Detecting the Web Server from DDoS Attacks by Using Three-Tier Model

• Main Authors: Guan-Ci Huang, 黃冠錡
• Other Authors: Shi-Jinn Horug
• Format: Others
• Language: en_US
• Published: 2006
• Online Access: http://ndltd.ncl.edu.tw/handle/72199146933221755182

碩士 === 國立臺灣科技大學 === 資訊工程系 === 94 === According to FBI 2003 Computer Crime and Security Survey Result, Distributed Denial of Service Attack is the second dangerous network attack in the world. The attacker use abnormal activities to consume the system resource or to degrade the performance of network instead of intruding the system itself. Detection mechanisms are researched that are able to detect the abnormal activities when the attackers use the large amount of packets to break the system down in the development of DDoS. However, the changeable frequency mode will be the tendency in the future. In this paper, we proposed the three layers detection mechanism which can look for the changeable frequency attack mode. Firstly, we will analyze which fields in the packet may be our features. After analyzing, the similar features will be grouped into each layer which quantifies the normal service behavior precisely according to their characteristics. It is easy and immediate to detect the abnormal behavior when the attacks occur. We implement our proposed mechanism in the NTUST’s Web Server. We will attack the Web server in practice to observe the difference for beginning to end. And our proposed mechanism can reach a higher performance.