共查询到19条相似文献,搜索用时 219 毫秒
1.
2.
基于追踪部署的相关理论和动态概率包标记算法,针对当前危害甚大的分布式拒绝服务攻击,提出一种基于追踪部署的IP回溯算法。该算法是以贪心算法为基础利用K-剪枝算法在网络拓扑图中找出一些关键的路由器,利用这些路由器也就是只让tracers对过往的数据包按照动态概率包标记算法进行标记,这样大大减少了重构路径所需的数据包数,提高了追踪到攻击者的速度,而且大大减轻了路由器标记的负担,从而能够迅速而准确的找到攻击源。 相似文献
3.
提出一种基于自治系统协同的分布式拒绝服务攻击的追踪算法.在该算法中,自治系统边界路由器把所在的AS信息以一定的概率对经过的数据包进行标记,受害者可通过数据包中所标记的路径信息重构出攻击路径,从而追踪到攻击源.带认证的标记方法有效地防止了攻击者伪造和篡改数据包中的路径信息.与其它追踪算法相比,该算法实现了快速实时追踪攻击源,有效地抑制了攻击流进入其它的网络,及时缓减了攻击带来的影响. 相似文献
4.
在当前 IP源地址可欺骗的情况下 ,准确、快速追踪攻击源是防范网络攻击尤其是 DOS攻击的关键 .本文给出了逆向路径追踪 DOS攻击的模型和评价指标 ,分析了已有算法的性能 .在此基础上 ,提出一种新的基于消息鉴别码的随机数据包标记算法 MPPM.在该算法中路由器随机标记转发的数据包 ,标记信息包括路由器自身及其下游路由器组成的边标记的分片以及 MAC值 ,DOS攻击的受害者利用 MAC把不同攻击数据包中的边标记分片重组以得到边标记及攻击路径 ,并可鉴别标记的真伪 .分析和模拟结果表明 ,该算法具有线性的计算复杂度 ,追踪速度快 ,误差较小 ,高效可行 相似文献
5.
拒绝服务攻击路径的重构算法研究 总被引:2,自引:0,他引:2
根据拒绝服务攻击的原理和特点,提出了对流经路由器的数据包抽样,用相邻两路由器地址来标注包,以使得受害主机能够利用被标注包内的信息重构出攻击路径集,从而追踪到拒绝服务攻击源点的技术,文中分析了数据包标注和路径重构算法。 相似文献
6.
7.
包标记算法是IPv4下追踪DDOS攻击源最多的一种方法,但IPv6下实施困难.由此对IPv6下包标记方法的可行性进行了研究.为有效和安全的部署和实施数据包标记算法,利用IPv6新的特点,并结合标记流标签等字段,提出两种基于IPv6的改进方案AMS-v6和APPM-v6.在IPv4和IPv6协议下设计模型分别对两种算法进行实验对比,仿真实验结果表明了该算法在IPv6下数据包标记的有效性和适用性,并有效减少重构时间和所需数据包数量,提高重构攻击路径的速度. 相似文献
8.
拒绝服务攻击(DoS)是难以解决的网络安全问题。IP追踪技术是确定DoS攻击源的有效方法。针对用于IP追踪的压缩边分片采样算法(CEFS)存在的不足,提出了新分片标记算法(NFMS),该算法通过扩大标记空间和采用自适应概率的方法,减少了重构路径所需数据包数,并通过给分片加标注,减少了重构路径的计算量和误报率,并且将点分片(路由器分片)、边分片(该路由器分片与同偏移值的下游相邻路由器分片的异或值)分开存放,可验证重构路径时所得攻击路径中节点的正确性。分析和仿真结果表明NFMS算法的性能较优。 相似文献
9.
10.
梁爽 《计算机应用与软件》2012,29(7):286-287,297
目前,基于包标记的IP追踪和攻击包识别技术是有效防御分布式拒绝服务攻击的主要手段之一。提出一种基于确定包标记的防御新方法通过在子网中增加跟踪服务器,改变EPS编码方式,并通过边界路由器来追踪和识别攻击数据包。实验表明,方法具有追踪攻击源数量大,没有误报率,可以实现攻击包识别、单包追踪和有效保护网络拓扑的隐秘性等优点。 相似文献
11.
IP traceback using packet marking technique allows direct traceback of attackers. Under this strategy en route routers inject mark into packets which is later used to unambiguously identify the source of an attack. Star coloring approach allows the mark to be reused, thereby saving bit space and at the same time explicitly identify the attacker. As the Internet structure is unknown, in the present work we propose a distributed approach of assigning color (mark) to routers such that the star color template is followed without consideration of the graph structure. An algorithm is proposed to minimize the color assignment conflict. The convergence of the algorithm is also discussed. Simulation study is presented to support the convergence analysis. 相似文献
12.
The Source Path Isolation Engine (SPIE) is based on a bloom filter. The SPIE is designed to improve the memory efficiency by storing in a bloom filter the information on packets that are passing through routers, but the bloom filter must be initialized periodically because of its limited memory. Thus, there is a problem that the SPIE cannot trace back the attack packets that passed through the routers earlier. To address this problem, this paper proposes an IP Traceback Protocol (ITP) that uses a Compressed Hash Table, a Sinkhole Router and Data Mining based on network forensics against network attacks. The ITP embeds in routers the Compressed Hash Table Module (CHTM), which compresses the contents of a Hash Table and also stores the result in a database. This protocol can trace an attack back not only in real time using a hash table but also periodically using a Compressed Hash Table (CHT). Moreover, the ITP detects a replay attack by attaching time-stamps to the messages and verifies its integrity by hashing it. This protocol also strengthens the attack packet filtering function of routers for the System Manager to update the attack list in the routers periodically and improves the Attack Detection Rate using the association rule among the attack packets with an Apriori algorithm. 相似文献
13.
The main results of this paper are algorithms for time-optimal gossip of large packets in noncombining full-duplex all-port 2-D tori and meshes of any size m×n. The gossip algorithms define the structure of broadcast trees and lock-step scheduling schemes for packets that make the broadcast trees time-are-disjoint. The gossip algorithm for tori is also buffer-optimal-it requires routers with auxiliary buffers for at most three packets. The gossip algorithm for meshes requires routers with auxiliary buffers for O(m+n) packets 相似文献
14.
15.
16.
为了提高了整个网络的性能,提出了一种基于分支路由器协调的组播流量控制算法,其基本思想是在各分支路由器节点处采用一种新的闭环控制器来对源端的发送速率进行实时调节,使得源端的发送速率趋于稳定;另外,算法还在拥有一定数量接收端的分支路由器处对其发送的数据进行拷贝,一旦在规定时间内收到接收端发来的重传请求信息包,则对该接收端进行数据重发.并还在网络拓扑结构动态变化的情况下进行了仿真试验,仿真结果表明,算法具有良好的可扩展性、稳定性和响应速度. 相似文献
17.
18.
19.
《Computer Communications》2001,24(7-8):667-676
In order to provide different service treatments to individual or aggregated flows, layer 4 routers in Integrated Services networks need to classify packets into different queues. The classification module of layer 4 routers must be fast enough to support gigabit links at a rate of millions of packets per second. In this work, we present a new software method OLBM to lookup multiple fields of a packet, in a dynamically pre-defined order, against the classification database. This algorithm also uses a technique called bypass matching and can classify packets at a rate of well over one million packets per second while scaling to support more than 300k flows. Complexity analysis and experiment measurements are also presented in this study. 相似文献