摘要
由于网络速率的不断增加和网络带宽的不断变大,采用维持连接状态的方式进行DDoS攻击防御变得越来越困难。通过检查伪造IP地址防御DDoS攻击是高速链路上防御DDoS攻击的一种有效方法。由WangHai-ning等人提出的HCF在训练完全的情况下对伪造IP地址具有较强的检测能力。但由于网络流量构成的显著变化,网络流量的动态性明显增强。在当前网络环境下的HCF很难训练完全,从而使得HCF在当前网络环境下的检测能力大幅降低。基于HCF使用的基本原理在其基础之上引入了主机安全指数的概念,并修改了其实现的数据结构,使其更加适应当前的网络环境。实验结果显示,该方法在当前网络环境下可以较好地防御基于伪造IP地址的DDoS攻击。同时与HCF相比,可以显著地降低误判率。
Because of the increment of size and bandwidth of current Internet, it becomes more and more difficult for the prevention mechanism to maintain all connections. Defense against spoofed IP address is an efficiency way to mitigate the damage of DDoS attack. HCF can throttle most attacks when the filter is abundantly trained. But due to the notable changes of current Internet environment, HCF can' t be trained entirely. As a result, the accuracy performance of HCF is seriously decreased. This paper proposed host threatening index and modified the data structure of HCF. Experimental results show that this methods can significantly reduce the false negative rate and fit current Internet environment better.
出处
《计算机应用研究》
CSCD
北大核心
2008年第12期3716-3719,共4页
Application Research of Computers
基金
国家自然科学基金资助项目(60403031,90604015)
法国电信研发中心基金资助项目(46135216)
国家重点基础研究发展计划基金资助项目(2007CB310702)
关键词
分布式拒绝服务防御
伪造IP地址检查
攻击防御
DDoS(distributed denial of service) defense
spoofed IP address inspect
attack defence
