摘要
Shrew攻击是一种典型的低速率拒绝服务攻击,其以隐蔽、高效的攻击使大量面向连接的服务性能显著降低甚至瘫痪。针对不同层面Internet拥塞控制之间的内在联系和相互影响,揭示了自适塞控制机制的安全漏洞的根源。在仿真实验中采用多种TCP、IP拥塞控制算法,模拟了有无Shrew攻击的情况下各种算法产生的性能和参数的变化。试验结果表明:持续的Shrew攻击能使服务功能近于瘫痪,同时,SFQ和DRR等公平性算法则能够有效抑制此类攻击。
Shrew attack is a typical LDoS attack.Its hidden,high efficiency features can significantly degrade service performance of large number of connection-oriented services,or even worse,thoroughly deny the services.For different levels of internet congestion control and the intrinsic link between the mutual influence, the reason of security vulnerabilities of the adaptive internet congestion control mechanism was revealed.In the simulation experiment a variety of TCP and IP congestion control algorithm simulations with and without Shrew attack in the case of a variety of algorithms was used to generate performance and parameter changes.The results show that continuous Shrew attack makes services nearly crash.Congestion control algorithms taking into account of fairness,such as stochastic fairness queuing ( SFQ) and deficit round robin ( DRR) ,can effectively suppress such kind of attack.
出处
《河南科技大学学报(自然科学版)》
CAS
北大核心
2013年第4期51-56,3,共6页
Journal of Henan University of Science And Technology:Natural Science
基金
河南省科技攻关基金项目(122102210518)
河南省教育厅科学技术研究重点基金项目(12A520042)