期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于NDIS中间层驱动的DDoS防火墙的设计 被引量:2

Design of Firewall Against DDo S Attacks Based on NDIS Intermediate Drivers
下载PDF
导出
摘要 分布式拒绝服务攻击是当前网络上最为严重的攻击手段之一。为了有效防御DDo S攻击,文中讨论一种Windows平台下,基于网络驱动接口规范中间层驱动技术防御DDo S攻击的原理。由于NDIS中间层驱动位于Windows网络组件很低的层次,因此,可以拦截所有的以太网包,具有效率高、拦截准确、系统资源开销小的特点,配合黑白名单、单个IP连接数等策略,几乎让攻击者没有可利用的漏洞。它特别适合用来做大型专业网络的防火墙。 The attack by Distributed Denial of service is one of the most grievous ploys in internet at the present time. On the platform of Windows,based on NDIS intermediate drivers a principle of defense is proposed to handle DDos attacks in this paper. Because NDIS intermediate drive is located in the rather low level of Windows network components,it can intercept all Ethernet packets,having such features as being efficient,intercepting precisely and having small expenses of systemic resources. Coordinating with such tactics as black- and- white lists and single IP linkage numbers,almost no loopholes can be taken advantage of by attackers. All of these features can be best applied to make large scale and specialized network firewalls.
作者 万伟
机构地区 西南科技大学理学院
出处 《实验科学与技术》 2015年第2期32-35,共4页 Experiment Science and Technology
基金 西南科技大学实验技术研究基金资助项目(13syjs-32)
关键词 网络驱动接口规范 中间层驱动 分布式拒绝服务 防火墙 network driver interface specification intermediate drivers distributed denial of service firewall
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献8

  • 1Ranjan S, Swaminathan R, Uysal M, et al. DDoS shield: DDoS - resilient scheduling to counter application layer at- tacks[ J]. IEEE/ACM Transactions on Networking, 2009, 17(1) : 26 -39.
  • 2Kandula S, Katabi D, Jacob M, et al. Botz - 4 - scale : surviving organized DDoS attacks that mimic flash crowds [ C ] Proceedings of the 2rid Conference on Symposium on Networked Systems Design & Implementation. Kyoto, Ja- pan: [s.n.], 2005:287-300.
  • 3Yu J, Chen H, Chen X. A detection and offense mecha- nism to defense against application layer DDoS attacks [C]. Proceedings of the 3rd International Conference on Networking and Services. Athens, Greece: [ s.n. ] , 2007 : 251 - 261.
  • 4田俊峰,朱宏涛,孙冬冬,毕志明,刘倩.基于用户信誉值防御DDoS攻击的协同模型[J].通信学报,2009,30(3):12-20. 被引量:9
  • 5GregHoglund,JamesBuffer.Rootkit-windows内核的安全防护[M].北京:清华大学出版社,2007.
  • 6程克勤,邓林,王继波,朱跃农.基于应用层的Windows个人防火墙的设计与实现[J].合肥工业大学学报(自然科学版),2011,34(5):695-699. 被引量:2
  • 7易克非,胡庆锋.基于DSP的实时多任务调度内核设计[J].通信技术,2011,44(6):135-137. 被引量:9
  • 8文军,王加懂.DSP程序在线编程的研究与实现[J].信息安全与通信保密,2007,29(8):193-195. 被引量:11

二级参考文献36

  • 1袁建国,方宁生,姜浩.802.1x:基于端口的访问控制协议[J].微机发展,2005,15(12):160-163. 被引量:8
  • 2王成,刘金刚.一种改进的字符串匹配算法[J].计算机工程,2006,32(2):62-64. 被引量:26
  • 3王永利,徐宏炳,董逸生,钱江波,刘学军.分布式数据流增量聚集[J].计算机研究与发展,2006,43(3):509-515. 被引量:4
  • 4李金良,王文国,何裕友.一种基于历史信任数据的DDOS防御模型[J].计算机技术与发展,2007,17(7):160-162. 被引量:2
  • 5MIRKOVIC JELENA .Attacking DDoS at the source[A]. Proceedings of the 10th IEEE International Conference on Network Protocols [C]. Paris, France, 2002.366-369
  • 6FERGUSON P, SENIE D. Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing[R] Internet Best Current Practice, RFC 2827, May 2000.
  • 7WALFISH M, VUTUKURU M. DDoS defense by offense [A], SIGCOM'06[C]. 2006.1635-1639.
  • 8PENG T, LECKIE R, RAMAMOHANARAO T. Survey of network-based defense mechanisms countering the DoS and DDoS problems[J]. ACM Computing Surveys, 2007,39(1):321-342.
  • 9JIN C H, WANG K SHIN. Hop-count filtering: an effective defense against spoofed DDoS traffic[A]. Proceedings of the 10th ACM Conference on Computer and Communications Security[C]. Washington, D C, USA, 2003.126-137
  • 10TUPAKULA U, VARADHARAJAN V. Analysis of Trace-Back Technique[R]. 2006.

共引文献22

同被引文献11

引证文献2

二级引证文献2

实验科学与技术
2015年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部