基于流量优化的包标记IP追踪策略研究

Traffic-based Optimized Marking Scheme for IP Traceback

下载PDF

导出

摘要传统的攻击源追踪方案在面对大规模DDoS攻击时,重构路径的收敛速度往往过慢。文中提出一种根据DDoS流量分布优化的随机包标记策略OMS(Optimized Marking Scheme),该策略通过在IP报头中插入控制信息,使标记包采样概率在攻击路径上随终点的距离递增,从而更远处的标记包能够以更高的概率到达终点。仿真试验的结果表明,OMS收敛速度较以往的方案有了明显的提高。 Traditional IP traceback schemes can not trace the attacking sources quickly enough when facing large-scale DDoS attack. This paper presents an Optimized Marking Scheme（OMS） based on the characteristic of DDoS traffic distribution. This sheme inserts some controlling informaton into the marked packets＇ headers,which makes the sampling probability of such packets keep increasing along with the marking router＇s distance to the destination. Thus, the packets from farer routers where the DIDOS traffic is lower can reach the destination with larger probability, which improves the speed of tracing. Simulation results show that OMS is much more efficient than other traditional schemes.

作者周曜徐长江徐佳刘凤玉

机构地区南京理工大学计算机科学与技术学院海军兵种指挥学院

出处《计算机科学》 CSCD 北大核心 2008年第7期84-87,共4页 Computer Science

基金国家自然科学基金资助项目(60273035)

关键词 DDOS 攻击源追踪流量分布 DDoS, IPtraceback,Traffic distribution

分类号 TP309 [自动化与计算机技术—计算机系统结构] TK172 [动力工程及工程热物理—热能工程]

引文网络
相关文献

参考文献9

1Stone R. CenterTrack:An IP overlay network for tracking DoS floods///Proceedings of 2000 USENIX Security Symposium. Denver, Colorado, USA, 2000 : 199-212.
2Burch H, Cheswick B. Tracing anonymous packets to their approximatesource//Proceedings of 2000 USENIX LISA Conference. Seattle. Washington, USA, 2000 : 319-327.
3Jing Y N,Li J T,Wang X P, et al. Distributed-log-based IP traceback scheme to defeat DDoS attacks//Proceedings of 20th International Conference on Advanced Information Networking and Applications (AINA 2006). Vienna, Austria. April 2006,2 25-32.
4Thing V L L,Lee H C J,et al. Enhanced ICMP traceback with cumulative path. IEEE VTC2005 ' Spring. Stockholm, Sweden, June, 2005,4 : 2415-2419.
5Dean D, Franklin M, Stubblefield A. An algebraic approach to IP traceback//Proceedings of 2001 Network and Distributed System Security Symposium. Sand Diego, California, USA, 2001 : 3- 12.
6Savage S, Wetherall D. Network support for LP traceback, IEEE/ACM Transactions on Networking, 2001,9(3) : 226-237.
7Song D,Perrig A. Advanced and authenticated marking schemes for IP traceback//Proceedings of the IEEE INFOCOM. Anchorage,Alaska USA,2001,2:878-886.
8李德全,苏璞睿,冯登国.用于IP追踪的包标记的注记(英文)[J].软件学报,2004,15(2):250-258. 被引量：29
9Internet Mapping Project. http : // cm. bell- labs. com/ who / ches/map/dbs/index. html.2006.

二级参考文献19

1CERT.CERT Statistics.http://www.cert.org/stats/#incidents
2Park K,Lee H.A proactive approach to distributed DoS attack prevention using route-based packet filtering.Technical Report,CSD00-017,Department of Computer Sciences,Purdue University,2000.http://www.cs.purdue.edu/nsl/dpf-tech.ps.gz
3Savage S,Wetherall D,Karlin A,Anderson T.Practical network support for IP traceback.In:Proc.of the 2000 ACM SIGCOMM Conf.Stockholm,2000.295-306.http://www.acm.org/sigs/sigcomm/sigcomm2000/conf/paper/sigcomm2000-8-4.ps.gz
4McGuire D,Krebs B.Attack on Internet called largest ever.2002.http://www.washingtonpost.com/ac2/wp-dyn/A828- 2002Oct22?
5Lemos R.Attack targets info domain system.ZDNet News,2002.http://zdnet.com.com/2100-1105-971178.html
6CERT.Overview of attack trends,2002.http://www.cert.org/archive/pdf/attack_trends.pdf
7Ferguson P,Senie D.rfc2827,Network ingress filtering:defeating denial of service attacks which employ IP source address spoofing.IETF,May 2000.http://www.ietf.org/rfc/rfc2827.txt
8Song DX,Perrig A.Advanced and authenticated marking schemes for IP traceback.In:Proc.of the IEEE INFOCOM 2001.http://www.ieee-infocom.org/2001/program.html
9Park K,Lee H.On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack.In:Proc.of the IEEE INFOCOM 2001.2001.338-347.http://www.ieee-infocom.org/2001/program.html
10Snoeren AC,Partridge C,Sanchez LA,Jones CE,Tchakountio F,Kent ST,Strayer T.Hash-Based IP traceback.In:Proc.of the ACM SIGCOMM 2001 Conf.2001.San Diego,2001.3-14.http://www.acm.org/sigs/sigcomm/sigcomm2001/p1.html

共引文献28

1李冬静,李学宝.基于包头压缩的概率性包标记[J].计算机与现代化,2005(9):89-93.
2顾晓清,刘渊.基于自适应包标记的IP回溯[J].计算机应用,2005,25(9):2092-2093. 被引量：4
3曲海鹏,李德全,苏璞睿,冯登国.一种分块包标记的IP追踪方案[J].计算机研究与发展,2005,42(12):2084-2092. 被引量：9
4陈星星,徐红云.基于重叠概率包标记的IP追踪策略[J].计算机工程与应用,2006,42(16):153-155.
5陈伟,何炎祥,彭文灵.一种轻量级的拒绝服务攻击检测方法[J].计算机学报,2006,29(8):1392-1400. 被引量：26
6闫巧,夏树涛,吴建平.改进的压缩边分段采样算法[J].西安电子科技大学学报,2006,33(5):824-828. 被引量：6
7DU Ruizhong YANG Xiaohui MA Xiaoxue HE Xinfeng.DDoS Defense Algorithm Based on Multi-Segment Timeout Technology[J].Wuhan University Journal of Natural Sciences,2006,11(6):1823-1826. 被引量：1
8杨长春,倪彤光,薛恒新.一种新的DDoS攻击源追踪包标记方法[J].计算机工程与应用,2007,43(19):135-137. 被引量：1
9李德全,苏璞睿,魏东梅,冯登国.基于路由器编码的自适应包标记(英文)[J].软件学报,2007,18(10):2652-2661. 被引量：6
10张立莉,曹天杰,汤丽娟.一种改进的概率包标记方案[J].计算机工程,2008,34(7):148-150. 被引量：6

1荆一楠,屠鹏,王雪平,张根度.一种基于反向确认的DDoS攻击源追踪模型[J].计算机工程,2007,33(2):127-129. 被引量：2
2王娇.基于人工免疫算法的传感器节点布置策略[J].电子测量技术,2015,38(6):97-99. 被引量：9
3刘玉英,史旺旺.一种基于遗传算法的无线传感器网络节点优化方法[J].传感技术学报,2009,22(6):869-872. 被引量：13
4章海聪,王晓明.基于路由器接口的IP追踪方案[J].计算机应用,2011,31(3):774-777. 被引量：1
5吴哲,谢冬青.基于随机包标记的不重复标记追踪模型[J].计算机应用研究,2009,26(12):4744-4746.
6吴哲,谢冬青.基于随机包标记的不重复标记追踪模型[J].教育信息技术,2009(5):41-44.
7李强,朱弘恣,鞠九滨.大流量优先的实时IP随机包标记反向追踪[J].计算机应用,2005,25(7):1498-1501.
8靳立忠,常桂然,贾杰.基于差分进化算法的移动传感器网络节点的分布优化[J].控制与决策,2010,25(12):1857-1860. 被引量：12
9屠鹏,荆一楠,付振勇,张根度.基于反向节点标记的攻击源追踪方法[J].计算机工程与设计,2006,27(18):3314-3317. 被引量：1
10林瑞金,卓清寅.遗传算法在排课系统中的应用[J].厦门理工学院学报,2010,18(4):38-42.

计算机科学

2008年第7期

浏览历史

内容加载中请稍等...

基于流量优化的包标记IP追踪策略研究

参考文献9

二级参考文献19

共引文献28

相关作者

相关机构

相关主题

浏览历史