期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

防御DDoS攻击的包标记联合部署方案 被引量:4

DDoS defense with jointed deployment of IP traceback and path identificatio
在线阅读 下载PDF
导出
摘要 提出了一种新的结合确定包标记和路径标识的方案,其在源边界路由器以概率形式选择执行确定性包标记或路径标识。该方案以下游网络拥塞程度和路径追溯结果为依据,动态调整数据包标记操作,并在受害主机处根据不同的标记策略采取不同的防御措施。基于大规模权威因特网拓扑数据集的仿真实验表明,该方案防御效果较好,能有效减轻受害主机遭受DDoS攻击的影响。 A novel idea jointed deterministic packet marking and path identification is proposed. In this scheme, source border routers mark packets with either deterministic packet marking or path identification in the form of probability. Based on downstream network congestion tolerance and IP traceback consequence, routers dynamically adjust the propor-tion of package marking. Then the victim takes different actions according to different marking content. The results of large-scale simulations with Skitter, authoritative Internet topologies dataset, show the scheme is effective to defend DDoS attack, and alleviate attack impacts on the victim.
作者 黄鲁娟 金光 何加铭 江先亮
机构地区 宁波大学信息科学与工程学院 浙江省移动网应用技术重点实验室 宁波大学通信技术研究所
出处 《计算机工程与应用》 CSCD 2014年第5期74-78,共5页 Computer Engineering and Applications
基金 科技部国际合作项目(No.2009DFA12120) 国家科技重大专项(No.2011ZX03002-004-02) 浙江省自然科学基金(No.LY12F02013) 宁波市移动网络应用技术科技创新团队(No.2011B81002)
关键词 网络安全 分布式拒绝服务攻击 确定分组标记 路径标识 DETERMINISTIC PACKET Marking(DPM) Path identification(Pi) networks security Distributed Denial of Service(DDoS) attacks
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1Gao Z Q,Ansari N.A practical and robust inter-domain marking scheme for IP traceback[J].Computer Networks, 2007,51 (3) : 732-750.
  • 2Wang X J, Xiao Y L.1P traceback based on deterministic packet marking and Iogging[C]//SCALCOM-EMBEDDEDCOM' 09, 2009- 178-182.
  • 3Belenky A,Ansari N.On deterministic packet marking[J]. Computer Networks, 2007,51 (10) : 2677-2700.
  • 4WANG Xiao-jing,WANG Xiao-yin.Topology-assisted deterministic packet marking for IP traceback[J].The Journal of China Universities of Posts and Telecommunications,2010,17(2):116-121. 被引量:3
  • 5Yaar A, Perrig A, Song D.StackPi: new packet marking and filtering mechanisms for DDoS and IP spoofing defense[J].IEEE Journal on Selected Areas in Communi- cations, 2006,24(10) : 1853-1863.
  • 6金光,张飞,钱江波,张洪豪.融合路径追溯和标识过滤的DDoS攻击防御方案[J].通信学报,2011,32(2):61-67. 被引量:4
  • 7Durresi A, Paruchufi V, Barolli L.Fast autonomous system traceback[J].Jounal of Network and Computer Applica- tions, 2009,32 (2) : 448-454.
  • 8Jin G,Yang J G.Deterministic packet marking based on redundant decomposition for IP traceback[J].IEEE Com- munications Letters, 2006,10( 3 ) : 204-206.
  • 9金光,杨建刚,李渊,张会展.防御分布式拒绝服务攻击的优化路径标识模型[J].通信学报,2008,29(9):46-53. 被引量:2
  • 10CAIDA[EB/OL]. ( 2008-05-17 ) .http ://www.caida.org.

二级参考文献39

  • 1李金明,王汝传.DDoS攻击源追踪的一种新包标记方案研究[J].通信学报,2005,26(11):18-23. 被引量:13
  • 2孙红杰,方滨兴,张宏莉.基于链路特征的DDoS攻击检测方法[J].通信学报,2007,28(2):88-93. 被引量:11
  • 3Gao Z Q,Ansari N.Tracing cyber attacks from the practical perspective.IEEE Communications Magazine,2005,43(5):123-131.
  • 4Douligeris C,Mitrokotsa A.DDoS attacks and defense mechanisms:Classification and state-of-the-art.Computer Networks,2004,44(4):643-666.
  • 5Belenky A,Ansari N.IP traceback with deterministic packet marking.IEEE Communications Letters,2003,7(4):162-164.
  • 6Belenky A,Ansari N.Tracing multiple attackers with deterministic packet marking (DPM).Proceedings of the 2003 IEEE Pacific Rim Conference on Communications Computers and Signal Processing (PACRIM'03),Aug 28-30,2003,Victoria,Canada.Piscataway,NJ,USA:IEEE,2003:49-52.
  • 7Belenky A,Ansari N.Accommodating fragmentation in deterministic packet marking for IP traceback.Proceedings of Global Telecommunications Conference (GLOBECOM'03),Dec 1-5,2003,San Francisco,CA,USA.Piscataway,NJ,USA:IEEE,2003:1374-1378.
  • 8Jin G,Yang J G.Deterministic packet marking based on redundant decomposition for IP traceback.IEEE Communications Letters,2006,10(3):204-206.
  • 9Song D,Perrig A.Advanced and authenticated marking schemes for IP traceback.Proceedings of the 20th Annual Joint Conference of the IEEE Computer and Communications Societies (Infocom'01),Apr 24-26,2001,Anchorage,AK,USA.Piscataway,NJ,USA:IEEE,2001:878-886.
  • 10Yaar A,Perrig A,Song D.FIT:fast Internet traceback.Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM'05),Mar 13-17,2005,Miami,FL,USA.Piscataway,NJ,USA:IEEE,2005:1395-1406.

共引文献6

同被引文献29

引证文献4

二级引证文献10

计算机工程与应用
2014年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部