一类慢速拒绝服务攻击的防御方法被引量：1

A method for defending low-rate denial of service attacks

下载PDF

导出

摘要与高速率的拒绝服务攻击相比,慢速拒绝服务攻击难以被现有的拒绝服务攻击检测工具检测出来,其隐蔽性更高.通过分析慢速拒绝服务攻击在不同网络环境中对网络性能的影响,提出使用动态调整超时重传定时器的策略来防御此类攻击.实验表明,此类动态调整策略可有效抵御慢速拒绝服务攻击,与当前网络所使用的策略相比,在攻击周期小于2 s时,网络吞吐量提升了300%以上. Compared with high-rate denial of service attacks,low-rate denial of service attack is hard to detect by the existing intrusion detection systems,because it is much more concealed.The network performance with low-rate attacks in different environments was analyzed;two novel dynamic adjusting strategies for retransmission timeout were also proposed.Experiments indicate that the proposed method can effectively fight off low-rate denial of service attacks.Compared with the strategy currently used on the Internet,it can enhance the network throughput above 300% when the attack period is less than 2 seconds.

作者董阔杨寿保

机构地区中国科学技术大学计算机科学技术系

出处《中国科学技术大学学报》 CAS CSCD 北大核心 2010年第1期103-108,共6页 JUSTC

基金国家自然科学基金(60673172) 安徽省自然科学基金(070412045)资助

关键词慢速拒绝服务攻击拥塞控制动态调整超时重传定时器 low-rate denial of service attack congestion control dynamic adjustment retransmission timeout timer

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献8

1Kuzmanovic A, Knightly E W. Low-rate TCP-targeted denial of service attacks[C].//Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications. NewYork. ACM, 2003.75-86.
2Luo X, Chang R K C. On a new class of pulsing denial-of-service attacks and the defense[C]//Network and Distributed System Security Symposium (NDSS'05). San Diego, CA, 2005:61-79.
3Guirguis M, Bestavros A, Matta L Exploiting the transients of adaptation for RoQ attacks on Internet resources[C]//Proceedings of The 12th IEEE International Conference on Network Protocols. Los Alamitos, CA, USA.. IEEE Computer Soc, 2004:184-195.
4Guirguis M, Bestavros A, Matta I. On the impact of low-rate attacks [ C ]//Proceedings of IEEE International Conference on Communications, 2006: 2 316-2 321.
5Kwok Y K, Tripathi R, Chen Y, et al. HAWK, halting anomalies with weighted choking to rescue well- behaved TCP sessions from shrew DEloS attaeks[J]. Lecture Notes in Computer Science, 2005, 3 619: 423-432.
6Sun H B, Lui J C S, Yau D K Y. Distributed mechanism in detecting and defending against the lowrate TCP attack[J]. Computer Networks, 2006, 50 (13): 2 312-2 330.
7Paxson V, Allman M. Computing TCP's Retransmission Timer[S]. Internet RFC 2988, 2000.
8Corless R,Gonnet G, Hare D, et al. On the Lambert W function [ J ]. Advances in Computational Mathetatics, 1996, 5: 329-359.

同被引文献2

1SHEN ChangXiang,ZHANG HuangGuo,FENG DengGuo,CAO ZhenFu,HUANG JiWu.Survey of information security[J].Science in China(Series F),2007,50(3):273-298. 被引量：40
2夏家莉,陈辉,杨兵.一种动态优先级实时任务调度算法[J].计算机学报,2012,35(12):2685-2695. 被引量：53

引证文献1

1ZHAO Bo,XIANG Shuang,AN Yang,TAO Wei.DPTSV:A Dynamic Priority Task Scheduling Strategy for TSS Deadlock Based on Value Evaluation[J].China Communications,2016,13(1):161-175. 被引量：2

二级引证文献2

1Juan Wang,Yuan Shi,Guojun Peng,Huanguo Zhang,Bo Zhao,Fei Yan,Fajiang Yu,Liqiang Zhang.Survey on Key Technology Development and Application in Trusted Computing[J].China Communications,2016,13(11):70-90. 被引量：7
2张家伟,张冬梅,黄琪.一种抗APT攻击的可信软件基设计与实现[J].信息网络安全,2017(6):49-55. 被引量：8

1张磊.用JProfiler调优——找回丢失的性能[J].程序员,2007(6):118-119. 被引量：1
2佚名.巧用工具检测网络“堵塞”[J].家庭科技,2012(12):47-47.
3叶永青,李晖,郑燕飞,洪璇,郑东.基于二进制代码的缓冲区溢出检测研究[J].计算机工程,2006,32(18):141-143. 被引量：5
4杨力,李静森,魏德宾,潘成胜.一种高动态卫星网络的拥塞控制算法[J].宇航学报,2014,35(8):953-960. 被引量：9
5PCI—E×16“偷懒”[J].电脑爱好者（普及版）,2010(A02):231-232.
6笔记本提速该如何升级[J].电脑爱好者（普及版）,2011(A02):254-254.
7小小杉.Ring3下实现恶意代码注入Linux内核[J].黑客防线,2009(9):55-59.
8王希忠,宋超臣,黄俊强,吴琼.一种基于推荐网络的拒绝服务攻击检测发现方法[J].信息技术,2014,38(5):61-63.
9叶青青.软件系统中代码克隆的检测技术[J].计算机系统应用,2007,16(12):94-97. 被引量：7
10联想Phab 2系列AR手机发布——搭载Tango技术和AR特效[J].新电脑,2016,0(7):76-76.

中国科学技术大学学报

2010年第1期

浏览历史

内容加载中请稍等...

一类慢速拒绝服务攻击的防御方法被引量：1

参考文献8

同被引文献2

引证文献1

二级引证文献2

相关作者

相关机构

相关主题

浏览历史

一类慢速拒绝服务攻击的防御方法 被引量：1

参考文献8

同被引文献2

引证文献1

二级引证文献2

相关作者

相关机构

相关主题

浏览历史

一类慢速拒绝服务攻击的防御方法被引量：1