摘要
鉴于因特网出现了越来越多的DDoS攻击事件,而且这些攻击事件大多数都是利用“地址欺骗(IPSpoofing)”的攻击手段,因此DDoS攻击源追踪问题已成为网络安全研究领域的一个新方向.本文提出了一种分步追踪攻击源的新算法,其核心思想是首先由基于自治域系统(AS)的概率标记算法(ASPPM)将攻击源确定在某些AS中,然后在AS自治域范围内再使用随机数标记算法(RNPM)精确定位攻击源位置.与其它DDoS攻击源追踪算法比较,该分步算法具有收敛速度快、路径计算负荷小以及较低的误报率等特点,非常适合实现对DDoS攻击的实时追踪.
DDoS attack has increasingly become a great threat to the current Internet, Due to the fact that IP spoofing technique is frequently used,defending DDoS attack faces extreme difficulty. Most of the previous approaches to this problem try to solve it on a generalized Internet scale. For many reasons,the related tracing process requires great overhead and the solutions are difficult to implement, This paper proposes a new DI)oS traceback scheme based on real-time consideration by dividing the tracing process into two steps, In the first step ,ASPPM Scheme is adopted to determine the attack-originating AS. The second step processing concentrates on identifing ins the exact origin of the attacks. Compared the to the previous schemes,the two-step traceback scheme has the benefits of quick convergence speed,light computational overhead and low false positive. So it is possible to trace the DDoS source on a real-time basis.
出处
《小型微型计算机系统》
CSCD
北大核心
2006年第6期1072-1076,共5页
Journal of Chinese Computer Systems
