摘要
DDOS攻击是目前最严重的一种网络攻击行为.传统的DDOS防御方法复杂低效,提出一种利用源IP地址和跳数信息进行DDOS攻击过滤的方法.并利用布隆过滤器(BF)技术设计和实现了一种DDOS防御系统.该系统部署在目标端,在目标没有受到攻击时,学习并记录正常的访问源地址信息;而当攻击发生时,系统会保证正常的访问,而过滤大多数攻击报文,特别是不同类型的伪造IP的攻击报文.实验结果显示,该系统能过滤掉大多数对目标的DDOS攻击报文,且仅有很低的误报率.
DDOS attack is the most serious kind of network attack behavior. The traditional DDOS defense methods are complex and lack efficiency. A filter/ng scheme based on source IP address and hop counts in this paper is put forward to filter DDOS at- tack packets. And a DDOS defense system based on bloom filter(BF) is designed and implemented. The system is deployed on the target side. When the target is not under attack, it learns and records the normal source address information, and when the attack occurs, the system will filter most attack packets, especially the packets of spoofing IP address, but ensure the normal ac- cess. The experimental resuhs show that the system filters most of the DDOS attack packets with very low false rate.
出处
《西南民族大学学报(自然科学版)》
CAS
2015年第4期462-467,共6页
Journal of Southwest Minzu University(Natural Science Edition)