PHN LOI TN CNG DDOS V CC BIN PHP PHNG CHNG

Hong Xun Du
Hc vin Cng ngh Bu Chnh Vin Thng
Email: dauhx@ptit.edu.vn
Tm tt. Tn cng t chi dch v phn tn (DDoS) pht trin mnh m trong nhng nm gn y
v l mt mi e da thng trc i vi h thng mng v my ch dch v ca cc c quan v t
chc. Tn cng t chi dch v gy cn kit ti nguyn h thng hoc ngp lt ng truyn, lm ngt
qung qu trnh cung cp dch v cho ngi dng hp php, hoc thm ch khin c h thng ngng
hot ng. Tn cng DDoS rt kh pht hin v phng chng hiu qu do s lng cc host b iu
khin tham gia tn cng thng rt ln v nm ri rc nhiu ni. c gii php phng chng tn
cng DDoS hiu qu, vic nghin cu v cc dng tn cng DDoS l cn thit. Bi bo ny tng hp
cc phng php phn loi cc dng tn cng DDoS v cc bin php phng chng tn cng DDoS,
gip nng cao hiu bit v dng tn cng ny v trn c s la chn cc bin php phng chng
hiu qu cho tng h thng c th.

1. GII THIU
Tn cng t chi dch v (Denial of Service - DoS) l dng tn cng nhm ngn chn
ngi dng hp php truy nhp cc ti nguyn mng. Tn cng DoS xut hin t kh sm,
vo u nhng nm 80 ca th k trc [1]. Tn cng t chi dch v phn tn (Distributed
Denial of Service - DDoS) l mt dng pht trin mc cao ca tn cng DoS c pht hin
ln u tin vo nm 1999 [2]. Khc bit c bn ca tn cng DoS v DDoS l phm vi tn cng.
Trong khi lu lng tn cng DoS thng pht sinh t mt hoc mt s t host ngun, lu lng
tn cng DDoS thng pht sinh t rt nhiu host nm ri rc trn mng Internet. Hin nay, c
hai phng php tn cng DDoS ch yu [1]. Trong phng php th nht, k tn cng gi cc
gi tin c to theo dng c bit gy li trong giao thc truyn hoc li trong ng dng chy
trn my nn nhn. Mt dng tn cng DDoS in hnh theo phng php ny l tn cng khai
thc l hng an ninh ca cc giao thc hoc dch v trn my nn nhn. Phng php tn cng
DDoS th hai ph bin hn phng php th nht, gm hai dng [1]: (i) dng tn cng DDoS
gy ngt qung kt ni ca ngi dng n my ch dch v bng cch lm ngp lt ng
truyn mng, cn kit bng thng hoc ti nguyn mng, v (ii) dng tn cng DDoS gy ngt
qung dch v cung cp cho ngi dng bng cch lm cn kit cc ti nguyn ca my ch dch
v, nh thi gian x l ca CPU, b nh, bng thng a, c s d liu. Dng tn cng ny bo
gm cc loi tn cng gy ngp lt mc ng dng.
K t cuc tn cng DDoS u tin c xc nhn vo nm 1999 [2], nhiu cuc tn cng
DDoS gy ngp lt c thc hin vo h thng mng ca cc cng ty v cc t chc. Hu
ht cc cuc tn cng DDoS gy ngp lt cho n hin nay u tp trung vo lm ngt qung
hoc ngng dch v chy trn h thng nn nhn. Hu qu l lm gim doanh thu, tng chi ph
phng chng v phc hi dch v. V d, vo thng Hai nm 2000, h thng mng ca cng ty
Internet Yahoo phi hng chu t tn cng DDoS u tin lm cc dch v ca cng ty phi
ngng hot ng trong 2 gi, gy thit hi ln v doanh thu qung co [1]. Thng Hai nm 2004,
mt t tn cng DDoS rt ln xut pht t mt lng rt ln cc my tnh b nhim virus
Mydoom lm trang web ca tp on SCO khng th truy nhp. Virus Mydoom cha cc on
m c hi chy trn hng ngn my tnh b ly nhim ng lot tn cng trang web ca tp on
SCO [1]. M c ca virus Mydoom cn c ti s dng vo thng By nm 2009 tn cng
mt lot cc trang web ca Chnh ph v cc t chc ti chnh Hn Quc v M gy nhiu hu
qu nghim trng [1]. Vo thng Mi Hai nm 2010, mt nhm tin tc c tn l Anonymous
o din mt lot cc cuc tn cng DDoS gy ngng hot ng cc trang web ca cc t
chc ti chnh, nh Mastercard, Visa International, Paypal v PostFinance. Thng Chn nm

2012, mt t tn cng DDoS rt ln do nhm tin tc Izz ad-Din al-Qassam Cyber Fighters
thc hin gy ngt qung hot ngng hot ng cc trang web ngn hng trc tuyn ca 9 ngn
hng ln ca M [1]. Cc dng tn cng DDoS c thc hin ngy mt nhiu vi quy m ngy
mt ln v tinh vi hn nh s pht trin ca cc k thut tn cng v s lan trn ca cc cng c
tn cng.
ng c ca tin tc tn cng DDoS kh a dng. Tuy nhin, c th chia cc dng tn cng
DDoS da trn ng c ca tin tc thnh 5 loi chnh [1]:
a) Nhm ginh c cc li ch ti chnh, kinh t: Tin tc tn cng DDoS thuc loi ny
thng c k thut tinh vi v nhiu kinh nghim tn cng v chng lun l mi e da thng
trc i vi cc cng ty, tp on ln. Cc tn cng DDoS nhm ginh c cc li ch ti chnh
l nhng tn cng nguy him v kh phng chng nht.
b) tr th: Tin tc tn cng DDoS thuc loi ny thng l nhng c nhn bt mn v
h thc hin tn cng tr a nhng s vic m h cho l bt cng.
c) Gy chin tranh trn khng gian mng: Tin tc tn cng DDoS thuc loi ny thng
thuc v cc t chc qun s hoc khng b ca mt nc thc hin tn cng vo cc h thng
trng yu ca mt nc khc v mc ch chnh tr. Cc ch tn cng thng gp l cc h thng
mng ca cc c quan chnh ph, cc t chc ti chnh ngn hng, h thng cung cp in nc
v cc nh cung cp dch v vin thng. Tin tc loi ny thng c o to tt v c s
dng ngun lc mnh phc v tn cng trong thi gian di. Hu qu ca dng tn cng ny
thng rt ln, gy ngng tr nhiu dch v v c th gy thit hi ln v kinh t cho mt quc
gia.
d) Do nim tin thc h: Tin tc tn cng DDoS thuc loi ny chim t trng ln cc
cuc tn cng DDoS v thng thc hin tn cng do nim tin thc h, bao gm tn cng v
cc mc ch chnh tr, tn gio.
e) th thch tr tu: Tin tc tn cng DDoS thuc loi ny thng l nhng ngi tr
tui thch th hin bn thn, thc hin tn cng th nghim v hc cch thc hin cc dng
tn cng khc nhau. Loi tin tc ny ang tng nhanh chng do ngy nay c sn nhiu cng c
tn cng mng rt d dng v mt ngi nghip d cng c th s dng thc hin thnh cng
mt tn cng DDoS.
phng chng tn cng DDoS mt cch hiu qu nhm hn ch v gim thiu thit hi
do tn cng DDoS gy ra, vic nghin cu v cc dng tn cng v cc bin php phng chng
l cn thit. Nhiu cng trnh nghin cu v phn loi cc dng tn cng DDoS v cc bin php
phng chng c cng b [1][3][4][5][8][9][11]. Mt cch tng qut, Douligeris v cng s
[11] phn loi cc tn cng DDoS thnh 2 dng: (i) dng tn cng gy cn kit bng thng ng
truyn mng v (ii) dng tn cng gy cn kit ti nguyn my ch dch v. Dng tn cng cn
kit bng thng li c chia thnh tn cng gy ngp lt v tn cng khuch i, cn dng tn
cng gy cn kit ti nguyn my ch c chia tip thnh tn cng khai thc li giao thc v
tn cng s dng cc gi tin c bit. Zargar v cc cng s [1] phn loi cc tn cng DDoS
thnh 2 dng da trn lp mng, gm tn cng gy ngp lt lp mng/giao vn v tn cng gy
ngp lt lp ng dng. Theo mt hng khc, Mirkovic v cng s [3] v Bhuyan v cng s
[8] phn loi cc tn cng DDoS da trn 4 tiu ch: (i) mc t ng, (ii) khai thc cc l
hng an ninh, (iii) cng tn cng v (iv) mc nh hng. Tuy c s khc bit v phng
php v tiu ch phn loi, cc cng trnh nghin cu u c chung nh gi v mc nguy
him v s tng trng ng lo ngi ca tn cng DDoS c v phm vi, mc tinh vi v kh
nng ph hoi. V cc phng php phng chng tn cng DDoS, nhiu nghin cu [1][3][5] c
chung cch phn loi da trn 2 tiu ch chnh: (i) v tr trin khai v (ii) thi im hnh ng.

Bi bo ny tng hp cc phng php phn loi cc dng tn cng DDoS v cc bin

php phng chng tn cng DDoS, gip nng cao hiu bit v dng tn cng ny v trn c s
la chn cc bin php phng chng hiu qu cho tng h thng c th. Phn cn li ca bi
bo c b cc nh sau: Mc 2 trnh by kin trc v cc phng php phn loi tn cng
DDoS; Mc 3 trnh by cc bin php phng chng in hnh v Mc 4 l phn Kt lun.
2. PHN LOI TN CNG DDOS
2.1. Kin trc tn cng DDoS
Mc d c nhiu dng tn cng
DDoS c ghi nhn, nhng tu trung
c th chia kin trc tn cng DDoS
thnh 2 loi chnh: (i) kin trc tn cng
DDoS trc tip v (i) kin trc tn cng
DDoS gin tip hay phn chiu. Hnh 1
minh ha kin trc tn cng DDoS trc
tip, theo tin tc (Attacker) trc ht
thc hin chim quyn iu khin hng
ngn my tnh c kt ni Internet, bin
cc my tnh ny thnh cc Zombie
nhng my tnh b kim sot v iu
khin t xa bi tin tc. Tin tc thng
iu khin cc Zombie thng qua cc
Hnh 1. Kin trc tn cng DDoS trc tip
my trung gian (Handler). H thng cc
Zombie chu s iu khin ca tin tc
cn c gi l mng my tnh ma hay botnet.
Theo lnh gi t tin tc, cc Zombie ng lot to v gi cc yu cu truy nhp gi mo
n h thng nn nhn (Victim), gy ngp lt ng truyn mng hoc lm cn kit ti nguyn
ca my ch, dn n ngt qung hoc ngng dch v cung cp cho ngi dng.

Hnh 2. Kin trc tn cng DDoS gin tip hay phn chiu

Hnh 2 minh ha kin trc tn cng DDoS gin tip hay cn gi l kin trc tn cng
DDoS phn chiu. Tng t nh kin trc tn cng DDoS trc tip, tin tc (Attacker) trc ht
thc hin chim quyn iu khin mt lng rt ln my tnh c kt ni Internet, bin cc my
tnh ny thnh cc Zombie, hay cn gi la Slave. Tin tc iu khin cc Slave thng qua cc my
trung gian (Master). Theo lnh gi t tin tc, cc Slave ng lot to v gi cc yu cu truy
nhp gi mo vi a ch ngun ca cc gi tin l a ch ca my nn nhn (Victim) n n mt
s ln cc my khc (Reflectors) trn mng Internet. Cc Reflectors gi phn hi (Reply) n
my nn nhn do a ch ca my nn nhn c t vo yu cu gi mo. Khi cc Reflectors c
s lng ln, s phn hi s rt ln v gy ngp lt ng truyn mng hoc lm cn kit ti
nguyn ca my nn nhn, dn n ngt qung hoc ngng dch v cung cp cho ngi dng.
Cc Reflectors b li dng tham gia tn cng thng l cc h thng my ch c cng sut ln
trn mng Internet v khng chu s iu khin ca tin tc.
2.2. Phn loi tn cng DDoS
Cc cuc tn cng DDoS thng c tin tc thc hin bng cch huy ng mt s lng
rt ln cc my tnh c kt ni Internet b chim quyn iu khin tp hp cc my ny c
gi l mng my tnh ma hay mng bot, hoc botnet. Cc my ca botnet c kh nng gi hng
ngn yu cu gi mo mi giy n h thng nn nhn, gy nh hng nghim trng n cht
lng dch v cung cp cho ngi dng. Do cc yu cu ca tn cng DDoS c gi ri rc t
nhiu my nhiu v tr a l nn rt kh phn bit vi cc yu cu ca ngi dng hp php.
Mt trong cc khu cn thit trong vic ra cc bin php phng chng tn cng DDoS hiu
qu l phn loi cc dng tn cng DDoS v t c bin php phng chng thch hp. Nhiu
phng php phn loi tn cng DDoS c xut nh trong cc cng trnh

[1][3][4][5][8][9][11]. Mt cch khi qut, tn cng DDoS c th c phn loi da trn 6 tiu
ch chnh: (1) Da trn phng php tn cng, (2) Da trn mc t ng, (3) Da trn giao
thc mng, (4) Da trn phng thc giao tip, (5) Da trn cng tn cng v (6) Da trn
vic khai thc cc l hng an ninh. Phn tip theo ca mc ny trnh by chi tit tng loi.
2.2.1. Da trn phng php tn cng
Phn loi DDoS da trn phng php tn cng l mt trong phng php phn loi c
bn nht. Theo tiu ch ny, DDoS c th c chia thnh 2 dng [5]:
1) Tn cng gy ngp lt (Flooding attacks): Trong tn cng gy ngp lt, tin tc to mt
lng ln cc gi tin tn cng ging nh cc gi tin hp l v gi n h thng nn nhn lm cho
h thng khng th phc v ngi dng hp php. i tng ca tn cng dng ny l bng
thng mng, khng gian a, thi gian ca CPU,
2) Tn cng logic (Logical attacks): Tn cng logic thng khai thc cc tnh nng hoc
cc li ci t ca cc giao thc hoc dch v chy trn h thng nn nhn, nhm lm cn kit ti
nguyn h thng. V d tn cng TCP SYN khai thc qu trnh bt tay 3 bc trong khi to kt
ni TCP, trong mi yu cu kt ni c cp mt phn khng gian trong bng lu yu cu kt
ni trong khi ch xc nhn kt ni. Tin tc c th gi mt lng ln yu cu kt ni gi mo
cc kt ni khng th thc hin, chim y khng gian bng kt ni v h thng nn nhn khng
th tip nhn yu cu kt ni ca ngi dng hp php.
2.2.2. Da trn mc t ng
Theo mc t ng, c th chia tn cng DDoS thnh 3 dng [3]:
1) Tn cng th cng: Tin tc trc tip qut cc h thng tm l hng, t nhp vo h
thng, ci t m tn cng v ra lnh kch hot tn cng. Ch nhng tn cng DDoS trong giai
on u mi c thc hin th cng.
2) Tn cng bn t ng: Trong dng ny, mng li thc hin tn cng DDoS bao gm
cc my iu khin (master/handler) v cc my agent (slave, deamon, zombie, bot). Cc giai
on tuyn chn my agent, khai thc l hng v ly nhim c thc hin t ng. Trong on
tn cng, tin tc gi cc thng tin bao gm kiu tn cng, thi im bt u, khong thi gian
duy tr tn cng v ch tn cng n cc agent thng qua cc handler. Cc agent s theo lnh gi
cc gi tin tn cng n h thng nn nhn.
3) Tn cng t ng: Tt c cc giai on trong qu trnh tn cng DDoS, t tuyn chn
my agent, khai thc l hng, ly nhim n thc hin tn cng u c thc hin t ng. Tt
c cc tham s tn cng u c lp trnh sn v a vo m tn cng. Tn cng dng ny gim
n ti thiu giao tip gia tin tc v mng li tn cng, v tin tc ch cn kch hot giai on
tuyn chn cc my agent.
2.2.3. Da trn giao thc mng
Da trn giao thc mng, tn cng DDoS c th chia thnh 2 dng [1]:
1) Tn cng vo tng mng hoc giao vn: dng ny, cc gi tin TCP, UDP v ICMP
c s dng thc hin tn cng.
2) Tn cng vo tng ng dng: dng ny, cc tn cng thng hng n cc dch v
thng dng ng vi cc giao thc tng ng dng nh HTTP, DNS v SMTP. Tn cng DDoS
tng ng dng cng c th gy ngp lt ng truyn v tiu hao ti nguyn my ch, lm ngt
qung kh nng cung cp dch v cho ngi dng hp php. Dng tn cng ny rt kh pht hin
do cc yu cu tn cng tng t yu cu t ngi dng hp php.
2.2.4. Da trn phng thc giao tip

Thng thng, thc hin tn cng DDoS, tin tc phi tuyn chn v chim quyn iu
khin mt s lng ln cc my tnh c kt ni Internet, v cc my tnh ny sau khi b ci phn
mm agent tr thnh cc bots - cng c gip tin tc thc hin tn cng DDoS. Tin tc thng qua
cc my iu khin (master) giao tip vi cc bots gi thng tin v cc lnh iu khin tn
cng. Theo phng thc giao tip gia cc master v bots, c th chia tn cng DDoS thnh 4
dng [5]:
1) DDoS da trn agent-handler: Tn cng DDoS da trn dng ny bao gm cc thnh
phn: clients, handlers v agents (bots/zombies). Tin tc ch giao tip trc tip vi clients.
Clients s giao tip vi agents thng qua handlers. Nhn c lnh v cc thng tin thc hin tn
cng, agents trc tip thc hin vic tn cng.
2) DDoS da trn IRC: Internet Relay Chat (IRC) l mt h thng truyn thng ip trc
tuyn cho php nhiu ngi dng to kt ni v trao i cc thng ip theo thi gian thc.
Trong dng tn cng DDoS ny tin tc s dng IRC lm knh giao tip vi cc agents, khng s
dng handlers.
3) DDoS da trn web: Trong dng tn cng ny, tin tc s dng cc trang web lm
phng tin giao tip qua knh HTTP thay cho knh IRC. Cc trang web ca tin tc c s
dng lm trung tm iu khin v ly nhim cc phn mm c hi, cc cng c khai thc cc l
hng an ninh, ci t cc agents chim quyn iu khin h thng my tnh v bin chng thnh
cc bots. Cc bots c th c xc lp cu hnh hot ng t u, hoc chng c th gi cc
thng ip n trang web iu khin thng qua cc giao thc web ph bin nh HTTP v
HTTPS.
4) DDoS da trn P2P: dng ny, tin tc s dng giao thc Peer to Peer mt giao thc
tng ng dng lm knh giao tip. Bn cht ca cc mng P2P l phn tn nn rt kh pht
hin cc bots giao tip vi nhau thng qua knh ny.
2.2.5. Da trn cng tn cng
Da trn cng hoc tn sut gi yu cu tn cng, c th phn loi tn cng DDoS
thnh 5 dng [3]:
1) Tn cng cng cao: L dng tn cng gy ngt qung dch v bng cch gi cng
mt thi im mt lng rt ln cc yu cu t cc my agents/zombies nm phn tn trn
mng.
2) Tn cng cng thp: Cc agents/zombies c phi hp s dng gi mt lng
ln cc yu cu gi mo, nhng vi tn sut thp, lm suy gim dn dn hiu nng mng. Dng
tn cng ny rt kh b pht hin do lu lng tn cng tng t nh lu lng n t ngi
dng hp php.
3) Tn cng cng hn hp: L dng kt hp gia tn cng cng cao v tn cng
cng thp. y l dng tn cng phc hp, trong tin tc thng s dng cc cng c
sinh cc gi tin tn cng gi vi tn sut cao v thp.
4) Tn cng cng lin tc: L dng tn cng c thc hin lin tc vi cng ti
a trong sut khong thi gian t khi bt u n khi kt thc.
5) Tn cng cng thay i: y l dng tn cng c cng thay i ng nhm
trnh b pht hin v p tr.
2.2.6. Da trn vic khai thc cc l hng an ninh
Da trn vic khai thc cc im yu v l hng an ninh, tn cng DDoS c th c phn
loi thnh 2 dng [5]:

1) Tn cng gy cn kit bng thng: Cc tn cng DDoS dng ny c thit k gy

ngp lt h thng mng ca nn nhn bng cc yu cu truy nhp gi mo, lm ngi dng hp
php khng th truy nhp dch v. Tn cng dng ny thng gy tc nghn ng truyn bng
lng yu cu gi mo rt ln gi bi cc my tnh ma (zombie) ca cc botnets. Dng tn cng
ny cng cn c gi l tn cng gy ngp lt hoc tn cng khuch i.
2) Tn cng gy cn kit ti nguyn: Cc tn cng DDoS dng ny c thit k tiu
dng ht cc ti nguyn trn h thng nn nhn, lm cho n khng th phc v cc yu cu ca
ngi dng hp php. Dng tn cng DDoS ny c th c chia nh thnh 2 dng (i) tn cng
khai thc tnh nng hoc li ci t ca cc giao thc v (ii) tn cng s dng cc gi tin c
to c bit. Trong dng th nht, tin tc khai thc cc li hoc cc tnh nng c bit ca cc
giao thc trn h thng nn nhn gy cn kit ti nguyn. Trong dng th hai, k tn cng to
ra cc gi tin c bit, nh cc gi sai nh dng, gi c khim khuyt, gi n h thng nn
nhn. H thng nn nhn c th b trc trc khi c gng x l cc gi tin dng ny. V d, trong
tn cng Ping of Death, tin tc gi cc gi tin ICMP c kch thc ln hn 64KB gy li cc
my chy h iu hnh Windows XP.
3. CC BIN PHP PHNG CHNG
Do tnh cht nghim trng ca tn cng DDoS, nhiu gii php phng chng c
nghin cu v xut trong nhng nm qua. Tuy nhin, cho n hin nay gn nh cha c gii
php no c kh nng phng chng DDoS mt cch ton din v hiu qu do tnh cht phc tp,
quy m ln v tnh phn tn rt cao ca tn cng DDoS. Thng thng, khi pht hin tn cng
DDoS, vic c th thc hin c tt nht l ngt h thng nn nhn khi tt c cc ti nguyn
do mi hnh ng phn ng li tn cng u cn n cc ti nguyn trong khi cc ti nguyn ny
b tn cng DDoS lm cho cn kit. Sau khi h thng nn nhn c ngt khi cc ti nguyn,
vic truy tm ngun gc v nhn dng tn cng c th c tin hnh. Nhiu bin php phng
chng tn cng DDoS c nghin cu trong nhng nm gn y [1][3][4][5][11]. Tu chung
c th chia cc bin php phng chng tn cng DDoS thnh 3 dng theo 3 tiu ch chnh: (i)
Da trn v tr trin khai, (ii) Da trn giao thc mng v
(iii) Da trn thi im hnh ng. Phn tit theo m t cc bin php phng chng tn
cng DDoS thuc 3 dng trn.
3.1. Da trn v tr trin khai
Cc bin php phng chng tn cng DDoS c phn loi vo dng ny da trn v tr ci
t v tip tc c chia nh thnh 3 dng con [5]:
1) Trin khai ngun tn cng: Cc bin php phng chng tn cng DDoS c trin
khai gn ngun ca tn cng. Phng php ny nhm hn ch cc mng ngi dng tham gia
tn cng DDoS. Mt s bin php c th bao gm:
Thc hin lc cc gi tin s dng a ch gi mo ti cc b nh tuyn cng mng;
S dng cc tng la c kh nng nhn dng v gim tn sut chuyn cc gi tin hoc
yu cu khng c xc nhn.
2) Trin khai ch tn cng: Cc bin php phng chng tn cng DDoS c trin khai
gn ch ca tn cng, tc l ti b nh tuyn cng mng hoc b nh tuyn ca h thng
ch. Cc bin php c th c th gm:
Truy tm a ch IP: Gm cc k thut nhn dng a ch v ngi dng gi mo.
Lc v nh du cc gi tin: Cc gi tin hp l c nh du sao cho h thng nn
nhn c th phn bit cc gi tin hp l v gi tin tn cng. Mt s k thut lc v nh

du gi tin c xut gm: Lc IP da trn lch s, Lc da trn m hop, Nhn

dng ng dn,
3) Trin khai mng ch tn cng: Cc bin php phng chng tn cng DDoS c trin
khai cc b nh tuyn ca mng ch da trn lc gi tin, pht hin v lc cc gi tin c hi.
3.2. Da trn giao thc mng
Cc bin php phng chng tn cng DDoS c chia nh theo tng mng: IP, TCP v
ng dng [5]:
1) Phng chng tn cng DDoS tng IP bao gm mt s bin php:
Pushback: L c ch phng chng tn cng DDoS tng IP cho php mt b nh
tuyn yu cu cc b nh tuyn lin k pha trc gim tn sut truyn cc gi tin.
SIP defender: Mt kin trc an ninh m cho php gim st lung cc gi tin gia cc
my ch SIP v ngi dng v proxy bn ngoi vi mc ch pht hin v ngn chn
tn cng vo cc my ch SIP.
Cc phng php da trn ch: Gm cc phng php da trn ch mt m
chng li tn cng DDoS mc IP.
2) Phng chng tn cng DDoS tng TCP bao gm mt s bin php:
S dng cc k thut lc gi tin da trn a ch IP.
Tng kch thc Backlogs gip tng kh nng chp nhn kt ni mi ca h thng ch.
Gim thi gian ch xc nhn yu cu kt ni TCP-SYN gip my ch hy b cc yu
cu kt ni khng c xc nhn trong khong thi gian ngn hn, gii phng ti
nguyn cc kt ni ch chim gi.
S dng SYN cache gip duy tr Backlogs chung cho ton my ch thay v Backlogs
ring cho mi ng dng. Nh vy c th tng s lng kt ni ang ch xc nhn.
S dng SYN Cookies cho php ch cp pht ti nguyn cho kt ni khi n c xc
nhn. Cc yu cu SYN s b hy nu khng c xc nhn trc khi c chuyn cho
my ch ch. Phng php ny c th gip phng chng tn cng SYN Flood hiu
qu.
S dng tng la hoc proxy lc cc gi tin hoc thc thi cc chnh sch an ninh
xc lp trc.
3) Phng chng tn cng DDoS tng ng dng c th bao gm:
Ti thiu ha hnh vi truy nhp trang phng chng tn cng gy ngp lt HTTP.
S dng cc phng php thng k pht hin tn cng DDoS mc HTTP.
Gim st hnh vi ca ngi dng trong cc phin lm vic pht hin tn cng.
3.3. Da trn thi im hnh ng
Da trn thi im hnh ng, c th phn loi cc bin php phng chng tn cng DDoS
thnh 3 dng theo 3 thi im [5]:
1) Trc khi xy ra tn cng: Cc bin php phng chng tn cng DDoS thuc dng ny
c trin khai nhm ngn chn tn cng xy ra. Mt phn ln cc bin php thuc dng ny bao
gm vic cp nht h thng, m bo cu hnh an ninh ph hp, sa li, v cc l hng gim
thiu kh nng b tin tc khai thc phc v tn cng.
2) Trong khi xy ra tn cng: Cc bin php phng chng tn cng DDoS thuc dng ny
tp trung pht hin v ngn chn tn cng. Tng la v cc h thng IDS/IPS thuc nhm ny.
3) Sau khi xy ra tn cng: Gm cc bin php c trin khai ln vt v truy tm ngun
gc ca tn cng DDoS.

4. KT LUN
Tn cng t chi dch v phn tn (DDoS) pht trin ng lo ngi trong nhng nm gn
y v l mi e da thng trc vi h thng mng ca cc c quan chnh ph v cc doanh
nghip. Nhiu cuc tn cng DDoS vi quy m rt ln c thc hin gy t lit h thng
mng ca Chnh ph Hn Quc v gy ngt qung hot ng ca cc mng dch v trc truyn
ni ting nh Yahoo. Tn cng DDoS rt kh phng chng hiu qu do quy m rt ln v bn
cht phn tn ca n.
Nhiu k thut v cng c tn cng DDoS phc tp c pht trin, trong h tr c
lc nht cho tn cng DDoS l s pht trin nhanh chng ca cc k thut ly nhim cc phn
mm c hi, xy dng h thng mng my tnh ma (zombie, botnets). Tin tc c th chim
quyn iu khin cc my tnh c kt ni Internet, iu khin mng botnet vi hng trm ngn
my tnh thc hin tn cng DDoS. c gii php ton din phng chng tn cng DDoS
hiu qu, vic nghin cu v cc dng tn cng DDoS l khu cn thc hin u tin. Bi bo
ny tng hp cc phng php phn loi cc dng tn cng DDoS v cc bin php phng chng
tn cng DDoS. Trn c s c th c nh gi ng v kh nng b tn cng v la chn tp
cc bin php phng nga, pht hin v ngn chn tn cng mt cch hiu qu.
TI LIU THAM KHO
[1]

Saman Taghavi Zargar, James Joshi, Member and David Tippe, A Survey of Defense Mechanisms Against
Distributed Denial of Service (DDoS) Flooding Attacks, IEEE Communications Surveys & Tutorials, 2013.
[2] P. J. Criscuolo, Distributed Denial of Service, Tribe Flood Network 2000 and Stacheldraht CIAC-2319,
Department of Energy Computer Incident Advisory Capability (CIAC), UCRL-ID-136939, Rev. 1., Lawrence
Livermore National Laboratory, February 2000.
[3] Jelena Mirkovic, Janice Martin and Peter Reiher, A Taxonomy of DDoS Attacks and DDoS Defense
Mechanisms, ACM SIGCOMM Computer Communication Review, 2004.
[4] Jameel Hashmi, Manish Saxena, and Rajesh Saini, Classification of DDoS Attacks and their Defense
Techniques using Intrusion Prevention System, International Journal of Computer Science & Communication
Networks, 2012.
[5] Rajkumar, Manisha Jitendra Nene, A Survey on Latest DoS Attacks:Classification and Defense Mechanisms,
International Journal of Innovative Research in Computer and Communication Engineering, 2013.
[6] Thwe Thwe Oo, Thandar Phyu, A Statistical Approach to Classify and Identify DDoS Attacks using UCLA
Dataset, International Journal of Advanced Research in Computer Engineering & Technology (IJARCET),
2013.
[7] Tony Scheid, DDoS Detection and Mitigation Best Practices, Arbor Networks, 2011.
[8] Monowar H. Bhuyan, H. J. Kashyap, D. K. Bhattacharyya and J. K. Kalita, Detecting Distributed Denial of
Service Attacks: Methods, Tools and Future Directions, The Computer Journal, 2013.
[9] Mohammed Alenezi, Methodologies for detecting DoS/DDoS attacks against network servers, The Seventh
International Conference on Systems and Networks Communications - ICSNC 2012.
[10] Kanwal Garg, Rshma Chawla, Detection Of DDoS Attacks Using Data Mining, International Journal of
Computing and Business Research (IJCBR), 2011.
[11] Christos Douligeris and Aikaterini Mitrokotsa, DDoS Attacks And Defense Mechanisms: A Classification,
Signal Processing and Information Technology, 2003. ISSPIT 2003.