| 基于速率限制的源端网络DDoS防御 |
| |
| 引用本文: | 李霞,谢康林,白英彩.基于速率限制的源端网络DDoS防御[J].计算机工程与应用,2005,41(35):149-152,192. |
| |
| 作者姓名: | 李霞 谢康林 白英彩 |
| |
| 作者单位: | 1. 甘肃政法学院计算机系,兰州,730070
2. 上海交通大学计算机系,上海,200030 |
| |
| 摘 要: | 分布式拒绝服务攻击(DDoS)给Internet网络造成了巨大的威胁。目前已提出的各种防御机制都无法有效解决DDoS攻击报文特征随机变化的问题。文章提出一个从源端网络检测和防御DDoS的机制。该机制结合网路流的对称性和Patricia树的汇聚方法检测DDoS攻击,并利用速率限制方法阻止DDoS攻击。仿真测试表明,该方法的防御效果显著优于被攻击端防御方法,减少DDoS攻击对正常网络流的影响。
|
| 关 键 词: | 分布式拒绝服务 网络安全 入侵检测 |
| 文章编号: | 1002-8331-(2005)35-0149-04 |
| 收稿时间: | 2005-03 |
| 修稿时间: | 2005-03 |
DDOS Defense Mechanism Based on Rate-Limiting in Source Network |
| |
| Li Xia,Xie Kanglin,Bai Yingcai.DDOS Defense Mechanism Based on Rate-Limiting in Source Network[J].Computer Engineering and Applications,2005,41(35):149-152,192. |
| |
| Authors: | Li Xia Xie Kanglin Bai Yingcai |
| |
| Affiliation: | 1.Dept. of Computer,Gansu Institute of Political Science and Law,Lanzhou 730070; 2.Department of Computer Science,Shanghai Jiaotong University,Shanghai 200030 |
| |
| Abstract: | Distributed denial-of-service attacks(DDoS) pose an immense threat to the Internet.Many defense mechanisms that had been presented are not efficient to handle the question that the attributes of the attack net-flow change at random.This paper proposes a new defense mechanism of DDoS attacks,which identifies DDoS attacks with the net-flow symmetry attribute and the aggregation method based on Patricia tree and prevents the attack with rate-limiting method in source network.The simulation result shows that the mechanism is better defensibility than Victim-Network Defense Mechanisms and reduces the negative effect the DDoS attack imposes on the normal traffic. |
| |
| Keywords: | Distributed Denial of Service(DDoS) network security intrusion detection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
