摘要
提出了一种基于数据包属性值的统计特性快速过滤攻击流量的新方法,它能够直接从网络结构中的物理层直接提取数据包,将其各数据段的属性值提取后,运用LB(Leaky-Bucket)方案进行评分后,导入丢弃判断模块中判断是否丢弃,从而避免了判断,为攻击性较高的数据包在TCP/IP协议栈中进行解析,节省了系统资源,有效缓解了DDoS攻击。基于该方案,设计和实现了一个DDoS攻击防御系统LB ScoreGuard,描述了其体系结构、组成、统计过程和算法,最后提出了LB Score-Guard系统中几个局限和进一步的工作。
This paper presents a rapid flow new attacks filtering methodsstatistics attribute value, it can directly achieve the packet from the physical layer of the network stucture, its all the attributes of the data extraction, use of LB (Leaky - Bucket) programme score, import module discarded judgement to determine whether discarded, and thus avoids the judgement of the attack of the higher data packets in the TCP / IP protocol stack for analysis, saving system resources, effectively alleviate the DDoS attacks.Based on the programme design and implementation of a DDoS attack defense system: LB ScoreGuard. It describes the structure and composition of the system, statistical process and algorithms, LB ScoreGuard concludes with a few limitations in the system and describes further work.
出处
《科技广场》
2008年第10期84-87,共4页
Science Mosaic
关键词
计算机网络安全
分布式拒绝服务攻击
包过滤
网络分析
属性值统计特性
Computer Network Security
Distributed Denial of Service Attacks
Packet Filtering
Network Analysis
Statistics of Property Values
