摘要
在匿名DDoS攻击源追踪算法中,Savage等人提出的压缩边分段采样算法(CEFS)以其高效性和灵活性成为业内关注的焦点,但是该算法在重构路径时所需数据包数、分片组合次数方面存在不足。针对这些问题提出一种基于CEFS改进的算法,只需两个有效的分片就可以进行溯源,同时利用路由器身份标识字段减少了重构路径时分段的组合数,提高了溯源的时效性,理论分析和实验结果证明了该方案的有效性。
To defend against anonymous DDoS attack on the Internet,the CEFS algorithm which was first developed by Savage et al is being most concerned for its efficiency and flexibility.But it has disadvantages in the number of packages and combinations of fragment when construct the attack route.For these disadvantages,this paper improves the CEFS algorithm.It needs only two efficient segments to start IP traceback when reconstructs the attack path.At the same time,by using router identification segment,it is more efficient to reduce the number of combine.Analysis and experiments show the efficient of the scheme.
出处
《计算机工程与应用》
CSCD
北大核心
2011年第30期83-85,97,共4页
Computer Engineering and Applications
关键词
拒绝式服务
概率包标记
路由器身份标识
IP追踪
Distributed Denial-of-Service(DDoS)
Probabilistic Packet Marking(PPM)
router identification
IP traceback