1. Field of the Invention
The present invention relates to a method and system for defending a Distributed Denial of Service (DDoS) attack.
2. Background of the Related Art
A DDoS attack refers to that several computers operate at the same time and attack a specific website.
In more detail, a DDoS attack is a scheme for distributing a program for Denial of Service (DoS) attack which can flood numerous hosts, interconnected over a network, with packets into the hosts and enabling the hosts to cause a slow network performance and system paralysis for an attack target system in an integrated way. The DoS attack refers to all actions which make impossible the hardware or software of an attack target system, thus causing problems in a system performing a normal operation. Attack methods which enable a wide variety of attacks and can obtain instant and noticeable results may include, for example, smurf, trinoo, and SYN flooding. If a hacker installs tools for service attacks in several computers in order to attack a specific website and simultaneously floods a computer system of the target website with a tremendous amount of packets which cannot be processed by the computer system, the performance of a network is slowed or the computer system becomes impossible.
The possibility of attacks over a network is gradually increasing because of an increase in distributed systems and the proliferation of the Internet. In order to protect systems from a threat of potential attacks, a conventional system defends a DDoS attack through backbone-based network control.
However, conventional security devices are problematic in that they cannot detect attacks within an attack agent terminal and cannot deal with a corresponding source properly and efficiently, even if such attacks are detected.