期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于多阈值包过滤策略的DDoS防范机制研究

The Study on Defending DDoS Based on Multi-threshold Packet Filtering Policy
下载PDF
导出
摘要 DDoS(Distributed Denial of Service),即"分布式拒绝服务"攻击,DDoS攻击的本质是通过不对等的方式,对目标机发出非正常服务要求,耗尽目标机本身的资源,使其无法提供正常服务,具有较大的危害性。传统的基于流量分析和阈值策略的防范机制使用单阈值或双阈值来判断攻击行为,虽然可以较为便捷地实现DDoS防范,然而这样也导致防范精度较低。文中针对基于流量阈值的基础上提出反馈型多阈值过滤机制,通过建立将回收圈的统计数据反馈给阈值的计算机制,有效地提高了攻击防范精度。仿真实验证明,该系统相对于以前的技术,其具备较高的防范精度。 Traditional flow analysis and threshold strategy prevention polices use single threshold or double threshold to determine attack behavior.It is easily to realize a DDoS system.But the accuracy is lower.In this paper,we present a double-layer multi-threshold filtering mechanism by using the statistical calculation of recovery loop feedback to the threshold.Simulation results show that the system has a higher prevention accuracy compared with the previous system.
作者 许建真 何丹
机构地区 南京邮电大学计算机学院
出处 《南京邮电大学学报(自然科学版)》 北大核心 2012年第5期45-48,共4页 Journal of Nanjing University of Posts and Telecommunications:Natural Science Edition
关键词 分布式拒绝服务(DDoS) 多阈值 包过滤 流量分析 回收圈 DDoS multi-thresh packet filtering intrusion detection recovery loop
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献4

  • 1KARGL F,MALER J,WEBER M. Protecting Web Servers from Dis-tributed Denial of Service Attacks [C\ // Proc of 10th Inti WorldWide Web Conference. 2001.
  • 2WAN K K,CHANG R. Engineering of a GlobalDefense In frastruc- ture for DDOS Attacks[ C] //Proc IEEE Inti Conf Net. 2002.
  • 3XIONG Y,LIU S,SUN P. On the Defense of the Distributed Denial of Service Attacks : An on-off Feedback Control Approach[ J] . IEEE Transaction on Systems, Man and Cybernetics——Part A : Systems and Humans,2001,31:282 -293.
  • 4田俊峰,朱宏涛,孙冬冬,毕志明,刘倩.基于用户信誉值防御DDoS攻击的协同模型[J].通信学报,2009,30(3):12-20. 被引量:9

二级参考文献18

  • 1王永利,徐宏炳,董逸生,钱江波,刘学军.分布式数据流增量聚集[J].计算机研究与发展,2006,43(3):509-515. 被引量:4
  • 2李金良,王文国,何裕友.一种基于历史信任数据的DDOS防御模型[J].计算机技术与发展,2007,17(7):160-162. 被引量:2
  • 3MIRKOVIC JELENA .Attacking DDoS at the source[A]. Proceedings of the 10th IEEE International Conference on Network Protocols [C]. Paris, France, 2002.366-369
  • 4FERGUSON P, SENIE D. Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing[R] Internet Best Current Practice, RFC 2827, May 2000.
  • 5WALFISH M, VUTUKURU M. DDoS defense by offense [A], SIGCOM'06[C]. 2006.1635-1639.
  • 6PENG T, LECKIE R, RAMAMOHANARAO T. Survey of network-based defense mechanisms countering the DoS and DDoS problems[J]. ACM Computing Surveys, 2007,39(1):321-342.
  • 7JIN C H, WANG K SHIN. Hop-count filtering: an effective defense against spoofed DDoS traffic[A]. Proceedings of the 10th ACM Conference on Computer and Communications Security[C]. Washington, D C, USA, 2003.126-137
  • 8TUPAKULA U, VARADHARAJAN V. Analysis of Trace-Back Technique[R]. 2006.
  • 9ALLMAN M, BLANTON E, PAXSON V. An architecture for developing behavioral history[A]. Proceedings of SRUTI USENIX Association[C]. 2005.45-51.
  • 10WEI S J, MIRKOVIC J. Building reputations for internet clients[J]. Published in Electronic Notes in Theoretical Computer Science, 2006.66-78.

共引文献8

南京邮电大学学报(自然科学版)
2012年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部