共查询到20条相似文献,搜索用时 65 毫秒
1.
网络安全领域日益受到重视,DDoS攻击事件正在成上升趋势,本文介绍了DDoS攻击的主要技术原理,并提出相应的检测及防范方法。 相似文献
2.
本文系统分析DDoS攻击产生的机理,发动攻击的常用工具及其最新发展,针对攻击产生的机理,研究防御DDoS攻击的一般策略和攻击机理的分类,并按不同机理分析DDoS攻击的防御问题。最后给出市场上典型DDoS攻击检测与响应系统的主要性能和防御DDoS攻击研究方向。 相似文献
3.
分布式拒绝服务攻击研究 总被引:2,自引:0,他引:2
对分布式拒绝服务攻击的原理,以及Trinoo、TFN2k两种典型的分布式拒绝攻击工具进行了分析,并提出了检测方法。给出了应用常见软、硬件的防范方法,以及一个拒绝服务监控系统的设计方案。 相似文献
4.
拒绝服务攻击是一种操作简单而后果严重的网络攻击方法,分布式拒绝服务攻击更是代表了攻击手段发展的一种新的趋势,本文论述了拒绝服务攻击的原理以及如何保护你的系统免受拒绝服务攻击. 相似文献
5.
6.
拒绝服务攻击已经成为威胁互联网安全的重要攻击手段,对分布式拒绝服务攻击(DDoS)的原理进行了解析,分析了其他不同的攻击方式。最后在此基础上介绍了几种基本防御方法。 相似文献
7.
DDoS攻击是因特网目前面临的最严峻的威胁之一.如何快速有效地对其进行防范已经成为一项十分有意义的工作.该文提出了一种TCP Proxy与待响应ACK队列相结合的、能够对TCP绝拒服务攻击进行有效过滤的方法,并用这种方法在Linux内核中实现了一个高速过滤器.实验结果表明,在为TCP传输单独分配带宽的情况下,这种高速过滤器可以有效保护T TCP支持的各种网络服务免受绝拒服务攻击 相似文献
8.
汪明燕 《数字社区&智能家居》2005,(8):38-40
拒绝服务攻击已经成为威胁互联网安全的重要攻击手段,本文从分析DoS拒绝攻击服务的原理入手.然后对分布式拒绝服务攻击(DDoS)的原理进行了解析,最后从主机和网络两个层面分析如何去防范DoS攻击。 相似文献
9.
分布式拒绝服务攻击的实现机理及其防御研究 总被引:9,自引:3,他引:9
分析了分布式拒绝服务(DDoS)攻击产生的机理、发动攻击的常用工具及其最新发展;针对攻击产生的机理,研究了防御DDoS攻击的一般策略和攻击机理的分类,并按不同机理分析了DDoS攻击的防御问题:给出了市场上典型DDoS攻击检测与响应系统的主要性能和防御DDoS攻击研究方向。 相似文献
10.
分布式拒绝服务攻击研究综述 总被引:18,自引:0,他引:18
分布式拒绝服务攻击(distributed denial-of-service,DDoS)已经对Internet的稳定运行造成了很大的威胁.在典型的DDoS攻击中,攻击者利用大量的傀儡主机向被攻击主机发送大量的无用分组.造成被攻击主机CPU资源或者网络带宽的耗尽.最近两年来.DDoS的攻击方法和工具变得越来越复杂,越来越有效,追踪真正的攻击者也越来越困难.从攻击防范的角度来说,现有的技术仍然不足以抵御大规模的攻击.本文首先描述了不同的DDoS攻击方法,然后对现有的防范技术进行了讨论和评价.然后重点介绍了长期的解决方案-Internet防火墙策略,Internet防火墙策略可以在攻击分组到达被攻击主机之前在Internet核心网络中截取这些攻击分组。 相似文献
11.
分布式拒绝服务攻击是目前严重影响网络安全和威胁网站服务质量的一种攻击手段。文章中讨论分布式拒绝服务攻击的产生过程和特点,在分析具体的攻击工具的基础上给出防御方法。 相似文献
12.
Theerasak Thapngam Shui Yu Wanlei Zhou S. Kami Makki 《Peer-to-Peer Networking and Applications》2014,7(4):346-358
In this paper, we propose a behavior-based detection that can discriminate Distributed Denial of Service (DDoS) attack traffic from legitimated traffic regardless to various types of the attack packets and methods. Current DDoS attacks are carried out by attack tools, worms and botnets using different packet-transmission rates and packet forms to beat defense systems. These various attack strategies lead to defense systems requiring various detection methods in order to identify the attacks. Moreover, DDoS attacks can craft the traffics like flash crowd events and fly under the radar through the victim. We notice that DDoS attacks have features of repeatable patterns which are different from legitimate flash crowd traffics. In this paper, we propose a comparable detection methods based on the Pearson’s correlation coefficient. Our methods can extract the repeatable features from the packet arrivals in the DDoS traffics but not in flash crowd traffics. The extensive simulations were tested for the optimization of the detection methods. We then performed experiments with several datasets and our results affirm that the proposed methods can differentiate DDoS attacks from legitimate traffics. 相似文献
13.
14.
李占新 《电脑编程技巧与维护》2011,1(16):132-134
分布式拒绝服务攻击(DDoS)攻击是网络攻击中经常采用而难以防范的攻击手段.通过实例,对分布式拒绝服务攻击进行了描述,探讨了如何构造攻击网络,结合实际经验与国内外网络安全的现状列出了一些防治DDoS的实际手段. 相似文献
15.
DDoS攻击给网络安全带来严重的破坏,现在的纯技术防御手段还不够完善。文章以安全管理为视角,针对运营商的网络安全现状提出了一套抵御DDOS攻击的安全管理规范和策略,建立一套组织管理模型.制定日常防范和应急响应的规范管理流程,并对安全管理的其他方面提出相应的保障措施。 相似文献
16.
Jasmeen Kaur Chahal Abhinav Bhandari Sunny Behal 《New Review of Information Networking》2019,24(1):31-103
In today’s cyber world, the Internet has become a vital resource for providing a plethora of services. Unavailability of these services due to any reason leads to huge financial implications or even consequences on society. Distributed Denial of Service (DDoS) attacks have emerged as one of the most serious threats to the Internet whose aim is to completely deny the availability of different Internet based services to legitimate users. The attackers compromise a large number of Internet enabled devices and gain malicious control over them by exploiting their vulnerabilities. Simplicity of launching, traffic variety, IP spoofing, high volume traffic, involvement of numerous agent machines, and weak spots in Internet topology are important characteristics of DDoS attacks and makes its defense very challenging. This article provides a survey with the enhanced taxonomies of DDoS attacks and defense mechanisms. Additionally, we describe the timeline of DDoS attacks to date and attempt to discuss its impact according to various motivations. We highlighted the general issues, challenges, and current trends of DDoS attack technology. The aim of the article is to provide complete knowledge of DDoS attacks and defense mechanisms to the research community. This will, in turn, help to develop a powerful, effective, and efficient defense mechanism by filling the various research gaps addressed in already proposed defense mechanisms. 相似文献
17.
《Information Security Journal: A Global Perspective》2013,22(5):224-247
ABSTRACT Distributed Denial of Service (DDoS) attacks on user machines, organizations, and infrastructures of the Internet have become highly publicized incidents and call for immediate solution. It is a complex and difficult problem characterized by an explicit attempt of the attackers to prevent access to resources by legitimate users for which they have authorization. Several schemes have been proposed on how to defend against these attacks, yet the problem still lacks a complete solution. The main purpose of this paper is therefore twofold. First is to present a comprehensive study of a wide range of DDoS attacks and defense methods proposed to combat them. This provides better understanding of the problem, current solution space, and future research scope to defend against DDoS attacks. Second is to propose an integrated solution for completely defending against flooding DDoS attacks at the Internet Service Provider (ISP) level. 相似文献
18.
基于时间序列分析的分布式拒绝服务攻击检测 总被引:30,自引:0,他引:30
该文分析了分布式拒绝服务(DDoS)攻击的特点,提出了一种基于流连接密度(FCD)时间序列分析的DDoS攻击检测方法,该方法通过拟合FCD时间序列的自适应自回归模型,获得能够在多维空间描述当前流量状态的AAR模型参数向量序列,然后使用经过样本训练的支持向量机(SVM)分类器进行攻击识别;充分考虑了报警的时间间隔及分布情况,提出一种报警可信度评估算法对SVM分类结果进行二次处理,以消除网络流量噪声及分类错误所带来的影响.实验结果显示,该检测方法能够有效检测DDoS攻击,可信度评估算法能够明显减少误报,降低误报率,显著提高检测质量. 相似文献
19.
