摘要
确定包标记算法只需要边界路由器进行标记,可以对只使用少量包的拒绝服务攻击进行追踪,能同时追踪上千个攻击者,并且易于实现.针对确定包标记算法中,被攻击者控制的路由器(边界路由器或中间路由器)修改标记或加入伪造包,进而妨碍受害者重构入口地址的问题,提出了新的基于MAC认证的确定包标记算法.研究表明,认证确定包标记算法提供了足够的安全性,能有效阻止子网内的攻击者或傀儡路由器伪造虚假的标记,从而保证了受害者端地址重构的准确性.
Deterministic packet marking (DPM) algorithm only requires edge routers to perform packet marking and can trace a large number of attackers simultaneously with only a few packets from each attacker. For that, compromised routers, either edge routers or transit routers, can easily forge packet markings to prevent the victim performing reconstruction successfully. For that, a new scheme, namely MAC - based Authenticated DPM ( ADPM ), is pro- posed. Researches indicate that ADPM algorithm supplies sufficient security that attackers in subnets or compromised routers cannot forge markings, which assures the veracity of address reconstruction at the victim.
出处
《南京师范大学学报(工程技术版)》
CAS
2007年第2期67-71,共5页
Journal of Nanjing Normal University(Engineering and Technology Edition)
基金
江苏省高校自然科学基金(04KJD520106)资助项目
关键词
拒绝服务攻击
IP追踪
确定包标记
基于MAC的认证
denial of service attack, IP traceback, deterministic packet marking, MAC - based authentication
