摘要
拒绝服务 (DoS)攻击是目前最难处理的网络难题之一 .最近 ,研究人员针对DoS攻击提出了多种方案 ,这些方案都各有优缺点 .其中 ,由Savage等人提出的概率包标记方案受到了广泛的重视 ,也有不少的变种出现 .在这一类的标记方案中 ,路由器以固定的概率选择是否标记一个数据包 ,这导致受害需要较多的数据包进行攻击路径的重构 .本文提出一种自适应的标记策略 ,经实验验证受害者用较少的数据包即可重构攻击路径 ,这不仅为受害者及早地响应攻击争取了更多的时间 ,还限制了攻击者的伪造能力 .
Denial of service attack is among the hardest network problems. Several countermeasures are proposed for it in the literature, among which, Probabilistic Packet Marking (PPM) first developed by Savage et al is promising and has many variants. In these marking schemes, router marks packets with a probability which is fixed and uniform. Using fixed probability causes that many packets are needed for a victim to reconstruct the attack path(s). An adaptive marking scheme is given, which reduces the number of packets needed for attack path reconstruction, thus also saves time for the victim and reduces the ability for attackers to spoof.
出处
《电子学报》
EI
CAS
CSCD
北大核心
2004年第8期1334-1337,共4页
Acta Electronica Sinica
基金
国家杰出青年基金 (No 60 0 2 52 0 5)
国家重点基础研究发展规划 973项目 (No G1 9990 3580 2 )
关键词
追踪
DOS
DDOS
拒绝服务
Calculations
Network protocols
Packet networks
Probability
Routers