期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于路由器流量分析的DDoS反向追踪 被引量:1

DDoS traceback based on router traffic analysis
下载PDF
导出
摘要 提出了一种能够基于路由器流量分析的DDoS反向追踪方法.在DDoS攻击发生时,通过输入调试回溯到所有发往受害者流量的入口路由器,然后分析每个入口路由器流量中是否存在攻击流量,从而确定所有攻击流量入口路由器.文中给出了基于流量自相似的攻击流量检测算法,设计了基于蜜罐群的路由器攻击流量检测与追踪平台,并对该追踪方法进行了性能分析.结果表明,提出的反向追踪方法可以精确追踪到全部DDoS攻击流量的入口路由器. DDoS traceback approach based on router traffic analysis was proposed according to DDoS attack's traffic characteristic. After every access router sending traffic to victim was found out by input debugging process, access routers sending DDoS attack traffic are ascertained by traffic analysis. The DDoS attack traffic detection algorithm based on self-similarity was introduced, and a honeypots group platform was designed for traffic analysis and traceback. At last the capability of this traceback approach was analyzed. The result shows that the approach can trace back all the access routers sending DDoS attack traffic accurately.
作者 张登银 刘宇 骆涛 王汝传
机构地区 南京邮电大学计算机学院
出处 《江苏大学学报(自然科学版)》 EI CAS 北大核心 2007年第6期516-519,共4页 Journal of Jiangsu University:Natural Science Edition
基金 国家自然科学基金资助项目(60573141) 国家863计划项目(2005AA775050) 江苏省高技术研究发展计划项目(BG2005037)
关键词 拒绝服务攻击 反向追踪 蜜罐 自相似性 路由器 distributed denial of service (DDoS) attacks traceback honeypot self-similarity router
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献8

  • 1Lawrence A Gordon,Martin P Loeb,William Lucyshyn,et al.2004 CSI/FBI computer crime and security survey[R].Technical Report,Computer Security Institute,2004.
  • 2Will E Taqqu,Waiter Daniel V.On the self-similar nature of ethernet traffic (extended version)[J].IEEE/ACM Transactions on Networking,1994,2(1):1-15.
  • 3任勋益,王汝传,王海艳.基于自相似检测DDoS攻击的小波分析方法[J].通信学报,2006,27(5):6-11. 被引量:56
  • 4尤元建,毕建良,邹荣金.入侵监测——陷阱技术分析及实现[J].江苏理工大学学报(自然科学版),2002,23(1):87-90. 被引量:4
  • 5周莲英,刘凤玉,朱浩.基于协作Agent的分布式入侵检测系统[J].江苏大学学报(自然科学版),2005,26(2):162-165. 被引量:2
  • 6Zhang Feng,Zhou Shijie,Qin Zhiguang,et al.Honeypot:a supplemented active defense system for network security[C]∥Proceedings of the Fourth International Conference.Sichuan:Chengdu,2003.
  • 7Weiler N.Honeypots for distributed denial of service attacks[C]∥Proceedings of IEEE WET ICE Workshop on Enterprise Security.USA:Pitsburgh,PA,2002.
  • 8Kuznetsov V,Simkin A,Sandstrom H.An evaluation of different Ip traceback approaches[C]∥Proc of the 4th Intl Conf on Information and Communications Security.New York:Springer,2002.

二级参考文献21

  • 1孙钦东,张德运,高鹏.基于时间序列分析的分布式拒绝服务攻击检测[J].计算机学报,2005,28(5):767-773. 被引量:55
  • 2Donn B Parker 刘希良等(译).反计算机犯罪[M].北京:电子工业出版社,1999..
  • 3Derek Atkins 严伟等(译).Internet专业参考手册[M].北京:机械工业出版社,1998..
  • 4董晓梅 王丽娜 于戈.基于XML消息交换的分布式协作入侵检测模型[A]..信息和通信安全[C].CCICS",2003..
  • 5HELMER Guy,WRONG Johnny,MADAKA Subhasri.Anomalous intrusion detection system for hostile java-applets[J].The Journal of Systems and Software,2001,18(6):55-273.
  • 6DASGUPTA Dipankar.Immunity-based intrusion detection systems:A general framework[A].In:The 22nd National Information Systems Security Conference[C].NISSC,1999.
  • 7CHANG R K C.Defending against flooding-based distributed denial-of-service attack:a tutorial[J].IEEE Comm Magazine,2002,40(10):42-51.
  • 8LAU F,RUBIN S H,SMITH M H.Distributed denial of service attacks[A].Proceedings of the IEEE International Conference on Systems,Man,and Cybernetics[C].Nashville,2000.2275-2280.
  • 9LELAND W,TAQQU M,WILLINGER W.On the self-similar nature of Ethernet traffic (Extended Version)[J].IEEE/ACM Trans on Networking,1994,2(1):1-15.
  • 10PAXSON V,FLOYD S.Wide area traffic:the failure of poisson modeling[J].IEEE/ACM Trans on Networking,1995,3(3):226-244.

共引文献59

同被引文献16

  • 1孙知信,唐益慰,程媛.基于改进CUSUM算法的路由器异常流量检测[J].软件学报,2005,16(12):2117-2123. 被引量:27
  • 2张登银,许芳颂.端口扫描与反扫描技术研究[J].南京邮电学院学报(自然科学版),2005,25(6):54-58. 被引量:6
  • 3LAKHINA A, CROVELLA M, DIOT C. Diagnosing network-widetraffic anomalies[C] //SIGCOMM. 2004:224 -235.
  • 4TORRES R, HAJJAT M. Inferring undesirable behavior from P2P traffic analysis[C] //SIGMETRICS. 2009 : 156 - 167.
  • 5LI M,LI J, ZHAO W. Experimental study of DDoS attacking of floodType based on NS2 [ J] . Int J Electronics and Computers,2009,1(2) :143 -152.
  • 6CHENG Xiaorong, XIE Kun. Network Traffic Anomaly Detection Based on Self-Similarity Using HHT and Wavelet Transform[ C] // Fifth International Conference on Information Assurance and Securi- ty. Washington DC,USA,2009:710-713.
  • 7ZHANG Y, GE Z. Network anomography [ C] // Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement (IMC ,05).2005-.317 -330.
  • 8LAKHINA A,CROVELLA M. Mining Anomalies Using Traffic Fea- ture Distribution[ C] //Proceedings of the 2005 Conference on Ap- plications ,Technologies, Architectures, and Protocols for Computer Communications. 2005:217 - 228.
  • 9NGUYEN H,NAUYEN T V,KIM D H,et al. Network Traffic A- nomalies Detection and Identification with Flow Monitoring[C] // IEEE Wireless and Optical Communications Networks. Indonnesia, 2008;1 -5.
  • 10SIRIS V A. Application of anomaly detection algorithms for detec-tion SYN flooding attacks [ J] . Computer Communications ,2004,29 (9):1433 -1443.

引证文献1

二级引证文献8

江苏大学学报(自然科学版)
2007年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部