共查询到18条相似文献,搜索用时 125 毫秒
1.
2.
3.
提出了可避免数据包重复标记的可变概率分片标记算法.通过模拟试验对比该提出的算法和基本包标记算法,结果表明该方法能够消除对数据包的重复标记问题,并显著地减少反向追踪攻击源所需数据包的数目,提高了对攻击源定位的追踪的准确性和实时性. 相似文献
4.
高级包标记策略(AMS)是对分布式拒绝服务(DDoS)攻击进行IP追踪的有效算法,但是,由于使用哈希函数实现边地址的压缩,AMS算法存在复杂度高、保密性差、误报率高等缺陷。为了提高追踪效率,设计了一种基于多维伪随机序列的AMS算法:一方面,在路由器上,以全硬件实现的边采样矩阵代替原有的哈希函数,完成IP地址的压缩编码;另一方面,在受害者端,结合边地址压缩码和边的权重计算过程,实现攻击路径图的输出。仿真实验中,基于多维伪随机序列的AMS算法与原始算法性能基本一致,但能有效减少误判的发生和快速判断伪造路径。实验结果表明,所提算法保密性能高,计算速度快,抗攻击能力强。 相似文献
5.
6.
IP追踪和攻击源定位技术在DDoS攻击防御研究中有重要意义。概率包标记(Probabilistic packet marking,PPM)是一种可行的IP追踪方法,但是PPM潜在缺点是标记可能被攻击者伪造,以混淆或阻止追踪。文中提出一种新的方法:动态概率包标记(dynamic probabilistic packet marking,DPPM)来改进PPM。DPPM通过选择一个动态的标记概率,而不是使用一个固定的标记概率,或许能完全移除不确定性,从而使受害者能精确确定攻击源。对比分析表明DPPM在很多方面要优于PPM。 相似文献
7.
IP追踪和攻击源定位技术在DDoS攻击防御研究中有重要意义.概率包标记(Probabilistic packet marking,PPM)是一种可行的IP追踪方法,但是PPM潜在缺点是标记可能被攻击者伪造,以混淆或阻止追踪.文中提出一种新的方法:动态概率包标记(dynarnic prohabilistic packet marking,DPPM)来改进PPM.DPPM通过选择一个动态的标记概率,而不是使用一个固定的标记概率,或许能完全移除不确定性,从而使受害者能精确确定攻击源.对比分析表明DPPM在很多方面要优于PPM. 相似文献
8.
9.
基于自适应包标记的IP回溯 总被引:3,自引:0,他引:3
防御分布式拒绝服务攻击是当前网络安全中最难解决的问题之一。在各种解决方法中,自适应概率包标记受到了广泛的重视,因为算法中路径上的每个路由器根据一定策略自适应的概率标记过往的数据包,从而受害者可以用最短的重构时间,对攻击者进行IP回溯,找出攻击路径并发现攻击源。文中提出了一种自适应的标记策略。通过实验验证相比于常用策略,该策略重构路径所需的数据包明显减少,有效地减少了重构计算量和伪证性。 相似文献
10.
建立了PPM算法的通用数学模型,提出了一种新的基于节点采样的IP追踪方案。该方案采用新的标记信息编码机制,解决了传统包标记方案中由于地址分片带来的组合爆炸和误报率高的问题,标记过程以AS路径代替传统的IP路径,使用最优标记策略,使得路径重构过程具有更低的计算复杂性和更短的收敛时间。仿真分析表明,此方案具有应对大规模DDOS攻击源追踪的有效性和实时性。 相似文献
11.
包标记算法是IPv4下追踪DDOS攻击源最多的一种方法,但IPv6下实施困难.由此对IPv6下包标记方法的可行性进行了研究.为有效和安全的部署和实施数据包标记算法,利用IPv6新的特点,并结合标记流标签等字段,提出两种基于IPv6的改进方案AMS-v6和APPM-v6.在IPv4和IPv6协议下设计模型分别对两种算法进行实验对比,仿真实验结果表明了该算法在IPv6下数据包标记的有效性和适用性,并有效减少重构时间和所需数据包数量,提高重构攻击路径的速度. 相似文献
12.
《Computer Networks》2003,41(4):435-450
Fairness is one of the important problems in assured forwarding (AF) performance in the differentiated services (DiffServ) framework [An architecture for differentiated services, RFC 2475, IETF, December 1998; A two-bit differentiated services architecture for the Internet, Internet-draft, draft-nichols-diff-svc-arch-02.pdf, IETF, April 1999]. In this paper we present a two-part solution for the fairness problem in AF. The first part is a new packet marking algorithm called equation-based marking (EBM) and is based on the TCP model given by Padhye et al. [Modeling TCP throughput: A simple model and its empirical validation, in: Proceedings of ACM SIGCOMM ’98, October 1998]. EBM is to handle the problems found in other marking schemes regarding fairness among heterogeneous TCP flows through a tight feedback-loop operation and adaptation of the packet marking probability to network conditions. The second part is called packet separation used at routers to handle the fairness between responsive and non-responsive traffic. We evaluate the performance of a packet marker that uses EBM as the marking algorithm using in-depth simulation. We prove, analytically and using simulation, the correctness of the marking algorithm and compare it with other marking schemes for different network scenarios. We also use simulation to show the effectiveness of the packet separation mechanism in solving the fairness problem between responsive and non-responsive traffic. Our evaluation results demonstrate the effectiveness of EBM along with packet separation in providing the required fairness among heterogeneous flows and ensuring protection against non-assured traffic. 相似文献
13.
分布式拒绝服务(DDoS)攻击是目前最难处理的网络难题之一,在提出的多种对策中,通过包标记方法来进行IP跟踪受到广泛重视。提出了一种新的包标记方法(IPPM),来改进包标记方法需要网络中每个路由器都支持的弱点。通过实验表明,在包标记方法不完整配置的网络中,该方法能有效地重构攻击路径并且误报率很低。 相似文献
14.
15.
Al-Duwairi B. Govindarasu M. 《Parallel and Distributed Systems, IEEE Transactions on》2006,17(5):403-418
Tracing DoS attacks that employ source address spoofing is an important and challenging problem. Traditional traceback schemes provide spoofed packets traceback capability either by augmenting the packets with partial path information (i.e., packet marking) or by storing packet digests or signatures at intermediate routers (i.e., packet logging). Such approaches require either a large number of attack packets to be collected by the victim to infer the paths (packet marking) or a significant amount of resources to be reserved at intermediate routers (packet logging). We adopt a hybrid traceback approach in which packet marking and packet logging are integrated in a novel manner, so as to achieve the best of both worlds, that is, to achieve a small number of attack packets to conduct the traceback process and a small amount of resources to be allocated at intermediate routers for packet logging purposes. Based on this notion, two novel traceback schemes are presented. The first scheme, called distributed link-list traceback (DLLT), is based on the idea of preserving the marking information at intermediate routers in such a way that it can be collected using a link list-based approach. The second scheme, called probabilistic pipelined packet marking (PPPM), employs the concept of a "pipeline" for propagating marking information from one marking router to another so that it eventually reaches the destination. We evaluate the effectiveness of the proposed schemes against various performance metrics through a combination of analytical and simulation studies. Our studies show that the proposed schemes offer a drastic reduction in the number of packets required to conduct the traceback process and a reasonable saving in the storage requirement. 相似文献
16.
《Computer Networks》2007,51(3):866-882
Recently, denial-of-service (DoS) attack has become a pressing problem due to the lack of an efficient method to locate the real attackers and ease of launching an attack with readily available source codes on the Internet. Traceback is a subtle scheme to tackle DoS attacks. Probabilistic packet marking (PPM) is a new way for practical IP traceback. Although PPM enables a victim to pinpoint the attacker’s origin to within 2–5 equally possible sites, it has been shown that PPM suffers from uncertainty under spoofed marking attack. Furthermore, the uncertainty factor can be amplified significantly under distributed DoS attack, which may diminish the effectiveness of PPM. In this work, we present a new approach, called dynamic probabilistic packet marking (DPPM), to further improve the effectiveness of PPM. Instead of using a fixed marking probability, we propose to deduce the traveling distance of a packet and then choose a proper marking probability. DPPM may completely remove uncertainty and enable victims to precisely pinpoint the attacking origin even under spoofed marking DoS attacks. DPPM supports incremental deployment. Formal analysis indicates that DPPM outperforms PPM in most aspects. 相似文献
17.
区分服务中的分组标记策略研究 总被引:1,自引:0,他引:1
区分服务是近两年的一个研究热点,其目的是为用户提供较大粒度的服务质量(QoS)保证.与集成服务模型相比,区分服务不仅具有良好的可扩展性,而且更容易在传统IP分组交换网络上实现.研究了区分服务的一个关键机制——分组标记策略,并提出了一个具有公平性的分组标记算法(fairmarkingpacketalgorithm,简称FMPA),通过仿真把该算法与现有的等比例的标记算法进行比较.此外,还提出了一种分组再标记(remarking)算法,该算法可尽可能地维护分组原有的服务语义.通过仿真对该算法进行了验证. 相似文献