摘要
针对随机早期检测(RED)算法的低速率拒绝服务攻击(LDoS)会导致路由器的缓冲队列长度出现严重震荡、使网络服务质量急剧下降的问题,分析了针对RED的LDoS攻击模型,并推理了高速率攻击脉冲使路由器缓冲队列迅速增加的过程,提出了攻击脉冲长度l和脉冲速率R的理论计算方法.对于一个示例场景,当采用大于瓶颈链路带宽的攻击脉冲时,400 ms左右的脉冲能够对网络性能造成很大影响.在NS2中的模拟实验证明了实验结果与理论预期的一致性,针对RED的LDoS攻击流能够使网络服务质量大幅度下降,并且攻击流具有较好的隐蔽性.
The LDoS (low-rate DoS) attack on RED (random early detection) algorithm reduced the quality of network service by delivering periodic attack pulses that caused the router queue jitter seriously. The model of LDoS attack on RED was analyzed, and the process how the attack pulse make the queue length to increase rapidly was inferred. On the basis of theoretical analysis, a method to compute the pulse length l and pulse rate R is proposed. For a sample scenario, if the pulse rate is larger than the bandwidth of bottleneck link, it is calculated by the formula that an attack with pulse length about 400 ms could cause a great impact on network performance. Finally, through simulation experiments in NS2 platform, it is found that the results of the experiment coincide with the theoretical expectations. From the theoretical calculation and experimental, it is demonstrated that the LDoS attack stream targeting RED could cause significant decline of network service of quality and possessed excellent stealth capabilities.
出处
《华中科技大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2010年第9期50-54,共5页
Journal of Huazhong University of Science and Technology(Natural Science Edition)
基金
国家自然科学基金资助项目(6077300860642006)
空天信息安全与可信计算教育部重点实验室开放基金资助项目
关键词
网络安全
网络性能
拥塞控制
低速率攻击
拒绝服务
随机早期检测
network security
network performance
congestion control
low-rate attack
denial of servic
random early detecton (RED)