DDoS Attacks Defense Mechanism based on Secure Routing Alliance

摘要

Distributed Denial of Service (DDoS) attacks on the cloud computing platform has become one of the key issues affecting cloud security. According to the sources of security threat of cloud computing platform, construct secure routing alliance, filter and resist DDoS from the route of cloud user to cloud computing center, design data forwarding mechanism and fault nodes replacement mechanism. The strategy of secure overlay services is combined with the structural characteristics of the ubiquitous routing platform to defend against DDoS attacks. The Chord ring is improved, the nodes are divided according to the distance in the physical network, and the Chord algorithm is avoided repeatedly ignoring the forwarding of physical paths. Since the original Chord algorithm is applied to the P2P network, in order to make it more suitable for the hierarchical physical topology, only the first three jumps of the Chord algorithm's query steps are taken. Fault nodes replacement mechanism uses virtual machine technology to convert nodes in the network into a large number of virtual nodes and serve as backup nodes in the security structure in time to replace the attacked nodes with backup nodes to minimize the impact of attacks on the nodes. The simulation results show that with the increase of the number of nodes, the data passing rate of the secure routing alliance can exceed 90% and the pass rate can be guaranteed to be over 35% when the number of attack nodes is large, which ensures data security and the availability of the transmission paths.