期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于IPv6拒绝服务攻击和改进确定包算法研究 被引量:1

Study of denial of service attack & improved deterministic packet marking scheme based on IPv6
下载PDF
导出
摘要 对IPv6下拒绝服务攻击进行了研究,并根据IPv6协议的特点,提出一种基于IPv6的MAC认证改进确定包标记(ADPM-v6)算法。ADPM-v6利用IPv6新特性,即逐跳选项和改进的MAC认证方法,有效解决了受控路由器修改标记的问题,能直接快速地追踪攻击源。同时分析验证了IPv6真实攻击环境的数据包大小分布,使得算法有效且更具有较强的实用性。理论分析和仿真实验结果表明,该算法在IPv6下大大缩短了重构时间,减少了重构计算量和误报率。 This paper studied the DoS attacks under IPv6,and according to the new features of IPv6 protocol,proposed the ADPM-v6 scheme based on improved MAC-authentication.By using a new IPv6 feature hop-by-hop options and the improved MAC authentication method,the scheme could quickly locate the source of attacker.The scheme could prevent compromised router which could forge the marking effectively.Simultaneous,analysis of a real attack environment verifying IPv6 packet size distribution,made the algorithm have a strong practicality and more effective.The implementation and evaluation shows that the ADPM-v6 scheme can greatly reduce the reconstruction time and reduce the amount of reconstruction computing and false positive.
作者 赵树枫
机构地区 上海理工大学信息化办公室
出处 《计算机应用研究》 CSCD 北大核心 2012年第5期1914-1917,共4页 Application Research of Computers
基金 国家自然科学基金资助项目(61170277) 上海市教委科研创新重点资助项目(12zz137) 上海市重点学科建设资助项目(S30504)
关键词 IPV6协议 IP追踪 分布式拒绝服务 确定包标记 MAC认证 IPv6 protocol IP traceback distributed denial of service(DDoS) deterministic packet marking(DPM) MAC authentication
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1黄忠厚,徐川,刘宴兵.DDoS攻击源追踪算法综述[J].计算机应用研究,2010,27(9):3233-3236. 被引量:2
  • 2BELENKY A,ANSARI N.On deterministic packet marking[J].Computer Networks,2007,51(10):2677-2700.
  • 3YANG Xin-yu,MA Ting,SHI Yi.Typical DoS/DDoS threats underIPv6[C]//Proc of International Multi-Conference on Computing inthe Global Information Technology.Washington DC:IEEE ComputerSociety,2007:55-60.
  • 4ALBRIGHT E,DANG Xuan-hien.An implementation of IP tracebackin IPv6 using probabilistic packet marking[C]//Proc of InternationalConference on Internet Computing.2005:416-421.
  • 5杨俊,王振兴,郭浩然.基于扩展头随机标记的IPv6攻击源追踪方案[J].计算机应用研究,2010,27(6):2335-2337. 被引量:5
  • 6YANG Xin-yu,MA Ting.A link signature based DDoS attacker trac-ing algorithm under IPv6[J].International Journal of Security andIts Applications,2009,3(2):27-36.
  • 7SIRIS V A,STAVRAKIS I.Provider-based deterministic packet mark-ing against distributed DoS attacks[J].Journal of Network andComputer Applications,2007,30(3):858-876.
  • 8BELENKY A,ANSARI N.Tracing multiple attackers with determi-nistic packet marking(DPM)[C]//Proc of IEEE Pacific Rim Con-ference on Communications,Computers and Signal Processing.[S.l.]:IEEE Press,2003:49-52.
  • 9LIU J,LEE Z J,CHUNG Y C.Dynamic probabilistic packet markingfor efficient IP traceback[J].Computer Networks,2007,51(3):866-882.
  • 10DURRESI A,PARUCHURI V,BAROLLI L.Fast autonomous sys-tem traceback[J].Journal of Network and Computer Applica-tions,2009,32(2):448-454.

二级参考文献30

  • 1曲海鹏,李德全,苏璞睿,冯登国.一种分块包标记的IP追踪方案[J].计算机研究与发展,2005,42(12):2084-2092. 被引量:9
  • 2曲海鹏,冯登国,苏璞睿.基于有序标记的IP包追踪方案[J].电子学报,2006,34(1):173-176. 被引量:6
  • 3李振强,赵晓宇,马严.IPv6安全脆弱性研究[J].计算机应用研究,2006,23(11):109-112. 被引量:16
  • 4陈星星,徐红云.IP追踪中PPM算法的改进研究[J].计算机工程,2006,32(21):164-166. 被引量:5
  • 5SUNG M,U J.IP traceback-based intelligent packet filtering:a novel technique for defending against Internet DDoS attacks[J].IEEE Trans on Parallel and Distributed Systems,2003,4(9):861-872.
  • 6STON R.Center track:an IP overlay network for tracking DoS floods[C] //Proc of USENIX Security Symposium.2000.
  • 7LEE T H,WU Wei-kai,YAU T,et al.Scalable packet digesting schemes for IP traceback[C] //Proc of IEEE International Conference on Communications.2004:1008-1013.
  • 8MANKIN A,ASSEY D,WU C,et al.On design and evaluation of "intention-driven" ICMP traceback[C] //Proc of IEEE International Conference on Computer Communications and Networks.2001:159-165.
  • 9SAVAGE S,ETHERALL D.Practical network support for IP traceback[C] //Proc of ACM SIGCOMM Conference.2000:295-300.
  • 10SONG D,ERRING A.Advanced and authenticated marking schemes for IP traceback[C] //Proc of IEEE INFOCOMM Conference.2001:878-886.

共引文献5

同被引文献14

  • 1陆音,石进,黄皓,谢立.综述:关于IPv6安全性问题的研究[J].计算机科学,2006,33(5):5-11. 被引量:15
  • 2占勇军,谢冬青,周再红,罗莉莉.IPv6下基于改进的SPIE源追踪方案[J].计算机工程与科学,2007,29(4):11-13. 被引量:5
  • 3Ston R.An IP overlay network for tracking Do S floods[C]//Proc of USENIX Security Symposium,2000.
  • 4Lee T H,Wu Weikai,Yau T.Scalable packet digesting schemes for IP traceback[C]//Proc of IEEE International Conference on Communications,2004:1006-1014.
  • 5Sung M,Xu J.IP traceback-based intelligent packet filtering a novel technique for defending against Internet DDo S attacks[J].IEEE Trans on Parallel and Distributed Systems,2003,14(9):860-872.
  • 6Mank N A,Massey D,Wu C.ICMP traceback[C]//IEEE International Conference on Communications and Networks,2001:158-165.
  • 7Savage S,Wetherall D.Practical network support for IP traceback[C]//Proc of ACM SIGCOMM Conference,2000:295-300.
  • 8Song D,Perrng A.Advanced and authenticated marking schemes for IP traceback[C]//Proc of IEEE Infocomm Conference,2001:877-886.
  • 9冯波,刘海,郭帆,余敏.一种改进型PPM方法的设计与仿真实现[J].计算机工程,2011,37(12):133-136. 被引量:1
  • 10闫巧,宁土文.基于确定线性网络编码的IPv6追踪[J].计算机应用,2011,31(9):2352-2355. 被引量:1

引证文献1

二级引证文献4

计算机应用研究
2012年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部