低速率TCP拒绝服务攻击的检测响应机制被引量：5

Detection and response of low-rate TCP-targeted denial of service attacks

下载PDF

导出

摘要低速率TCP拒绝服务攻击利用传输控制协议(TCP)重传超时机制,爆发时会严重降低合法TCP流吞吐量的流量特性.分析发现,合法流量和包含攻击包流量采样在功率谱密度上存在显著差异.通过分析大量历史数据中这种差异的统计特性,提出了以低频功率和为指标的检测方法.同时基于现有的漏桶限流和增加路由器接收缓存的响应方法,提出了结合包队列和漏桶的响应方法,主要原理是在漏桶周期性平滑流量的同时,将多余流量暂存在一个包队列中以在下一个周期发送.数学分析证明了该响应方法具有合理的资源要求.仿真实验表明,提出的检测方法具有极低的漏报率和误报率,与已有的典型方法相比,提出的响应方法能够在具有一般性的攻击场景下更加有效地抑制攻击流量,并且在已有方法失效的情况下仍能保证吞吐量维持在接近正常的水平. Low rate TCP-targeted denial of service （DOS） attack makes use of time-out and retransmission mechanism in transmission control protocol （TCP） and could severely decrease the throughput of legitimate TCP traffic. With its attacking traffic pattern, obvious difference was found between the power spectrum density （PSD） of legitimate and attack traffic samples. The statistical characteristic of this difference in history data was analyzed, arid a detection method using the summation of low frequency was proposed. Meanwhile, based on the methods of leak bucket and the increasing of routing buffer, a response method was provided, which uses leak bucket periodically for smoothing the flow and uses buffer for holding extra traffic to send in next period, and its reasonable resource requirement was proved. Simulations show that for more general attack scenarios than the existing methods, the detection method has very low positive and negative false ratio, and the response method can depress attack flows more effectively than the previous methods and maintain the iegitimate throughput in a normal level while the orevious methods failed.

作者魏蔚董亚波鲁东明金光

机构地区浙江大学计算机科学与技术学院宁波大学信息科学与工程学院

出处《浙江大学学报（工学版）》 EI CAS CSCD 北大核心 2008年第5期757-762,814,共7页 Journal of Zhejiang University：Engineering Science

基金国家自然科学基金资助项目(60503061) 浙江省自然科学基金资助项目(Y104437,Y106023) 浙江省科技计划资助项目(2005C33034) 新世纪优秀人才支持计划资助项目(NCET-04-0535) 浙江省新世纪151人才工程资助项目宁波市自然科学基金资助项目(2006A610014)

关键词拒绝服务功率谱密度漏桶 denial of service （DOS） power spectrum density （PSD） leaky bucket

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献11

1KUZMANOVIC A, KNIGHTLY E. Low-rate TCP-targeted denial of service attacks and counter strategies [J]. IEEE/ACM Transactions on Networking, 2006, 14 (4) : 683 - 696.
2POSTEL J. Internet RFC 793, Transmission control[EB/OL]. [1981-09-18]. http://www.faqs. org/rfcs/ rfc793.html.
3SHEVTEKAR A, KARUNAKAR A, ANSARI N. Low rate TCP denial-of-service attack detection at edge routers [J]. IEEE Communications Letters, 2005, 9 (4): 363- 365.
4LUO X, CHANG R K C. On a new class of pulsing denial-of-service attacks and the defense [C] //Proceeding Network and Distributed System Security Symposium. San Diego: Internet Society, 2005. 67- 85.
5CHEN Y, KWOK Y K, HWANG K. Filtering shrew DDoS attacks using a new frequency-domain approach[C]//Proceeding of IEEE Conference on Local Computer Networks. Tampa:IEEE, 2005 : 786 - 793.
6SUN H, LUI J C S, YAU D K Y. Defending against low-rate TCP attacks: dynamic detection and protection[C] // Proceeding of IEEE International Conference on Network Protocols. Berlin, IEEE. 2004:196- 205.
7SARAT S, TERZIS A. On the effect of router buffer sizes on low-rate denial of service attacks [C]//Proceeding of International Conference on Computer Communications and Networks. San Diego: IEEE, 2005:281-286.
8TSAO J, EFSTATHOPOULOS P. Low-rate TCP-targeted denial of service attack defense[EB/OL]. [2003-09-18]. http://www.cs. ucla. edu/-pefstath/ papers/lowrate.pdf.
9YANG G, GERLA M, SANADIDI M P. Defense against low-rate TCP targeted denial-of-service attacks[C]//Proceeding of International Symposium on Computers and Communications. Alexandria: IEEE, 2004:345-350.
10HUSSAIN A, HEIDEMANN J, PAPADOPOULOS C. Distinguishing between single and multi-source attacks using signal processing [J]. Computer Networks, 2004, 46(4) : 479 - 503.

同被引文献46

1Kuzmanovic A, Knightly E W. Low-rate TCP-targeted denial of service attacks and counter strategies[J].IEEE/ACM Transactions on Networking, 2006, 14(4): 683-696.
2Guirguis M, Bestavros A, Matta I. Exploiting the transients of adaptation for RoQ attacks on internet resources[C]//Proceedings of the 12th IEEE International Conference on Network Protocols. Berlin: IEEE Computer Society, 2004:184-195.
3Guirguis M, Bestavros A, Matta I, et al. Reduction of quality (RoQ) attacks on internet end-systems [C]// Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies. Miami: IEEE Computer Society, 2005: 1 362-1 372.
4Luo X, Chang R. On a new class of pulsing denial-ofservice attacks and the defense[C]// Proceedings of Network and Distributed System Security Symposium. San Diego: Internet Society, 2005:67-85.
5Zhang Ying, Mao Z M, Wang Jia. Low-rate TCP- targeted DoS attack disrupts internet routing[C]// Proceedings of Network and Distributed System Security Symposium. San Diego: Internet Society, 2007: 135-146.
6Sun H, Lui J, Yau D. Defending against low-rate TCP attacks: dynamic detection and protection[C]// Proceedings of the 12th IEEE International Conference on Network Protocols. Berlin: IEEE Computer Society, 2004:196-205.
7Chen Y, Hwang K. Collaborative detection and filtering of shrew DDoS attacks using spectral analysis [J]. Journal of Parallel and Distributed Computing, 2006. 66(9): 1 137-1 151.
8Kwok Y K, Tripathi R, Chen Yu. Halting anomalies with weighted choking to rescue well-behaved TCP sessions from shrew DDoS attacks[C]// Proceedings of Networking and Mobile Computing. Zhangjiajie:Lecture Notes in Computer Science, 2005:423-432.
9Dong K, Yang S B, Wang S L. Analysis of low-rate TCP DoS attack against FAST TCP[C] // Proceedings of the Sixth International Conference on Intelligent Systems Design and Applications. Jinan:IEEE Computer Society, 2006:86- 91.
10Wei Wei, Dong Yabo, Lu Dongming, et al. A novel mechanism to defend against low-rate denial-of-service attacks[C]// Proceedings of Intelligence and Security Informatics. San Diego: Lecture Notes in Computer Science, 2006: 261-271.

引证文献5

1吴黎兵,徐翱,何炎祥,王超.针对RED的LDoS攻击模型[J].华中科技大学学报（自然科学版）,2010,38(9):50-54.
2吴志军,曾化龙,岳猛.基于时间窗统计的LDoS攻击检测方法的研究[J].通信学报,2010,31(12):55-62. 被引量：7
3马建红,姬莉霞,文坤.Shrew攻击对拥塞控制协议的影响及仿真分析[J].河南科技大学学报（自然科学版）,2013,34(4):51-56. 被引量：2
4文坤,杨家海,张宾.低速率拒绝服务攻击研究与进展综述[J].软件学报,2014,25(3):591-605. 被引量：27
5赵阳,许晓东.针对HTTP协议的LDOS攻击建模与评估[J].软件导刊,2017,16(3):149-152.

二级引证文献33

1马建红,姬莉霞,文坤.Shrew攻击对拥塞控制协议的影响及仿真分析[J].河南科技大学学报（自然科学版）,2013,34(4):51-56. 被引量：2
2文坤,杨家海,张宾.低速率拒绝服务攻击研究与进展综述[J].软件学报,2014,25(3):591-605. 被引量：27
3苗甫,张连成,郭毅,王禹,王振兴.基于突变平衡态理论的BGP-LDoS攻击检测方法[J].软件学报,2018,29(12):3853-3867. 被引量：2
4文坤,杨家海,程凤娟,尹辉,王健峰.骨干网络中RoQ攻击的监测、定位和识别[J].计算机研究与发展,2015,52(4):813-822. 被引量：5
5刘解放,赵斌,周宁.信息中心网络架构NetInf安全性改进研究[J].计算机应用研究,2015,32(11):3416-3420.
6鲍瀛,华履春,曹磊.掌上医院系统部署安全策略研究与探讨[J].中国卫生信息管理杂志,2015,12(5):454-458. 被引量：16
7张晓瑜,吴志军,岳猛,闫长灿.基于网络流量奇异性特征的LDoS攻击检测方法[J].计算机工程与设计,2016,37(1):50-54. 被引量：10
8罗宇红,段少军,张二松,李子涛,王华磊,申月波.移动医疗医院信息网络安全分析及措施[J].中国医学装备,2016,13(6):19-22. 被引量：16
9李昆仑,董宁,关立伟,郭昌隆.一种改进Kohonen网络的DoS攻击检测算法[J].小型微型计算机系统,2017,38(3):450-454. 被引量：13
10王红凯,黄益彬,马志程.电网信息安全设备联动关键技术[J].计算机与现代化,2017(2):57-60. 被引量：4

1谭献海,孙慧丽,黎燕敏,金炜东.自相似业务网络性能分析[J].计算机工程与设计,2007,28(19):4642-4644. 被引量：1
2李伦,谭明剑,李晓勇,何亦征.基于软件的实时交换式以太网的实现[J].微型电脑应用,2005,21(8):54-56.
3谢明,叶梧,冯穗力,艾育华.漏桶整形下的自相似业务流特性分析(英文)[J].科学技术与工程,2006,6(14):2068-2071.
4刘红娟,马飞,武楠.基于LabVIEW的菜单设计及其响应方法研究[J].仪器仪表用户,2008,15(4):116-117. 被引量：2
5徐梦茗,曾家智.微通信元系统构架下拥塞控制服务元的设计[J].四川大学学报（自然科学版）,2004,41(4):749-753.
6刘治国,史二鑫,马悦.基于动态令牌桶的卫星网络带宽分配方法[J].计算机工程,2016,42(2):93-97. 被引量：7
7翁永前,许家.关于漏桶监管机制的研究[J].实验科学与技术,2007,5(2):34-35.
8张文波,谭小波.一种改进的无线通信网络带宽分配方法[J].宇航学报,2012,33(12):1762-1767. 被引量：2
9段成林,徐立亚,白英彩.受漏桶约束的会话特性[J].上海交通大学学报,1998,32(6):53-56. 被引量：1
10关绍颖,王光兴.基于速率控制策略的ATM网络流量控制[J].大连轻工业学院学报,1997,16(3):51-56.

浙江大学学报（工学版）

2008年第5期

浏览历史

内容加载中请稍等...

低速率TCP拒绝服务攻击的检测响应机制被引量：5

参考文献11

同被引文献46

引证文献5

二级引证文献33

相关作者

相关机构

相关主题

浏览历史

低速率TCP拒绝服务攻击的检测响应机制 被引量：5

参考文献11

同被引文献46

引证文献5

二级引证文献33

相关作者

相关机构

相关主题

浏览历史

低速率TCP拒绝服务攻击的检测响应机制被引量：5