摘要
基于源端网络的DDoS防御是一种检测和阻断DDoS攻击源的主动防御策略。以TCP报文的收发比为衡量指标,通过模拟仿真对比研究了匀速发送和组群式发送下DDoS攻击流在其源端网络中的可检测性。基于NS-2的模拟检测结果表明:(1)匀速发送下DDoS攻击流无法兼顾强破坏性和弱可检测性,降低攻击源发送速率并非是增强匀速攻击流隐蔽性的一种理想选择;(2)组群式发送下,DDoS攻击流可以在保持攻击破坏性的同时,通过灵活的组群配置来降低攻击流的可检测性,其中,增加攻击组数目并同时增加攻击源总数是增强攻击流隐蔽性的一种较为有效的方式。
Defense of DDoS attacks at their source-end networks is a kind of proactive defense to detect and block DDoS traffic. A comparative study was made on the detectability of constant rate DDoS attacks and grouped DDoS attacks based on the discrepancy in the number of packets sent to and received from a specific destination. Simulation results show that ( 1 ) there is a tradeoff between detectability of constant rate attacks and their destruction, and decreasing at- tack rate is not an ideal solution to enhance concealment of the attacks ; (2) detectability of grouped attacks can be re- duced by flexible group configurations with no loss of the attack destruction, among which increasing attack groups and attack sources is an effective solution.
出处
《山东大学学报(理学版)》
CAS
CSCD
北大核心
2012年第11期50-53,66,共5页
Journal of Shandong University(Natural Science)
基金
辽宁省博士科研启动基金资助项目(20111022)
