期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

低速率拒绝服务LDoS攻击性能的研究 被引量:6

Research on the performance of low-rate DoS attack
下载PDF
导出
摘要 低速率拒绝服务(LDoS,low-rate denial of service)攻击是一种新型的周期性脉冲式DoS攻击。根据LDoS攻击的特点,通过估算正常TCP流的超时重传(RTO,retransmission time out),模拟产生LDoS攻击的周期流量,对网络目标在攻击下的性能进行了测试。重点研究了Web和FTP 2种服务器在LDoS攻击下吞吐量(thoughtout)性能的变化。实验表明,LDoS攻击具有隐蔽性强和破坏力大的特点,比洪(flood)攻击更具有危害性,此研究成果为LDoS攻击的检测和防御提供了依据。 Low-rate denial of service (LDoS) is a new breed of DoS attack with periodic pulse. LDoS attacks appear periodically in low volume, thereby damaging the victim servers for a long time without being detected. The LDoS attack traffic was simulated and generated by estimating the retransmission time out (RTO) of normal TCP flow based on the analysis of LDoS attack features, and the performance of targets under the attacking of LdoS was tested. Experiments focus on the thoughtout testing of Web and FTP server when LDoS attacks launched. Test results show that LDoS could be even more detrimental to network resources than the flooding type of DDoS attacks, because it is harder to be detected by available method. A lot of useful experimental data for future LDoS detection and defense research were presernted.
作者 吴志军 岳猛
机构地区 中国民航大学电子信息工程学院
出处 《通信学报》 EI CSCD 北大核心 2008年第6期87-93,99,共8页 Journal on Communications
基金 国家自然科学基金资助项目(60776808)~~
关键词 低速率 拒绝服务 吞吐量 性能 超时重传 low-rate denial of service thoughtout performance retransmission time out
分类号 TP311.134.3 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献19

  • 1GORDON L, LOEB M, LUCYSHYN W, et al. CSI/FBI computer crime and security survey[EB/OL], http://www.gocsi.com, 2004.
  • 2KUZMANOVIC A, KNIGHTLY E W. Low-rate TCP-targeted denial of service attacks-the shrew vs the mice and elephants[A]. Proceedings of ACM SIGCOMM 2003[C]. Karlsruhe, Germany, 2003. 75-86.
  • 3GABRIEL MACLA-FERNANDEZ, JESUS E, DIAZ-VERDEJO, et al. Evaluation of a low-rate DoS attack against iterafive servers, computer networks[J]. The International Journal of Computer and Networking, 2007, 51(4) :1013-1030
  • 4ZHANG Y, MAO Z M, WANG J. Low-rate tcp-targeted dos attack disrupts internet routing[A]. Proc 14th Annual Network & Distributed System Security Symposium(NDSS'07)[C]. San Diego, CA, USA, 2007.
  • 5LUO X, CHANG R K C. On a new class of pulsing denial-of-service attacks and the defense[A]. Network and Distributed System security symposium (NDSS'05)[C]. San Diego, CA, USA, 2005.
  • 6GUIRGUIS M, BESTAVROS A, MATTA. Bandwidth stealing via link targeted RoQ attacks[A]. Proc 2nd IASTED International Conference on Communication and Computer Networks[C]. Cambridge, MA, 2004.
  • 7CHENG C M, KUNG H, TAN K S. Use of spectral analysis in defense against DoS attacks[A]. Proe IEEE GLOBECOM[C]. Taipei, China, 2002.
  • 8BARFORD E KLINE J, PLONKA D, et al. Signal analysis of network traffic anomalies[A]. ACM Proc Internet Measurement Workshop[C]. Marseille, France, 2002. 71-82.
  • 9GABRIEL MACIA-FERNANDEZ, JESUS E, DIAZ-VERDEJO, PEDRO GARCIA-TEODORO. Mathematical foundations for the design of a low-rate DoS attack to iterative servers[A]. LNCS Information and Communications Security[C]. Speringer, Germany, 2006.282-291.
  • 10LUO X P, CHANG K C, CHAN W W. Performance analysis of TCP/AQM under denial-of-service attacks[A]. Proceedings of the 13th IEEE International Symposium on Modeling, Analysis, and Simulation Atlanta, Georgia, USA, 2005

二级参考文献10

  • 1Kuzmanovic A, Knightly E W. Low-rate TCP-targeted denial of service attacks: the shrew vs the mice and elephants. In: Proceedings of the ACM SIGCOMM 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, Karlsruhe, Germany, August 2003
  • 2Luo X, Chang R K C. On a new class of pulsing denial-of-service attacks and the defense. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium, San Diego, California, USA, February 2005
  • 3Chen Y, Hwang K. Collaborative detection and filtering of shrew DDoS attacks using spectral analysis. Journal of Parallel and Distributed Computing, 2006, 66 (9)
  • 4Kuzmanovic A, Knightly E W. Low-rate TCP-targeted denial of service attacks and counter strategies. IEEE/ACM Transactions on Networking, 2006, 14 (4)
  • 5Guirguis M, Bestavros A, Matta I. Exploiting the transients of adaptation for RoQ attacks on Internet resources. In :Proceedings of the 12th IEEE International Conference on Network Protocols, Berlin, Germany, October 2004
  • 6Sun H, Lui J C S, Yau D K Y. Defending against low-rate TCP attacks: dynamic detection and protection. In:Proceedings of the 12th IEEE International Conference on Network Protocols, Berlin, Germany, October 2004
  • 7Kwok Y K, et al. HAWK: Halting anomaly with weighted choking to rescue well-behaved TCP sessions from shrew DoS attacks. In: Proceeding of International Conference on Computer Networks and Mobile Computing 2005, Zhangjiajie, China, Aug 2005
  • 8Luo X, et al. Vanguard: a new detection scheme for a class of TCP-targeted denial-of-service attacks. In: Proceeding of the 10th IEEE/IFIP Network Operations and Management Symposium, Vancouver, Canada, April 2006
  • 9Sun H, Lui J C S, Yau D K Y. Distributed mechanism in detecting and defending against the low-rate TCP attack. Computer Networks: The International Journal of Computer and Telecommunications Networking, 2006, 50(13)
  • 10Yu S Z , Kobayashi H. A hidden semi-Markov model with missing data and multiple observation sequences for mobility tracking. Signal Processing,2003, 83(2)

共引文献3

同被引文献53

  • 1谢逸,余顺争.新网络环境下应用层DDoS攻击的剖析与防御[J].电信科学,2007,23(1):89-93. 被引量:15
  • 2黄力.基于分布式群身份认证的传感器网络设计与实现[J].计算机工程,2007,33(10):161-163. 被引量:24
  • 3沈昌祥.信息安全保障建设中的几个焦点问题分析.2008.
  • 4范红,冯登国,吴亚非.信息安全风险评估方法与应用.2006.
  • 5http://www.cert.org/tech_tips/denialof-service.html.
  • 6http://staff.washington.edu/dittrich/misc/ddos/.
  • 72008 CSI Computer Crime & Security Survey.
  • 82008 The Global State of Information Security. PriceWaterhouse Coopers.
  • 9Kuzmanovic A, Knightly E W. Low-rate TCP-targeted denial of service attacks and counter strategies[J].IEEE/ACM Transactions on Networking, 2006, 14(4): 683-696.
  • 10Guirguis M, Bestavros A, Matta I. Exploiting the transients of adaptation for RoQ attacks on internet resources[C]//Proceedings of the 12th IEEE International Conference on Network Protocols. Berlin: IEEE Computer Society, 2004:184-195.

引证文献6

二级引证文献19

通信学报
2008年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部