期刊文献+

一种新的IP溯源追踪方案 被引量:1

New scheme for IP trace back
下载PDF
导出
摘要 在匿名DDoS攻击源追踪算法中,Savage等人提出的压缩边分段采样算法(CEFS)以其高效性和灵活性成为业内关注的焦点,但是该算法在重构路径时所需数据包数、分片组合次数方面存在不足。针对这些问题提出一种基于CEFS改进的算法,只需两个有效的分片就可以进行溯源,同时利用路由器身份标识字段减少了重构路径时分段的组合数,提高了溯源的时效性,理论分析和实验结果证明了该方案的有效性。 To defend against anonymous DDoS attack on the Internet,the CEFS algorithm which was first developed by Savage et al is being most concerned for its efficiency and flexibility.But it has disadvantages in the number of packages and combinations of fragment when construct the attack route.For these disadvantages,this paper improves the CEFS algorithm.It needs only two efficient segments to start IP traceback when reconstructs the attack path.At the same time,by using router identification segment,it is more efficient to reduce the number of combine.Analysis and experiments show the efficient of the scheme.
出处 《计算机工程与应用》 CSCD 北大核心 2011年第30期83-85,97,共4页 Computer Engineering and Applications
关键词 拒绝式服务 概率包标记 路由器身份标识 IP追踪 Distributed Denial-of-Service(DDoS) Probabilistic Packet Marking(PPM) router identification IP traceback
  • 相关文献

参考文献3

二级参考文献33

  • 1曲海鹏,李德全,苏璞睿,冯登国.一种分块包标记的IP追踪方案[J].计算机研究与发展,2005,42(12):2084-2092. 被引量:9
  • 2曲海鹏,冯登国,苏璞睿.基于有序标记的IP包追踪方案[J].电子学报,2006,34(1):173-176. 被引量:6
  • 3CERT.CERT Statistics.http://www.cert.org/stats/#incidents
  • 4Park K,Lee H.A proactive approach to distributed DoS attack prevention using route-based packet filtering.Technical Report,CSD00-017,Department of Computer Sciences,Purdue University,2000.http://www.cs.purdue.edu/nsl/dpf-tech.ps.gz
  • 5Savage S,Wetherall D,Karlin A,Anderson T.Practical network support for IP traceback.In:Proc.of the 2000 ACM SIGCOMM Conf.Stockholm,2000.295-306.http://www.acm.org/sigs/sigcomm/sigcomm2000/conf/paper/sigcomm2000-8-4.ps.gz
  • 6McGuire D,Krebs B.Attack on Internet called largest ever.2002.http://www.washingtonpost.com/ac2/wp-dyn/A828- 2002Oct22?
  • 7Lemos R.Attack targets info domain system.ZDNet News,2002.http://zdnet.com.com/2100-1105-971178.html
  • 8CERT.Overview of attack trends,2002.http://www.cert.org/archive/pdf/attack_trends.pdf
  • 9Ferguson P,Senie D.rfc2827,Network ingress filtering:defeating denial of service attacks which employ IP source address spoofing.IETF,May 2000.http://www.ietf.org/rfc/rfc2827.txt
  • 10Song DX,Perrig A.Advanced and authenticated marking schemes for IP traceback.In:Proc.of the IEEE INFOCOM 2001.http://www.ieee-infocom.org/2001/program.html

共引文献36

同被引文献13

  • 1朱晓建,刘渊,李秀珍.基于非重复包标记的IP追踪研究[J].计算机应用,2007,27(11):2694-2695. 被引量:3
  • 2CONVERY S.网络安全体系结构[M].田果,刘丹宁,译.北京:人民邮电出版社,2013:234-245.
  • 3BASKAR M,GNANASEKARAN T,SARAVANAN S.Adaptive IP traceback mechanism for detecting low rate DDoS attacks[C]//ICE-CCN:Proceedings of the 2013 International Conference on Emerging Trends in Computing,Communication and Nanotechnology.Piscataway:IEEE,2013:373-377.
  • 4FOROUSHANI V A,ZINCIR-HEYWOOD A N.TDFA:traceback-based defense against DDoS flooding attacks[C]//Proceedings of the 2014 IEEE 28th International Conference on Advanced Information Networking and Applications.Piscataway:IEEE,2014:597-604.
  • 5KIREMIRE A R,BRUST M R,PHOHA V V.Topology-dependent performance of attack graph reconstruction in PPM-based IP traceback[C]//Proceedings of the 2014 IEEE 11th Consumer Communications and Networking Conference.Piscataway:IEEE,2014:363-370.
  • 6SAVAGE S,WETHERALL D,KARLIN A,et al.Practical network support for IP traceback[J].ACM SIGCOMM Computer Communication Review,2000,30(4):295-306.
  • 7SONG D X,PERRIG A.Advanced and authenticated marking schemes for IP traceback[C]//INFOCOM 2001:Proceedings of the 20th Annual Joint Conference of the IEEE Computer and Communications Societies.Piscataway:IEEE,2001,2:878-886.
  • 8PENG T,LECKIE C,RAMAMOHANARAO K.Adjusted probabilistic packet marking for IP traceback[C]//NETWORKING 2002:Proceedings of the Second International IFIP-TC6 Networking Conference on Networking Technologies,Services,and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications,LNCS 2345.Berlin:Springer,2002:698-708.
  • 9LIU J,LEE Z-J,CHUNG Y-C.Dynamic probabilistic packet marking for efficient IP traceback[J].Computer Networks,2007,51(3):866-882.
  • 10STUART M,JOEL S,GEORGE K.黑客大曝光[M].7 版.赵军,张云春,陈红松,等译.北京:清华大学出版社,2013:692-695.

引证文献1

二级引证文献9

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部