摘要
提出了一种基于汇聚流回推的DDoS(DistributedDenialofService)综合防御方案。此方案对本地路由器上的汇聚流及其上游汇聚流回推树上第n层路由器上的汇聚流进行分布限速,以达到抵御DDoS攻击的目的。给出了汇聚流限流算法和回推汇聚流所需的反向汇聚流往返树的构建算法。汇聚流限流算法旨在最大限度地限制DDoS流,同时保护正常的用户流。反向汇聚流往返树的构建算法通过动态地探测高流量的汇聚流路径,将自动生成回推汇聚流所需的反向汇聚流往返树。
A new combined method of DDoS defense based on pushback of aggregated traffic was proposed. The distributed traffic limit were made in the edge router where DDoS traffics aggregated and in the level-n of the reverse aggregate traversal tree to offend the DDoS attack. Both algorithms for limiting traffic and constructing reverse aggregate traversal tree were described. The former can limit the DDoS traffic as more as possible and prevent the good traffic of users at the same time, and the latter can build the reverse aggregate traversal tree to be needed in pushbacking the aggregated traffic by detecting the path of the high aggregated traffic.
出处
《计算机应用》
CSCD
北大核心
2005年第7期1531-1534,共4页
journal of Computer Applications
基金
国家自然科学基金资助项目(90304011)
广东省自然科学基金项目(04009747)
珠海市科技计划项目(PC20041100)
关键词
DDOS
回推
基于汇聚流的拥塞控制
汇聚树探测
DDoS(Distributed Denial of Service)
pushback
aggregate-based congestion control(ACC)
aggregate initiation detection (AID)
