摘要
提出了一个基于源-目的端ISP包标记方案。此方案不再用来重构攻击路径,而主要用于刻画DDoS攻击流特征。这些特征对于受害者过滤攻击非常有效。在过滤方面,提出了一个比率控制方案,通过限制攻击流并保持合法数据流不受影响来有效保护受害者。在经济方面ISP能提供更好的安全措施作为对客户的增值服务,因此也就更有积极性来部署。
In this paper,propose new packet marking models. It's not used for reconstructing the attack path, but characterizing DDoS attack streams. Such common characterization can be used to make filtering by the victim more effective. In terms of filtering,propose a rate control scheme that protects destination domains by limiting the amount of traffic during an attack, while leaving a large percentage of legitimate traffic unaffected. On economic front, it enable providers to offer enhanced security protection against such attacks as a value - added service to their customers, and hence offer positive incentives for them to deploy the proposed models.
出处
《计算机技术与发展》
2009年第4期98-100,104,共4页
Computer Technology and Development
基金
河南省自然科学基金(2003520257)
