摘要
拒绝服务(DoS,denial of service)攻击是云计算平台面临的主要安全威胁之一。安全访问路径算法(SAPA,security access path algorithm)通过节点路由表(NRT,node route table)合成安全路径,简化了传统安全覆盖网服务(SOS,secure overlay services)的角色节点,并采用周期性更新角色节点以及缓存安全访问路径的策略。SAPA更适用于云计算平台防御DoS攻击。基于云计算泛联路由架构,建立SAPA的数学模型并对其性能进行理论分析。通过OMNe T++实验平台测试SAPA的性能,并将实验场景扩展到Test-bed平台来评估SAPA对DoS攻击的防御效果。实验结果表明,相较于SOS方法,SAPA能够更有效地降低DoS攻击对通信成功率的影响,并保证足够小的访问延时。
Denial of service(DoS) attack was one of the major threats to cloud computing. Security access path algorithm(SAPA) used node route table(NRT) to compose security access path. It simplified role nodes of traditional secure overlay services(SOS), and periodically updated role nodes, and cached security access paths. Therefore, SAPA was more appropriate for cloud computing to defend DoS attacks. Based on the turn routing architecture of cloud computing, the mathematical model of SAPA was built and its performance was analyzed in theory. The performance of SAPA was tested in OMNe T++ experimental platform. Also, the Test-bed experiments were performed to evaluate the effectiveness of SAPA for defending DoS attack. Experimental results show that comparing with SOS, SAPA can degrade the impact of communication success rate caused by DoS attack effectively, and guarantees the access delay small enough.
作者
岳猛
李坤
吴志军
YUE Meng LI Kun WU Zhi-jun(School of Electronic Information and Automation, Civil Aviation University of China, Tianjin 300300, Chin)
出处
《通信学报》
EI
CSCD
北大核心
2017年第4期129-139,共11页
Journal on Communications
基金
国家自然科学基金资助项目(No.61601467
No.U1533107
No.U1433105)
中央高校基本科研业务费基金资助项目(No.3122016D005)~~
