期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

Shrew攻击对拥塞控制协议的影响及仿真分析 被引量:2

Effect of Shrew Attacks on Internet Congestion Control and Simulation Analysis
下载PDF
导出
摘要 Shrew攻击是一种典型的低速率拒绝服务攻击,其以隐蔽、高效的攻击使大量面向连接的服务性能显著降低甚至瘫痪。针对不同层面Internet拥塞控制之间的内在联系和相互影响,揭示了自适塞控制机制的安全漏洞的根源。在仿真实验中采用多种TCP、IP拥塞控制算法,模拟了有无Shrew攻击的情况下各种算法产生的性能和参数的变化。试验结果表明:持续的Shrew攻击能使服务功能近于瘫痪,同时,SFQ和DRR等公平性算法则能够有效抑制此类攻击。 Shrew attack is a typical LDoS attack.Its hidden,high efficiency features can significantly degrade service performance of large number of connection-oriented services,or even worse,thoroughly deny the services.For different levels of internet congestion control and the intrinsic link between the mutual influence, the reason of security vulnerabilities of the adaptive internet congestion control mechanism was revealed.In the simulation experiment a variety of TCP and IP congestion control algorithm simulations with and without Shrew attack in the case of a variety of algorithms was used to generate performance and parameter changes.The results show that continuous Shrew attack makes services nearly crash.Congestion control algorithms taking into account of fairness,such as stochastic fairness queuing ( SFQ) and deficit round robin ( DRR) ,can effectively suppress such kind of attack.
作者 马建红 姬莉霞 文坤
机构地区 武汉理工大学信息工程学院 郑州大学软件技术学院 清华大学信息网络工程研究中心
出处 《河南科技大学学报(自然科学版)》 CAS 北大核心 2013年第4期51-56,3,共6页 Journal of Henan University of Science And Technology:Natural Science
基金 河南省科技攻关基金项目(122102210518) 河南省教育厅科学技术研究重点基金项目(12A520042)
关键词 shrew攻击 网络安全 INTERNET拥塞控制 网络模拟器(NS2) 公平性算法 shrew attack network security internet congestion control network simulator fairness algorithm
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献12

  • 1何炎祥,曹强,刘陶,韩奕,熊琦.一种基于小波特征提取的低速率DoS检测方法[J].软件学报,2009,20(4):930-941. 被引量:21
  • 2Luo X P, Chang K C. On a New Class of Pulsing Denial-of-service Attacks and the Defense[ C ]//Network and Distributed System Security Symposium ( NDSS'05 ). San Diego, CA,2005:2 - 5.
  • 3何炎祥,刘陶,曹强,熊琦,韩奕.低速率拒绝服务攻击研究综述[J].计算机科学与探索,2008,2(1):1-19. 被引量:20
  • 4Kuzmanovic A,Knightly E W. Low-rate TCP-targeted Denialofserviceattacks: the Shrew vs the Mice and Elephants [ C ]// Proc of ACM SIGCOMM' 03. Karlsruhe. ACM Press,2003:75 - 86.
  • 5Sarat S, Terzis A. On the Effect of Router Buffer Sizes on Low-ratedenial of Service Attacks [ C ]//14th International Conference on Computer Communications and Networks ( ICCCN 2005 ). San Diego : IEEE Press, 2005 : 281 - 286.
  • 6Sun H,Lui J, Yau D. Defending Against Low-rate TCP Attacks:Dynamic Detection and Protection [ C ]//the 12th IEEE International Conference on Network Protocols( ICNP 2004). Berlin:IEEE Computer Soc,2004:196 -205.
  • 7Chen Y, Hwang K. Collaborative Detection and Filtering of Shrew DdoS Attacks Using Spectral Analysis [ J]. Journal of Parallel and Distributed Computing,2006,66 ( 9 ) : 1137 - 1151.
  • 8Wei W, Dong Y B, Lu D M. A Novel Mechanism to Defend Against Low-rate Denial-of-service Attacks [ J ]. Journal of Compuer Science ,2006,3975:261 - 271.
  • 9张长旺,殷建平,蔡志平,祝恩,程杰仁.基于拥塞参与度的分布式低速率DoS攻击检测过滤方法[J].计算机工程与科学,2010,32(7):49-52. 被引量:4
  • 10魏蔚,董亚波,鲁东明,金光.低速率TCP拒绝服务攻击的检测响应机制[J].浙江大学学报(工学版),2008,42(5):757-762. 被引量:5

二级参考文献67

  • 1王兆霞,孙雨耕,陈增强,袁著祉.基于模糊神经网络的网络业务量预测研究[J].通信学报,2005,26(3):136-140. 被引量:17
  • 2黄晓璐,闵应骅,吴起.网络流量的半马尔可夫模型[J].计算机学报,2005,28(10):1592-1600. 被引量:9
  • 3洪飞,吴志美.基于小波的多尺度网络流量预测模型[J].计算机学报,2006,29(1):166-170. 被引量:46
  • 4陆锦军,王执铨.基于混沌特性的网络流量预测[J].南京航空航天大学学报,2006,38(2):217-221. 被引量:25
  • 5王升辉,裘正定.结合多重分形的网络流量非线性预测[J].通信学报,2007,28(2):45-50. 被引量:40
  • 6刘杰,黄亚楼.基于BP神经网络的非线性网络流量预测[J].计算机应用,2007,27(7):1770-1772. 被引量:66
  • 7Kuzmanovic A, Knightly EW. Low-Rate TCP-targeted denial of service attacks--the shrew vs. the mice and elephants. In: Proc. of the ACM SIGCOMM 2003. New York: ACM Press, 2003. 75-86. http://byte.csc.lsu.edu/-durresi/7502/reading/p75-kuzmanovic. pdf.
  • 8Sarat S, Terzis A. On the effect of router buffer sizes on low-rate denial of service attacks. In: Proc. of the 14th Int'l Conf. on Computer Communications and Networks (ICCCN 2005). New York: IEEE Press, 200S. 281-286. http://www.cs.jhu.edu/-sarat/ ICCCN05.pdf.
  • 9Kwok YK, Tripathi R, Chen Y, Hwang K. HAWK: Halting anomalies with weighted choking to rescue well-behaved TCP sessions from shrew DDoS attacks. In: Proc. of the 3rd Int'l Conf. on Networking and Mobile Computing (ICCNMC 2005). New York: Springer-Verlag, 2005.423-432. http://gridsec.usc.edu/files/TR/HAWK-ICCNMC2005-CameraReady.pdf.
  • 10Sun H, Lui JCS, Yau DKY. Defending against low-rate TCP attacks: Dynamic detection and protection. In: Proc. of the 12th IEEE Int'l Conf. on Network Protocols (ICNP 2004). New York: IEEE Press, 2004. 196-205. http://www.cse.cuhk.edu.hk/-cslui/ PUBLICATION/icnp_lowrate.pdf.

共引文献125

同被引文献12

引证文献2

二级引证文献13

河南科技大学学报(自然科学版)
2013年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部