期刊文献+
共找到2篇文章
< 1 >
每页显示 20 50 100
A Robust IP Packets Filtering Mechanism for Protecting Web Server from DDoS Attacks
1
作者 WU Qingtao SHAO Zhiqing +1 位作者 DING Zhiyi LIU Gang 《Wuhan University Journal of Natural Sciences》 CAS 2006年第5期1271-1277,共7页
Distributed denial of service (DDoS) attacks exploit the availability of Web servers, resulting in the severe loss of their connectivity. We present a robust IP packets filtering mechanism which combines the detecti... Distributed denial of service (DDoS) attacks exploit the availability of Web servers, resulting in the severe loss of their connectivity. We present a robust IP packets filtering mechanism which combines the detection and filtering engine together to protect Web Servers from DDoS Attacks. The mechanism can detect DDoS attacks by inspecting inbound packets with an IP address database, and filter out lower priority IP addresses to preserve the connection for valid users by monitoring the queues status. We use the Netfilter's technique, a framework inside the Linux 2.4. X, to implement it on a Web server. Also, we evaluate this mechanism and analyze the influence of some important parameters on system performance. The experimental results show that this mechanism is effective against DDoS attacks. 展开更多
关键词 Web server distributed denial of service IP packets filtering Hop-Count filtering history-based IP filtering
下载PDF
A Router Based Packet Filtering Scheme for Defending Against DoS Attacks 被引量:1
2
作者 LU Ning SU Sen +1 位作者 JING Maohua HAN Jian 《China Communications》 SCIE CSCD 2014年第10期136-146,共11页
The filter-based reactive packet filtering is a key technology in attack traffic filtering for defending against the Denial-of- Service (DOS) attacks. Two kinds of relevant schemes have been proposed as victim- end ... The filter-based reactive packet filtering is a key technology in attack traffic filtering for defending against the Denial-of- Service (DOS) attacks. Two kinds of relevant schemes have been proposed as victim- end filtering and source-end filtering. The first scheme prevents attack traffic from reaching the victim, but causes the huge loss of legitimate flows due to the scarce filters (termed as collateral damages); the other extreme scheme can obtain the sufficient filters, but severely degrades the network transmission performance due to the abused filtering routers. In this paper, we propose a router based packet filtering scheme, which provides relatively more filters while reducing the quantity of filtering touters. We implement this scheme on the emulated DoS scenarios based on the synthetic and real-world Internet topologies. Our evaluation results show that compared to the previous work, our scheme just uses 20% of its filtering routers, but only increasing less than 15 percent of its collateral damage. 展开更多
关键词 Internet security DoS attacks filter-based reactive packet filtering
下载PDF
上一页 1 下一页 到第
使用帮助 返回顶部