摘要： P2P系统的分散性、匿名性和随机性等特点容易被利用发起大规模的分布式拒绝服务(DDoS)攻击。为此，提出一种分布式的防御方法。通过在应用层构建一套数据发送授权机制，使P2P平台中的节点在未得到目标节点授权之前不能向其发送大量数据，从而阻止攻击数据到达被攻击者。仿真实验结果证明，该模型可以抵御利用P2P软件发起的DDoS攻击。

关键词: 分布式拒绝服务攻击, 拒绝服务防御, P2P网络, 网络安全, Gnutella协议

Abstract: The inherent characteristics of P2P system, such as dispersivenes, anonymity and randomness, are apt to plunge the system into attacks from Distributed Denial of Service(DDoS) on a large scale. In order to solve the problem, this paper proposes a distributive defense method. A mechanism to authorize the sending and receipt of data is constructed in the application platform, thus the node in the P2P platform can not send data to the system unless authorized by the target node and in this way the target can stay safe from the destructive data. Simulation experimental results show that the model can defend the DDoS attacks which takes advantage of the weakness of P2P software.

Key words: Distributed Denial of Service(DDoS) attack, Denial of Service(DoS) defense, P2P network, network security, Gnutella protocol

中图分类号: 

• TN393.08