摘要
提出了一种通用的基于概率包标记大规模DDoS攻击源跟踪方法。相比其他方法,该方法通过引入包标记中继算法既适用于直接类型的DDoS攻击路径恢复,也适用于反射类型的DDoS攻击路径恢复。此外,通过巧妙运用方程组惟一解判定原理对路由IP实施编码,运用基于一次性密钥的HMAC方法对攻击路径的每条边进行编码和验证,不需要ISP路由拓扑,便能够在被攻击点相应的解码并高效可靠地恢复出真实的攻击路径。分析表明,该方法能与IPv4协议较好地兼容,具有较好的抗干扰性。
This paper presented a common marking scheme for large scale DDoS attack source traceback based on PPM. Compared to other schemes, this scheme could be applied to direct and reflected DDoS attack source traceback by using reflection relay algorithm. Furthermore, this scheme encoded the router' s IP using techniques from algebraic coding theory, encoded and authenticated the edge information with HMAC method whose secret key was updated periodically , and could decode the information and reconstruct the attack paths effectively, even without the ISP's router map. Through an analysis, this scheme is robust and compatible with IPv4 protocol.
出处
《计算机应用研究》
CSCD
北大核心
2007年第10期131-134,共4页
Application Research of Computers
基金
国家自然科学基金资助项目(90304010
90104028)