摘要
对于多播DoS攻击来说,目前还没有令人满意的解决方案.为了解决多播安全问题,同时不影响防火墙的性能效率,提出了一种简单的动态有状态多播防火墙算法.该算法借鉴了单播有状态防火墙的机制,通过维护多播组成员和单播交互情况的状态信息,可以在大多数情况下识别并丢弃未经请求的多播数据包,以保护网络不受拒绝服务攻击的危害.对该算法在性能和扩展性方面进行了实验测试,结果表明该算法是可行的.
There is no satisfactory solution yet to deal with the multicast DoS attack.A simple dynamic firewall algorithm was proposed to ensure the multicast safety while keep the efficiency of the firewall.By maintaining state information of multicast members and unicast interactive situation,the algorithm,in which the unicast firework mechanism was referenced,can identify and discard unsolicited multicast packet in most cases to protect the network against denial-of-service attack.The efficiency and extensibility of the algorithm were experimentally tested and its feasibility was proved.
出处
《中北大学学报(自然科学版)》
CAS
北大核心
2011年第2期163-168,共6页
Journal of North University of China(Natural Science Edition)
关键词
防火墙
IP多播
多播算法
多播攻击
firewall
IP multicast
multicast algorithm
multicast attack