The filter-based reactive packet filtering is a key technology in attack traffic filtering for defending against the Denial-of- Service (DOS) attacks. Two kinds of relevant schemes have been proposed as victim- end ...The filter-based reactive packet filtering is a key technology in attack traffic filtering for defending against the Denial-of- Service (DOS) attacks. Two kinds of relevant schemes have been proposed as victim- end filtering and source-end filtering. The first scheme prevents attack traffic from reaching the victim, but causes the huge loss of legitimate flows due to the scarce filters (termed as collateral damages); the other extreme scheme can obtain the sufficient filters, but severely degrades the network transmission performance due to the abused filtering routers. In this paper, we propose a router based packet filtering scheme, which provides relatively more filters while reducing the quantity of filtering touters. We implement this scheme on the emulated DoS scenarios based on the synthetic and real-world Internet topologies. Our evaluation results show that compared to the previous work, our scheme just uses 20% of its filtering routers, but only increasing less than 15 percent of its collateral damage.展开更多
Recently, attacks have become Denial-of-Service (DOS) the mainstream threat to the internet service availability. The filter-based packet filtering is a key technology to defend against such attacks. Relying on the ...Recently, attacks have become Denial-of-Service (DOS) the mainstream threat to the internet service availability. The filter-based packet filtering is a key technology to defend against such attacks. Relying on the filtering location, the proposed schemes can be grouped into Victim-end Filtering and Source-end Filtering. The first scheme uses a single filtering router to block the attack flows near the victim, but does not take the factor that the filters are scarce resource into account, which causes the huge loss of legitimate flows; considering each router could contribute a few filters, the other extreme scheme pushes the filtering location back into each attack source so as to obtain ample filters, but this may incur the severe network transmission delay due to the abused filtering routers. Therefore, in this paper, we propose a scalable filter-based packet filtering scheme to balance the number of filtering routers and the available filters. Through emulating DoS scenarios based on the synthetic and real-world Intemet topologies and further implementing the various filter-based packet filtering schemes on them, the results show that our scheme just uses fewer filtering routers to cut off all attack flows while minimizing the loss of legitimate flows.展开更多
Driven by an ever-increasing num- ber of new services and applications, transport networks have been undergoing significant changes. In this paper, we describe several ex- citing technology directions associated with ...Driven by an ever-increasing num- ber of new services and applications, transport networks have been undergoing significant changes. In this paper, we describe several ex- citing technology directions associated with future optical transport networks. We review the status of 100G, which is now commercially available and entering volume deployments, and its applications in China. Beyond 100G is considered as the primary technology for the expansion of both channel and fiber capacity in tile near term, and several enabling techniques are introduced. Then, key technologies, prod- ucts, and future evolutionary options of Optical Transport Networks (OTNs) are extensively discussed. Compared to fixed bandwidth and coarse granularity of current WDM network, a flexible grid architecture is a desirable evolu- tion trend, and key technologies and challenges are described. Finally, we illustrate the multi-dimension convergences in terms of IP and optical, Packet OTN (P-OTN), as well as Electronic Integrated Circuits (EICs) and Photonic Integrated Cimuits (PICs). Transport networks are therefore in the process of be- coming more broadband, robust, flexible, cost-effective and lower-power-consumptive.展开更多
Opportunistic networks are random networks and do not communicate with each other among respective communication areas.This situation leads to great difficulty in message transfer.This paper proposes a reducing energy...Opportunistic networks are random networks and do not communicate with each other among respective communication areas.This situation leads to great difficulty in message transfer.This paper proposes a reducing energy consumption optimal selection of path transmission(OSPT) routing algorithm in opportunistic networks.This algorithm designs a dynamic random network topology,creates a dynamic link,and realizes an optimized selected path.This algorithm solves a problem that nodes are unable to deliver messages for a long time in opportunistic networks.According to the simulation experiment,OSPT improves deliver ratio,and reduces energy consumption,cache time and transmission delay compared with the Epidemic Algorithm and Spray and Wait Algorithm in opportunistic networks.展开更多
The article is devoted to the evaluation of fractal properties of routing data in computer large scale networks. Implemented the study of percolation network topological structures of large dimension and made their tr...The article is devoted to the evaluation of fractal properties of routing data in computer large scale networks. Implemented the study of percolation network topological structures of large dimension and made their transformation into fractal macrostructure. An example of calculating the fractal dimension of the data path for the boundary of the phase transition between the states of network connectivity. The dependence of the fractal dimension of the percolation cluster on the size of the square δ-cover and conductivity value network of large dimension. It is shown that for the value of the fractal dimension of the route dc ≈ 1.5, network has a stable dynamics of development and size of clusters are optimized with respect to the current load on the network.展开更多
基金supported in part by the funding agencies of china:the Doctoral Fund of Northeastern University of Qinhuangdao(Grant No.XNB201410)the Fundamental Research Funds for the Central Universities(Grant No.N130323005)
文摘The filter-based reactive packet filtering is a key technology in attack traffic filtering for defending against the Denial-of- Service (DOS) attacks. Two kinds of relevant schemes have been proposed as victim- end filtering and source-end filtering. The first scheme prevents attack traffic from reaching the victim, but causes the huge loss of legitimate flows due to the scarce filters (termed as collateral damages); the other extreme scheme can obtain the sufficient filters, but severely degrades the network transmission performance due to the abused filtering routers. In this paper, we propose a router based packet filtering scheme, which provides relatively more filters while reducing the quantity of filtering touters. We implement this scheme on the emulated DoS scenarios based on the synthetic and real-world Internet topologies. Our evaluation results show that compared to the previous work, our scheme just uses 20% of its filtering routers, but only increasing less than 15 percent of its collateral damage.
基金supported by the Doctoral Fund of Northeastern University of Qinhuangdao(No.XNB201410)the Fundamental Research Funds for the Central Universities(No.N130323005)+1 种基金the Natural Science Foundation of Hebei Province of China(No.F2015501122)the Doctoral Scientific Research Foundation of Liaoning Province(No.201501143)
文摘Recently, attacks have become Denial-of-Service (DOS) the mainstream threat to the internet service availability. The filter-based packet filtering is a key technology to defend against such attacks. Relying on the filtering location, the proposed schemes can be grouped into Victim-end Filtering and Source-end Filtering. The first scheme uses a single filtering router to block the attack flows near the victim, but does not take the factor that the filters are scarce resource into account, which causes the huge loss of legitimate flows; considering each router could contribute a few filters, the other extreme scheme pushes the filtering location back into each attack source so as to obtain ample filters, but this may incur the severe network transmission delay due to the abused filtering routers. Therefore, in this paper, we propose a scalable filter-based packet filtering scheme to balance the number of filtering routers and the available filters. Through emulating DoS scenarios based on the synthetic and real-world Intemet topologies and further implementing the various filter-based packet filtering schemes on them, the results show that our scheme just uses fewer filtering routers to cut off all attack flows while minimizing the loss of legitimate flows.
基金supported by the National Natural Science Foundation of China under GrantNo. 61171076National 863 Project underGrant No. 2012AA011303National 973 Project under Grant No. 2010CB328200(2010CB328201)
文摘Driven by an ever-increasing num- ber of new services and applications, transport networks have been undergoing significant changes. In this paper, we describe several ex- citing technology directions associated with future optical transport networks. We review the status of 100G, which is now commercially available and entering volume deployments, and its applications in China. Beyond 100G is considered as the primary technology for the expansion of both channel and fiber capacity in tile near term, and several enabling techniques are introduced. Then, key technologies, prod- ucts, and future evolutionary options of Optical Transport Networks (OTNs) are extensively discussed. Compared to fixed bandwidth and coarse granularity of current WDM network, a flexible grid architecture is a desirable evolu- tion trend, and key technologies and challenges are described. Finally, we illustrate the multi-dimension convergences in terms of IP and optical, Packet OTN (P-OTN), as well as Electronic Integrated Circuits (EICs) and Photonic Integrated Cimuits (PICs). Transport networks are therefore in the process of be- coming more broadband, robust, flexible, cost-effective and lower-power-consumptive.
基金Supported by the National Natural Science Foundation of China(No.61379057,61073186,61309001,61379110,61103202)Doctoral Fund of Ministry of Education of China(No.20120162130008)the National Basic Research Program of China(973 Program)(No.2014CB046305)
文摘Opportunistic networks are random networks and do not communicate with each other among respective communication areas.This situation leads to great difficulty in message transfer.This paper proposes a reducing energy consumption optimal selection of path transmission(OSPT) routing algorithm in opportunistic networks.This algorithm designs a dynamic random network topology,creates a dynamic link,and realizes an optimized selected path.This algorithm solves a problem that nodes are unable to deliver messages for a long time in opportunistic networks.According to the simulation experiment,OSPT improves deliver ratio,and reduces energy consumption,cache time and transmission delay compared with the Epidemic Algorithm and Spray and Wait Algorithm in opportunistic networks.
文摘The article is devoted to the evaluation of fractal properties of routing data in computer large scale networks. Implemented the study of percolation network topological structures of large dimension and made their transformation into fractal macrostructure. An example of calculating the fractal dimension of the data path for the boundary of the phase transition between the states of network connectivity. The dependence of the fractal dimension of the percolation cluster on the size of the square δ-cover and conductivity value network of large dimension. It is shown that for the value of the fractal dimension of the route dc ≈ 1.5, network has a stable dynamics of development and size of clusters are optimized with respect to the current load on the network.
