addition, still in existence, are managerial problems including the lack of securit y knowledge amongst the workforce and the inexistence of a complete set of security guidelines. to guarantee china telecom ' s 163 / 169 system ' s reliable functions, to protect the user ' s interests, at the same time, insuring quality service, it is necessary to adapt p2dr model as a solution to the current security issues. supported by the modern secure theory and made the secure implementation abundant project practices, this paper gives the general secure design for the chongqing public ip network using p2dr secure model

中國電信建設的公眾ip網對我國internet的發展起著決定性作用，重慶電信163 / 169網際網路是國家骨幹網在本地的延伸，擁有7個核心節點（採用cisco12012 、 2 * 2 . 5gdpt環） ，三十八個匯接節點，能提供寬帶，窄帶多種接入方式的公眾ip網，現擁有近20萬用戶，佔全市網際網路用戶四分之三以上，作為這樣一個擁有眾多用戶，開放的ip平臺，會受到各種各樣的安全威脅，主要表現在ip網路的開放性，來自外部的攻擊增多，如dos / ddos攻擊；所使用的操作系統運行的網路協議自身的脆弱性；主機、網路設備的配置是否缺乏評估手段；不可避免的內部非法訪問；缺乏必要的攻擊審計作為犯罪取證，出此之外，還有管理上的一些問題，如人員安全意識不強，安全制度不夠健全等多方面原因。

When ddos happens, the flood presents some characteristics, such as the statistical distributing. although an attacker can forge any field in the ip header, he or she cannot falsify the numbers of hops an ip packet takes the reach its destination, which is solely determined by the internet routing infrastructure

Tcpsynflood攻擊發生時，在路由器會引起某些異常情況，如流量異常（可能會流量猛增） ，報文流一些特徵的統計分佈特性發生改變（如源ip地址的隨機分佈特性， ttl欄位的分佈特性）等。

Based on active network, this system making use of active network concepts and technology to automated respond to ddos attack in entire network level

它建立在主動網的基礎之上，利用主動網的觀念和技術實現跨網路安全管理域的響應。

According to the systematical research on those, at present, commonly adapted attacking and intrusion means, it analyzes and studies all those active approaches, like electronic frauds, scanning loopholes, overflowing buffer area, dos and ddos, etc

對目前較為流行的攻擊方式與入侵方法進行了系統的研究，分析研究了電子欺騙、漏洞掃描、緩沖區溢出、 dos及ddos等主動攻擊方法。

It reframes the traceback problem as a polynomial reconstruction problem, and uses techniques from algebraic coding theory to provide robust methods of transmission and restriction. the scheme is a new solution to the traceback problem during a dos attack ; the honeypot for ddos, which is a tool of traceback, lures the attacker to believe that he successfully compromised a slave for his needs, convincingly simulating the architecture of a potential ddos attack ; the source - based approach to ddos defense, which is a useful adjunt to traceback systems, deploys a ddos defense system at source - end networks. attacks are detected by monitoring two - way traffic flows, and the attacks originating from source networks are stopped by rate - limiting ; the routing mechanism based on pushback treats ddos attacks as a congestion - control problem

最後，就有關ddos攻擊反向追蹤問題，從四個方面對其解決方案進行了研究：在分析比較幾種反向追蹤演算法的基礎上，著重研究了代數方法編碼反向追蹤信息的方案，該方案把追蹤重構問題當作多項式重構問題，使用代數編碼理論技術提供魯棒的傳送和重構方法，是dos攻擊過程中的反向追蹤問題的一種新的解決方法； ddos陷阱作為反向追蹤的工具，引誘攻擊者相信自己成功與所需的傀儡主機通話，令人信服地模擬出潛在ddos攻擊體系結構；基於源的ddos防禦方法作為反向追蹤有用的補充，將防禦系統部署在源網路，通過監控雙向流量檢測攻擊和限制速率終止來自源的攻擊；基於向後倒推的防禦ddos的路由機制把ddos攻擊看作擁塞控制問題，添加功能到每個路由器來檢測並優先丟棄可能屬于攻擊的包，通過向後倒推上級路由器也得到通知而把這樣的包丟棄。

There seem to be no substantial improvement in anti - ddos research on attack preventing, detecting & retorting yet, nor did any effective or nicety method appear to predict the ddos attack in time. ddos attack detection and defending is one of the frontiers in the field of network security

但是，目前全球對ddos攻擊進行防範、檢測和反擊的研究工作沒有實質性的重大突破，沒有能準確及時預測ddos攻擊發生的有效方法， ddos攻擊的檢測與防護是當前網路安全領域的重要前沿。

Existing approaches in defending ddos intrusions is just close service even close the system. but it is improbable for some crucial service. even the application could accept, obviously, it is n ' t a kind of superior strategy

在受到分散式攻擊時，當前的做法是關閉服務甚至關閉系統，這對於一些提供關鍵數據服務的系統是不能接受的，即使應用可以接受，這顯然也不是一種最優策略。

The traditional detecting ddos method detects the ddos attack based on matching the signature of the attcks, but it is not appropriate for detection of the ddos attack based on network

傳統檢測方法使用基於特徵匹配的檢測，不適用於基於網路的ddos攻擊的檢測。

In the next step we ' ll optimize the method further and construct a whole set of mechanism in ddos detecting and blocking based on it

我們下一步的工作，包括進一步對本方法進行優化以及建立一套完整的基於本方法的ddos攻擊監測和控制機制。

Distributed denial of service ( ddos ) attack is a newly developed attack type, which is the extension of denial of service ( dos ) attack

分散式拒絕服務（ ddos ）攻擊是近年來出現的一種全新的拒絕服務（ dos ）攻擊方式。

Now most ddos attacks are tcp flood attacks and are implemented according to tcp protocol

目前大多數的ddos攻擊通過tcp協議實現，主要採用tcp洪流攻擊。

In this paper, technology of ddos and design of d - gun are introduced. totally it is divided into six parts, the first of part is introduction. the second part is interrelated technology about d - gun, including ddos principium, ports - scan, buffer overflow attack, backdoor and raw socket

第二部分介紹相關技術基礎，主要討論了ddos原理和實現ddos自動傳播執行所需具備的相關技術，包括埠掃描技術、遠程入侵技術、后門技術，以及tcp / ip協議應用中的原始套接字。

Compared with the traditional anti - ddos method, it does n ' t need to inspect the content of the packet, so has more efficiency and can be used on the node with huge traffic

和傳統的方法相比，該方法不需要對分組內容進行檢測，效率較高，可用於大流量網路節點的ddos攻擊檢測和防範工作。

Network attacks damaged networks and users, among which dos ( denial of service ) attacks become one of the common network attack techniques by the characteristics, such as extensive area, strong concealment, simpleness and efficiency, etc. dos attacks greatly affected the effective service of network and host systems, especially among which, ddos ( distributed denial of service ) attacks are greatly threatening internet, since they are difficult to recognize and defense due to their concealment and distribution

隨著網際網路的迅速普及和應用的不斷發展，各種黑客工具和網路攻擊手段也隨之倍出，網路攻擊導致網路和用戶受到侵害，其中拒絕服務（ dos ， denialofservice ）攻擊以其攻擊范圍廣、隱蔽性強、簡單有效等特點成為常見的網路攻擊技術之一，極大地影響網路和業務主機系統的有效服務。其中，尤其是分散式拒絕服務（ ddos ， distributeddenialofservice ）攻擊，由於其隱蔽性和分佈性很難被識別和防禦嚴重威脅著internet 。

We do researches on constructing normal model of network traffic, analysizing self - similarity of network traffics - hurst parameter, and its time variable function h ( t ). experimental analysis confirmed the validity of the novel mechanism, limiting the extent of network traffic in time and detecting the ddos attack through measuring the change of h parameter brought by the attacks. moreover we use database to refine the ddos attack

主要成果為： （ 1 ）對網路流量的自相似性? hurst參數、 hurst參數的時變函數h （ t ）進行分析，建立正常網路流量模型，比傳統的特徵匹配更準確描述了網路流量的特性； （ 2 ）通過實驗驗證了，基於正常網路流量模型，對網路流量進行實時限幅，由自相似性的變化來預測ddos攻擊方法的正確性； （ 3 ）對于不同的攻擊方式，我們使用不同的方法進行檢測，並用數據庫對流經的包頭信息進行統計分析，來對攻擊定位。

By adopting the real - time rescaled range ( rrs ) algorithm developed from the rs method, we do the simulation work using fractional gaussian noise ( fgn ) and real network traffic data collected from lan and wan. it shows the method we bring up can differentiate normal network traffic and ddos attack traffic effectively and precisely in most situation, and has provided a new way to detect and prevent ddos attack duly and precisely

通過基於rs演算法改進的實時hurst系數估計演算法rrs ，採用分形高斯噪聲和局域網、廣域網真實業務數據進行了模擬實驗，結果表明本文所提出的方法可以在絕大多數情況下準確高效地區分正常網路業務和包含了ddos攻擊的數據業務，從而為及時、準確地判斷和制止大規模ddos攻擊的發生提供了新的手段。

Analysis of ddos attack technology and the countermeasures

攻擊的技術分析及防範策略研究