排序方式: 共有548条查询结果,搜索用时 15 毫秒
1.
追踪洋葱包的高级标记方案与实现 总被引:12,自引:0,他引:12
洋葱路由技术是实现信息隐藏而提出的一种新的匿名连接技术,使攻击者既不能进行窃听,也不能实施流量分析。然而攻击者一旦利用此技术进行拒绝服务式攻击,受害者无法追踏出攻击者。为此本文提出一种可追踪洋葱数据包的高级标记方案,使洋葱路由技术在保持原有隐匿性的同时受害者还可以近似地追踪出攻击者,本方案有很低的网络和路由器开销,也容易扩充到IPV6和未来的主干网。 相似文献
2.
Network Denial-of-Service (DoS) attacks that disable network services by flooding them with spurious packets are on the rise. Criminals with large networks (botnets) of compromised nodes (zombies) use the threat of DoS attacks to extort legitimate companies. To fight these threats and ensure network reliability, early detection of these attacks is critical. Many methods have been developed with limited success to date. This paper presents an approach that identifies change points in the time series of network packet arrival rates. The proposed process has two stages: (i) statistical analysis that finds the rate of increase of network traffic, and (ii) wavelet analysis of the network statistics that quickly detects the sudden increases in packet arrival rates characteristic of botnet attacks.Most intrusion detections are tested using data sets from special security testing configurations, which leads to unacceptable false positive rates being found when they are used in the real world. We test our approach using data from both network simulations and a large operational network. The true and false positive detection rates are determined for both data sets, and receiver operating curves use these rates to find optimal parameters for our approach. Evaluation using operational data proves the effectiveness of our approach. 相似文献
3.
Distributed Denial-of-Service (DDoS) attacks pose a serious threat to Internet security. Most current research focuses on
detection and prevention methods on the victim server or source side. To date, there has been no work on defenses using valuable
information from the innocent client whose IP has been used in attacking packets. In this paper, we propose a novel cooperative
system for producing warning of a DDoS attack. The system consists of a client detector and a server detector. The client
detector is placed on the innocent client side and uses a Bloom filter-based detection scheme to generate accurate detection
results yet consumes minimal storage and computational resources. The server detector can actively assist the warning process
by sending requests to innocent hosts. Simulation results show that the cooperative technique presented in this paper can
yield accurate DDoS alarms at an early stage. We theoretically show the false alarm probability of the detection scheme, which
is insensitive to false alarms when using specially designed evaluation functions.
This work is partially supported by HK Polyu ICRG A-PF86 and CERG Polyu 5196/04E, and by the National Natural Science Foundation
of China under Grant No. 90104005. 相似文献
4.
传统软件定义网络(SDN)中的分布式拒绝服务(DDoS)攻击检测方法需要控制平面与数据平面进行频繁通信,这会导致显著的开销和延迟,而目前可编程数据平面由于语法无法实现复杂检测算法,难以保证较高检测效率。针对上述问题,提出了一种基于可编程协议无关报文处理(P4)可编程数据平面的DDoS攻击检测方法。首先,利用基于P4改进的信息熵进行初检,判断是否有可疑流量发生;然后再利用P4提取特征只需微秒级时长的优势,提取可疑流量的六元组特征导入数据标准化—深度神经网络(data standardization-deep neural network,DS-DNN)复检模块,判断其是否为DDoS攻击流量;最后,模拟真实环境对该方法的各项评估指标进行测试。实验结果表明,该方法能够较好地检测SDN环境下的DDoS攻击,在保证较高检测率与准确率的同时,有效降低了误报率,并将检测时长缩短至毫秒级别。 相似文献
5.
DDoS攻击防御技术研究 总被引:2,自引:0,他引:2
目前,网络攻击事件越来越多,网络攻击的主要目的是为了经济利益,DDoS攻击则是常见的网络攻击手段。文章分析了常见的DDoS攻击行为及技术原理,并对这种攻击行为进行了分类。提出了多种有效治理DDoS攻击的防范技术,并分析了其技术原理,从而为用户及时防范潜在的黑客攻击和降低损失提供了对策。 相似文献
6.
7.
基于Q学习的DDoS攻防博弈模型研究 总被引:1,自引:0,他引:1
新形势下的DDoS攻防博弈过程和以往不同,因此利用现有的方法无法有效地评估量化攻防双方的收益以及动态调整博弈策略以实现收益最大化。针对这一问题,设计了一种基于Q学习的DDoS攻防博弈模型,并在此基础上提出了模型算法。首先,通过网络熵评估量化方法计算攻防双方收益;其次,利用矩阵博弈研究单个DDoS攻击阶段的攻防博弈过程;最后,将Q学习引入博弈过程,提出了模型算法,用以根据学习效果动态调整攻防策略从而实现收益最大化。实验结果表明,采用模型算法的防御方能够获得更高的收益,从而证明了算法的可用性和有效性。 相似文献
8.
9.
随着互联网的高速发展,其已经渗入到人们生活的方方面面,对经济和社会有着重大的影响。但近年来出现了大量的DDoS攻击事件,给互联网带来了很大冲击,严重影响了业务的可用性、用户的感知,以及给营运商造成了重大经济损失。在大流量的DDoS攻击面前,传统的安全防护设备显得那么无能为力,如何有效抵御DDoS攻击是每个运营商无法回避的难题。在深入分析DDoS攻击特征的前提下,探索性地将异常流量清洗设备引入到运营商的网络中,并成功防御了多次DDoS攻击事件,为解决难题指出了一条可行道路。 相似文献
10.