期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

被动式伪造IP数据流地理信息获取技术研究 被引量:2

Research on the passive geolocalization of spoofed IP address
原文传递
导出
摘要 伪造IP是当前互联网中攻击数据流普遍采用的身份隐藏手段,TCP/IP协议栈下难以获取伪造IP数据流的真实地理信息.针对不同路径传输数据流在跳数、往返时延和传输噪声3种重要测量参数的特点和规律,提出通过比较测量参数完成对不同路径的识别,在此基础上,基于模式匹配的方式找到与伪造lP数据流具有相同地理位置的非伪造数据流,通过查询非伪造IP数据流的源IP地址的地理位置即可获取伪造IP数据流的真实地理位置.利用分布于全球的不同被动测量点进行了测试,结果表明,该种方法可以有效地定位伪造IP数据流. Spoofed IP is an important method to hide real source IP for attackers. Under TCP/IP stack, it's hard to acquire the true geolocation of spoofed IP, so how to geolocalizate spoofed IP plays a key role in network security. After studying and comparing the three main measurement parameters including hop count, round trip time and transmission noise, identifying route by measure parameters is proposed. Then the spoofed IP's geolocation can be determined by comparing its route to the normal IP flow. Experimental results of giant data acquired by different measurement points around the world show that this method could geolocate the spoofed IP flow efficiently.
作者 焦程波 郑辉
机构地区 信息工程大学信息工程学院 西南电子电信技术研究所
出处 《四川大学学报(自然科学版)》 CAS CSCD 北大核心 2011年第6期1287-1292,共6页 Journal of Sichuan University(Natural Science Edition)
基金 国家973计划项目(2007CB307104)
关键词 被动式 伪造IP 地理位置 跳数 往返时延 传输噪声 passive, spoofed IP,geolocation, hop count, round trip time, transmission noise
分类号 TP391.4 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献17

  • 1Nicholas W, Robin S, Vern P. Detecting forged TCP reset packets[C]//Proceedings of the 16^th annual network and distributed system security symposium (NDSS 2009), San Diego, USA: [s. n],2009.
  • 2Minho S, Jun X, Jun L, et al. Large-scale IP traceback in high-speed Internet: practical techniques and theoretical foundation[J]. IEEE/ACM Transactions on Networking, 2008, 16(6): 1253.
  • 3李少鹏.基于跳板攻击的军用网络入侵追踪的实现技术[J].四川大学学报(自然科学版),2007,44(6):1225-1229. 被引量:4
  • 4Haining W, Cheng J, Kang S. Defense against spoofed IP traffic using hop-count filtering[J]. IEEE/ACM Transactions on Networking, 2007, 15(1): 40.
  • 5Cheng J, Haining W, Kang G. Hop-Count filtering: an effective defense against spoofed traffic[C]//Proceedings of the 10th ACM conference on computer and communication security. New York, USA: ACM, 2003.
  • 6Gueye B, Ziviani A, Crovella M, et al. Constraintbased geolocation of Internet hosts[J]. IEEE/ACM Transactions on Networking, 2006, 14(6): 98.
  • 7Wong B, StoY, Sirer E. Geolocalization on the Internet through constraint satisfaction[C]//Proceedings of the WORLDS. New York, USA..[s. n], 2006.
  • 8Katz-bassett E. Towards IP geolocation using delay and topology measurements[C]//Proceedings of the 6^th ACM SIGCOMM conference on Internet measurement. New York, USA..ACM,2006.
  • 9王意洁,李小勇.网络距离预测技术研究[J].软件学报,2009,20(6):1574-1590. 被引量:11
  • 10Minho S, Jun X, Jun L, etal. Large-scale IP traceback in high-speed internet: practical techniques andin~ormation-theoretic foundation [J ]. IEEE/ACM Transactions on Networking, 2008, 16(6) : 1253.

二级参考文献118

  • 1谈杰,李星.网络测量综述[J].计算机应用研究,2006,23(2):5-8. 被引量:44
  • 2Wang W, Jin C, Jamin S. Network overlay construction under limited end-to-end reachability. In: Proc. of the IEEE INFOCOM. Piscataway: IEEE Press, 2005.
  • 3Francis P, Jamin S, Jin C, Jin Y, Raz D, Shavitt Y, Zhang L. IDMaps: A global internet host distance estimation service. IEEE/ACM Trans. on Networking, 2001,9(5):525-540.
  • 4Chen Y, Lim KH, Katz RH, Overton C. On the stability of network distance estimation. ACM SIGMETRICS Performance Evaluation Review, 2002.21-30.
  • 5Gummadi KP, Saroiu S, Gribble SD. King: Estimating latency between arbitrary Intemet end hosts. In: Proc. of the 2nd ACM SIGCOMM Workshop on Internet measurement. New York: ACM Press, 2002. 5-18.
  • 6Leonard D, Loguinov D. Turbo king: Framework for large-scale internet delay measurements. In: Proc. of the IEEE 1NFOCOM. Piscataway: IEEE Press, 2008.
  • 7Srinivasan S, Zegura E. M-Coop: A scalable infrastructure for network measurement. In: Proc. of the 3rd IEEE Workshop on Intemet Applications. Washington: IEEE Computer Society, 2003.35-39.
  • 8Wong B, Slivkins A, Sirer EG. Meridian: A lightweight network location service without virtual coordinates. In: Proc. of the ACM SIGCOMM. New York: ACM Press, 2005.
  • 9Sharma P, Xu Z, Banerjee S, Lee SJ. Estimating network proximity and latency. ACM SIGCOMM Computer Communication Review. 2006.39-50. http://networking.hpl.hp.com/s-cube/nv.pdf.
  • 10Guyton JD, Schwartz MF. Locating nearby copies of replicated Internet servers. In: Proc. of the ACM SIGCOMM. New York: ACM Press, 1995. 288-298.

共引文献59

同被引文献5

引证文献2

二级引证文献2

四川大学学报(自然科学版)
2011年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部