期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于SDN构架的DoS/DDoS攻击检测与防御体系 被引量:6

DoS/DDoS attack detection and defense system based on SDN architectures
在线阅读 下载PDF
导出
摘要 针对Do S/DDo S的攻击检测算法大多应用于攻击的目的端,只能实现检测效果、并不能缓解攻击的问题,提出利用SDN架构的集中控制等特点,在攻击的源头实现流量实时监控,使用源IP防伪、接入层异常检测、链路流量异常检测形成多重防御体系,尽可能早地发现攻击,逐渐过滤异常流量,实现网络层DDo S攻击在源端的检测和防御。提出防御体系概念,便于应用更先进的检测算法完善防御体系。 Most of current DoS/DDoS attack detection algorithms apply to the destination of attack, which only perform detection rather than mitigation. In this paper, we proposed a multi-level defense system which performs real-time traffic monitoring at the source of attack leveraging centralized control of SDN architecture. Combining methods of antilP spoofing, access layertraffic detec- tion and link traffic detection, our system achieves early detection of attack, filters anomaly traffic gradually, thus detects and miti- gates network layer DDoS attack at the source. Furthermore, we proposed the defense architecture concept, which helps to improve our defense system with more advanced algorithms in future.
作者 张世轩 刘静 赖英旭 何运 杨盼
机构地区 北京工业大学计算机学院
出处 《电子技术应用》 北大核心 2015年第12期113-115,119,共4页 Application of Electronic Technique
关键词 软件定义网络 拒绝服务攻击 异常流量检测 防御体系 software defined network distributed denial of service traffic anomaly detection defense system
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献7

二级参考文献91

  • 1赵阔,胡亮,李博,孔令治,徐虹晶.基于CASL的入侵检测系统测试[J].吉林大学学报(信息科学版),2005,23(1):50-58. 被引量:5
  • 2冯登国.计算机通信网络安全[M].北京:清华大学出版社,2004.
  • 3DAVIES J. UNDERSTANDING IPv6 [ M]. Redmond, Washington State: Microsoft Press, 2004.
  • 4YANG X Y, ZENG M, ZHAO R, et al. A Novel LMS Method for Real-Time Network Traffic Prediction [ C ] //Lecture Notes in Computer Science. [ S. l. ] : Springer-Verlag Heidelberg, 2004: 127-136.
  • 5KENT S, ATKINSON R. Security Architecture for the Internet Protocol [ EB/OL]. (1998-01). [2007-12 ]. http. //www. faqs. org/rfcs/rfc2401. html.
  • 6XIANG Y, LIN Y, LEI W L, et al. Detecting DDOS Attack Based on Network Self-Similarity [J]. IEEE Proceedings-Communications, 2004, 151 (3): 292-295.
  • 7MIRKOVIC J, MARTIN J, REIHER P. A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms [ C ] //ACM SIGCOMM Computer Communication Review. Portland : ACM Press, 2004 . 39-53.
  • 8JIN S Y, YEUNG D S. A Covariance Analysis Model for DDoS Attack Detection [ C ] //Communications, 2004 IEEE Int'l Conf. Paris : IEEE Communications Society, 2004, 4 : 1882-1886.
  • 9CHAN EYK, CHAN H W, CHAN K M, et al. IDR: An Intrusion Detection Router for Defending Against Distributed Denial- of-Service (DDoS) Attacks [ C] //Proceedings of the 7th International Symposium on Parallel Architectures, Algorithms and Networks (ISPAN04). [S. l. ] : IEEE CS Press, 2004: 581-586.
  • 10CARDENAS A A, BARAS J S, RAMEZANI V. Distributed Change Detection for Worms, DDoS and Other Network Attacks [C] //Proceedings of the 2004 American Control Conference. Boston, MA: [s. n. ], 2004, 2: 1008-1013.

共引文献464

同被引文献22

引证文献6

二级引证文献10

电子技术应用
2015年 第12期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部