期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于可信度的应用层DDoS攻击防御方法 被引量:4

Defence scheme against application layer DDoS attacks based on credit probability
在线阅读 下载PDF
导出
摘要 针对应用层DDoS(application layer DDoS,App-DDoS)攻击行为的特点,提出了一种基于可信度的App-DDoS攻击防御方法。该方法从服务请求的速率和负载两个方面,统计分析正常用户的数据分布规律,并以此作为确定会话可信度的依据。调度策略再根据会话可信度实现对攻击的防御。最后,通过模拟攻击实验验证了防御方法的有效性。实验结果证明了该方法能够快速有效地实现对App-DDoS攻击的防御。 The characteristic of attack behavior is discussed and a defence scheme for application layer DDoS (App-DDoS) attack defending is presented based on credit probability. The scheme emploied statistical analysis of data from normal users to find the probability distributions of data of normal behavior, utilizing rate and workload of request data. The probability distributions are the evidence for setting credit probability ofsessions. Thescheduling policies realized the defence of attacks based on credit probability of sessions. Also, the feasibility of the scheme is validated through the simulated test. The experimental results show the effectiveness of the scheme in defending the App-DDoS attacks.
作者 嵇海进 蔡明
机构地区 江南大学信息工程学院 江南大学信息化管理中心
出处 《计算机工程与设计》 CSCD 北大核心 2007年第19期4619-4621,4636,共4页 Computer Engineering and Design
关键词 可信度 应用层分布式拒绝服务 统计分析 攻击防御 分布式拒绝服务 credit probability App-DDoS statistical analysis attack defending DDoS
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献8

  • 1Ranjan S,Karrer R,Knightly E.Wide area redirection of dynamic content in internet data centers[C].Hong Kong:Proceedings of IEEE INFOCOM,2004:816-826.
  • 2林梅琴,李志蜀,袁小铃,周密,王雪松,童铭.分布式拒绝服务攻击及防范研究[J].计算机应用研究,2006,23(8):136-138. 被引量:11
  • 3吴庆涛,张有根,邵志清.基于网络连接统计的分布式拒绝服务攻击检测[J].华东理工大学学报(自然科学版),2006,32(5):583-586. 被引量:4
  • 4Savage S,Wetherall D,Karlin A.Network support for IP traceback[J].IEEE/ACM Transactions on Networking,2001,9 (3):226-237.
  • 5Feinstein L,Schnackenberg D,Balupari R,et al.Statistical approaches to DDoS attack detection and response[C].Washington:Proceedings of the DARPA Information Survivability Conference and Exposition,2003:303-314.
  • 6Mirkovic J,Prier G,Reiher P L.Attacking DDoS at the source[C].Paris:Proceedings of the 10th IEEE International Conference on Network Protocols,2002:312-321.
  • 7Ranjan S,Swaminathan R,Uysal M.DDoS-resilient scheduling to counter application layer attacks under imperfect detection[C].Barcelona:Proceedings of IEEE INFOCOM,2006.
  • 8李文中,郭胜,许平,陆桑璐,陈道蓄.服务组合中一种自适应的负载均衡算法[J].软件学报,2006,17(5):1068-1077. 被引量:41

二级参考文献15

  • 1郭成城,晏蒲柳.一种异构Web服务器集群动态负载均衡算法[J].计算机学报,2005,28(2):179-184. 被引量:72
  • 2David Dittrlch.分布式拒绝服务(DDoS)攻击工具分析—TFN2k[EB/OL].http://www.chinaitab.com/www/news/article_show.asp?id=5336,2002.
  • 3徐一丁..分布式拒绝服务攻击(DDoS)原理及防范[EB/OL]..http://www-900.ibm.com/developerWorks/cn/security/se-ddos/index.shtml,,2002..
  • 4[美]Stuart McClure,Joel Scambray,George Kurtz.黑客大曝光[M].刘江,扬继张,钟向群.北京:清华大学出版社,2003.352—359.
  • 5甘冀平.典型DoS攻击原理及抵御措施[EB/OL].http://www.enet.com.cn/eschool/inforcenter/A20040227289880_2.html,2005.
  • 6Tao Peng,Christopher Leckie,Kotagiri Ramamohanarao.Proactively detecting distributed denial of service attacks using source IP address monitoring[A].Third International IFIP-TC6 Networking Conference[C].Berlin:Springer,2004.771-782.
  • 7Kihong Park,Heejo Lee.On the effectiveness of router-based packet filtering for distributed dos attack prevention in power-law internets[A].Proceedings of the 2001 ACM SIGCOMM Conference[C].San Diego,California:ACM,2001.15-26.
  • 8Rudolf B,Blǎzek,Hongjoong Kim,et al.A novel approach to detection of "denial-of-service" attacks via adaptive sequential and batch sequential change-point detection methods[A].Proceedings of IEEE Systems,Man and Cybemetics Information Assurance Workshop[C].New York:IEEE Computer Society Press,2001.220-226.
  • 9Ratul Mahajan,Bellovin S M,Sally Floyd,et al.Controlling high bandwidth aggregates in the network[J].Computer Communications Review,2002,32(3):62-73.
  • 10Yau D K Y,Lui J C S,Feng L.Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles[A].Proceedings of IEEE International Workshop on Quality of Service (IWQoS)[C].Miami,FL:IEEE/ACM Transactions,2002.35-44.

共引文献53

同被引文献24

引证文献4

二级引证文献9

计算机工程与设计
2007年 第19期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部