计算机工程与应用
計算機工程與應用
계산궤공정여응용
COMPUTER ENGINEERING AND APPLICATIONS
2014年
5期
74-78
,共5页
黄鲁娟%金光%何加铭%江先亮
黃魯娟%金光%何加銘%江先亮
황로연%금광%하가명%강선량
网络安全%分布式拒绝服务攻击%确定分组标记%路径标识
網絡安全%分佈式拒絕服務攻擊%確定分組標記%路徑標識
망락안전%분포식거절복무공격%학정분조표기%로경표식
networks security%Distributed Denial of Service(DDoS) attacks%Deterministic Packet Marking(DPM)%Path identification(Pi)
提出了一种新的结合确定包标记和路径标识的方案,其在源边界路由器以概率形式选择执行确定性包标记或路径标识。该方案以下游网络拥塞程度和路径追溯结果为依据,动态调整数据包标记操作,并在受害主机处根据不同的标记策略采取不同的防御措施。基于大规模权威因特网拓扑数据集的仿真实验表明,该方案防御效果较好,能有效减轻受害主机遭受DDoS攻击的影响。
提齣瞭一種新的結閤確定包標記和路徑標識的方案,其在源邊界路由器以概率形式選擇執行確定性包標記或路徑標識。該方案以下遊網絡擁塞程度和路徑追溯結果為依據,動態調整數據包標記操作,併在受害主機處根據不同的標記策略採取不同的防禦措施。基于大規模權威因特網拓撲數據集的倣真實驗錶明,該方案防禦效果較好,能有效減輕受害主機遭受DDoS攻擊的影響。
제출료일충신적결합학정포표기화로경표식적방안,기재원변계로유기이개솔형식선택집행학정성포표기혹로경표식。해방안이하유망락옹새정도화로경추소결과위의거,동태조정수거포표기조작,병재수해주궤처근거불동적표기책략채취불동적방어조시。기우대규모권위인특망탁복수거집적방진실험표명,해방안방어효과교호,능유효감경수해주궤조수DDoS공격적영향。
A novel idea jointed deterministic packet marking and path identification is proposed. In this scheme, source border routers mark packets with either deterministic packet marking or path identification in the form of probability. Based on downstream network congestion tolerance and IP traceback consequence, routers dynamically adjust the propor-tion of package marking. Then the victim takes different actions according to different marking content. The results of large-scale simulations with Skitter, authoritative Internet topologies dataset, show the scheme is effective to defend DDoS attack, and alleviate attack impacts on the victim.
