摘要
提出了基于聚集和协议分析防御分布式拒绝服务攻击(aggregate-based protocol analysis anti-DDoS,简称APA-ANTI-DdoS)模型来检测和防御DDoS攻击.APA-ANTI-DDoS模型包括异常流量聚集、协议分析和流量处理.异常流量聚积把网络流量分为正常流量和异常流量;协议分析寻找异常流量中DDoS攻击流量的特征;流量处理则根据当前的DDoS攻击流量特征,过滤异常流量并测试当前聚积流量的拥塞控制特性,恢复被误判的流量.随后实现了APA-ANTI-DDoS系统.实验结果表明,APA-ANTI-DDoS模型能很好地识别和防御DDoS攻击,能在误判时恢复非攻击流量,保证合法的正常网络通信.
This paper presents the APA-ANTI-DDoS (aggregate-based protocol analysis anti-DDoS) model to detect and defend the DDoS attack. APA-ANTI-DDoS model contains the abnormal traffic aggregate module, the protocol analysis module and the traffic processing module. The abnormal traffic aggregate module classifies the network traffic into normal traffic and the abnormal traffic; the protocol analysis module analyzes the potential features of DDoS attack traffic in the abnormal traffic; the traffic processing module filters the abnormal traffic according to the current features of DDoS attack, and resumes the non-attack traffic with the help of testing the congestion control feature of the traffic. The paper then implements the APA-ANTI-DDoS system. The experimental results show that APA-ANTI-DDoS model can primely detect and defend DDoS attack and resume the non-attack traffic at the time of miscarriage of justice to guarantee the legal communication traffic.
出处
《软件学报》
EI
CSCD
北大核心
2007年第9期2245-2258,共14页
Journal of Software
基金
Supported by the National Natural Science Foundation of China under Grant No.60572131(国家自然科学基金)
the Key Technologies R&D Program of Jiangsu Province of China under Grant No.BE2007058(江苏省科技攻关项目)
the Scientific Research Foundation for the Returned Overseas Chinese Scholars
Ministry of Education of China and Nanjing Government(国家教育部和南京市回国人员基金)
the Scientific Development Foundation of Government(南京市科技发展计划)
the Scientific Research Foundation of NJUPT under Grant No.NY206008(南京邮电大学攀登计划)
the Scientific Research Foundation of ZTE and Huawei Corporation of China(中兴及华为基金)
关键词
分布式拒绝服务攻击
拥塞控制
洪流攻击
聚集
异常流量
协议分析
distributed denial of service attack
congestion control
flood attack
aggregate
abnormal traffic
protocol analysis