期刊文献+

一种利用源地址信息的DDoS防御系统的设计与实现 被引量:1

Design and implementation of DDOS defense system based on source address information
下载PDF
导出
摘要 DDOS攻击是目前最严重的一种网络攻击行为.传统的DDOS防御方法复杂低效,提出一种利用源IP地址和跳数信息进行DDOS攻击过滤的方法.并利用布隆过滤器(BF)技术设计和实现了一种DDOS防御系统.该系统部署在目标端,在目标没有受到攻击时,学习并记录正常的访问源地址信息;而当攻击发生时,系统会保证正常的访问,而过滤大多数攻击报文,特别是不同类型的伪造IP的攻击报文.实验结果显示,该系统能过滤掉大多数对目标的DDOS攻击报文,且仅有很低的误报率. DDOS attack is the most serious kind of network attack behavior. The traditional DDOS defense methods are complex and lack efficiency. A filter/ng scheme based on source IP address and hop counts in this paper is put forward to filter DDOS at- tack packets. And a DDOS defense system based on bloom filter(BF) is designed and implemented. The system is deployed on the target side. When the target is not under attack, it learns and records the normal source address information, and when the attack occurs, the system will filter most attack packets, especially the packets of spoofing IP address, but ensure the normal ac- cess. The experimental resuhs show that the system filters most of the DDOS attack packets with very low false rate.
出处 《西南民族大学学报(自然科学版)》 CAS 2015年第4期462-467,共6页 Journal of Southwest Minzu University(Natural Science Edition)
关键词 拒绝服务攻击 布隆过滤器 报文过滤 网络安全 DDoS Bloom filter packet filtering network security
  • 相关文献

参考文献16

  • 1YU S,TIAN Y,GUO S,et al. Can We Beat DDoS Attacks in Clouds? [ J]. IEEE Transactions on Parallel & Distributed Systems,2014,25(9) :2245 -2254.
  • 2DU P, NAKAO A. DDoS Defense Deployment with Network Egress and Ingress Filtering[ C ]// Communications ( ICC ), 2010 IEEE Interna- tional Conference on. IEEE ,2010 : 1 - 6.
  • 3LEE F Y, SHIEH S. Defending against spoofed DDoS attacks with path fingerprint[ J ]. Computers & Security ,2005,24 (7) :571 - 586.
  • 4WANG Y, SUN IL An IP - Traceback - based Packet Filtering Scheme for Eliminating DDoS Attacks[ J]. Journal of Networks ,2014,9 ( 4 ) : 19 -21.
  • 5DUAN Z, YUAN X, CHANDRASHEKAR J. Controlling IP Spoofing through Interdomain Packet Filters [ J ]. Dependable & Secure Compu- ting IEEE Transactions on ,2008,5 ( 1 ) :22 - 36.
  • 6KIM Y, LAU W C, CHUAH M C, et al. PacketScore : a statistics - based packet filtering scheme against distributed denial - of - service attacks [ J]. IEEE Transactions on Dependable & Secure Computing, 2006,3 (2) :141 -155.
  • 7SHAMSOLMOALI P, ZAREAPOOR M. Statistical -based filtering sys- tem against DDOS attacks in cloud computing[ C ]//Advances in Com- puting, Communications and Informatics (ICACCI,2014 International Conference on. IEEE ,2014 :1234 - 1239.
  • 8戴世冬,段海新,李星.基于令牌桶阵列的DDoS流量过滤[J].清华大学学报(自然科学版),2011,51(1):141-144. 被引量:1
  • 9AYRES P E,SUN I-I,CHAO H J. et al. ,"ALPi:A DDoS Defense Sys- tem for High -Speed Networks [ J ]. IEEE Journal on Selected Areas in Communications ,2006,24 ( 10 ) : 1864 - 1876.
  • 10YU S, ZHOU W, JIA W, et al. Discriminating DDoS Attacks from Flash Crowds Using Flow Correlation Coefficient[ J]. Parallel & Distrib- uted Systems IEEE Transactions on,2012,23 (6) :1073 -1080.

二级参考文献36

  • 1余顺争.Web负载流的宏观模式与识别[J].模式识别与人工智能,2005,18(1):31-37. 被引量:2
  • 2闫巧,吴建平,江勇.网络攻击源追踪技术的分类和展望[J].清华大学学报(自然科学版),2005,45(4):497-500. 被引量:15
  • 3Wu Zhijun,Duan Haixin,Li Xing.AN APPROACH OF DEFENDING AGAINST DDOS ATTACK[J].Journal of Electronics(China),2006,23(1):148-153. 被引量:1
  • 4龚俭,彭艳兵,杨望,刘卫江.基于BloomFilter的大规模异常TCP连接参数再现方法[J].软件学报,2006,17(3):434-444. 被引量:24
  • 5Nazario J. Measuring Politically Motivated Denial of Service Attacks [EB/OL]. (2009-09-24) http://caislab, kaist, ac. kr/77ddos/Jose, html.
  • 6Yaar A, Adrian P, Dawn S. StackPi: New packet marking and filtering mechanisms for DDoS and IP spoofing defent [J]. IEEE Journal on Selected Areas in Communications, 2006, 24(10) : 1853 - 1863.
  • 7Wang H N, Jin C, Shin K. Defense against spoofed IP traffic using hop-count filtering [J].IEEE Transactions On Networking, 2007, 15(1): 40-53.
  • 8Peng T, Leckie C, Kotagiri R. Protection from distributed denial of service attacks using history based IP filtering [C]// Proceedings of IEEE International Conference on Communications. Weisman, AK: IEEE Press, 2003: 482-486.
  • 9Kim Y, Lau W, Chuah M, et al. PacketScore: A statistics-based packet filtering scheme against distributed denial-of-service attacks [J]. IEEE Transactions on Dependable and Secure Computing, 2006, 3(2) : 141 - 155.
  • 10Li Q, Chang E, Chan M. On the effectiveness of DDoS attacks on statistical filtering [C]// Proceedings of IEEE INFOCOM. Freeman, FL: IEEE Press, 2005: 1373-1383.

共引文献37

同被引文献8

引证文献1

二级引证文献1

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部