基于OMNeT++的IPv6协议仿真模型

本文主要介绍了仿真工具——OMNeT ,通过对IPv6网络协议的性能分析,以及对协议RFC2373(IPv6寻址体系结构),RFC2460(IPv6规范),RFC2461(IPv6邻节点发现),RFC2462(IPv6无状态地址自动配置),RFC2463(ICMPv6),RFC2472(PPP上的IPv6)的功能参考,建立了基于OMNeT 平台的一系列IPv6协议精确仿真模型。     

Labeled flow-based dataset of ICMPv6-based DDoS attacks

Neural Computing and Applications - DDoS attacks that depend on Internet Control Message Protocol version 6 (ICMPv6) are one of the most commonly performed IPv6 attacks against today’s IPv6...     

Rule-based detection technique for ICMPv6 anomalous behaviour

The rapid growth of the Internet in the past few years has revealed the limitation of address space in the current Internet Protocol (IP), namely IPv4. Essentially, the increasing demand and consumption of IP addresses have led to the anticipated exhaustion of IPv4 addresses. In order to address this concern, the Internet Protocol version 6 (IPv6) has been developed to provide a sufficient address space. IPv6 is shipped with a new protocol, namely, the neighbour discovery protocol (NDP) which has vulnerabilities that can be used by attackers to launch attacks on IPv6 networks. Such vulnerabilities include the lack of exchange message authentication of NDP. Attacks targeting ICMPv6 protocol display ICMPv6 anomalies. As such, this paper proposes a rule-based technique for detecting ICMPv6 anomalous behaviours that negatively affect the network performance. The effectiveness of this technique is demonstrated by using substantial datasets obtained from the National Advance IPv6 Centre of Excellence (NAv6) laboratory. The experimental results have proved that the proposed technique is capable of detecting ICMPv6 anomalous behaviour s with a detection accuracy rate of 92%.

     

TARP: Ticket-based address resolution protocol

IP networks fundamentally rely on the Address Resolution Protocol (ARP) for proper operation. Unfortunately, vulnerabilities in ARP enable a raft of Internet Protocol (IP)-based impersonation, man-in-the-middle, or Denial of Service (DoS) attacks. Proposed countermeasures to these vulnerabilities have yet to simultaneously address backward compatibility and cost requirements. This paper introduces the Ticket-based Address Resolution Protocol (TARP). TARP implements security by distributing centrally issued secure IP/Medium Access Control (MAC) address mapping attestations through existing ARP messages. We detail TARP and its implementation within the Linux operating system. We also detail the integration of TARP with the Dynamic Host Configuration Protocol (DHCP) for dynamic ticket distribution. Our experimental analysis shows that TARP improves the costs of implementing ARP security by as much as two orders of magnitude over existing protocols. We conclude by exploring a range of operational issues associated with deploying and administering ARP security.     

IPv6隧道代理机制中的DDoS攻击安全性分析

DDoS攻击是当今IPv4网络上最严重的威胁之一,IPv6网络在安全性方面的设计十分优越,但由IPv4过渡到IPv6网络还需要一些转换机制,本文对转换机制中存在的安全问题进行了介绍,并着重分析了TunnelBroker(隧道代理)机制下的DDoS攻击。     

基于IAD的防DDoS攻击的实现

DDoS攻击是威胁因特网安全的重要手段,本文提出了一种基于IP地址数据库的实用方法来有效防御DDoS攻击,边界路由器保存所有以往在网络上出现的合法IP地址的记录,当边界路由器业务量过载时,利用这一记录来决定是否接受输入的IP包。     

基于信息熵与LSTM的ICMPv6 DDoS攻击检测方法

ICMPv6（Internet Control Management Protocol version 6）协议作为IPv6网络运行的基础支撑协议,是IPv6 DDoS（Distribute Denial of Service）攻击防御的一个重要环节。在分析国内外ICMPv6 DDos攻击检测现状的基础上,提出了一种基于信息熵与长短期记忆网络（Long Short-Term Memory,LSTM）相结合的双重检测方法。该方法通过基于信息熵的初步检测能有效识别出异常流量,再进一步基于改进的LSTM网络的深度检测对异常流量进行确认。仿真实验表明,该方法对ICMPv6 DDoS攻击的识别准确率能达到95%以上,与常用的检测方法相比,该方法的准确率更高。同时,与只基于LSTM的检测方法相比,该方法缩短了50%以上的检测时间,具有更好的性能。     

DDoS攻击和防御机制分类研究

随着Internet的迅速发展,网络安全问题日益突出,其中分布式拒绝服务（DDoS）攻击对Internet构成巨大威胁。在分析DDoS攻击机理的基础上,对攻击和防御机制进行分类,以便有效地分析、认识分布式拒绝服务攻击行为。     

Transport-aware IP routers: a built-in protection mechanism to counter DDoS attacks

The lack-of service differentiation and resource isolation by current IP routers exposes their vulnerability to Distributed Denial of Service (DDoS) attacks (Garber, 2000), causing a serious threat to the availability of Internet services. Based on the concept of layer-4 service differentiation and resource isolation, where the transport-layer information is inferred from the IP headers and used for packet classification and resource management, we present a transport-aware IP (tIP) router architecture that provides fine-grained service differentiation and resource isolation among different classes of traffic aggregates. The tIP router architecture consists of a fine-grained Quality-of-Service (QoS) classifier and an adaptive weight-based resource manager. A two-stage packet-classification mechanism is devised to decouple the fine-grained QoS lookup from the usual routing lookup at core routers. The fine-grained service differentiation and resource isolation provided inside the tIP router is a powerful built-in protection mechanism to counter DDoS attacks, reducing the vulnerability of Internet to DDoS attacks. Moreover, the tIP architecture is stateless and compatible with the Differentiated Service (DiffServ) infrastructure. Thanks to its scalable QoS support for TCP control segments, the tIP router supports bidirectional differentiated services for TCP sessions.     

Distributed Denial of Service Attacks: A Threat or Challenge

In today’s cyber world, the Internet has become a vital resource for providing a plethora of services. Unavailability of these services due to any reason leads to huge financial implications or even consequences on society. Distributed Denial of Service (DDoS) attacks have emerged as one of the most serious threats to the Internet whose aim is to completely deny the availability of different Internet based services to legitimate users. The attackers compromise a large number of Internet enabled devices and gain malicious control over them by exploiting their vulnerabilities. Simplicity of launching, traffic variety, IP spoofing, high volume traffic, involvement of numerous agent machines, and weak spots in Internet topology are important characteristics of DDoS attacks and makes its defense very challenging. This article provides a survey with the enhanced taxonomies of DDoS attacks and defense mechanisms. Additionally, we describe the timeline of DDoS attacks to date and attempt to discuss its impact according to various motivations. We highlighted the general issues, challenges, and current trends of DDoS attack technology. The aim of the article is to provide complete knowledge of DDoS attacks and defense mechanisms to the research community. This will, in turn, help to develop a powerful, effective, and efficient defense mechanism by filling the various research gaps addressed in already proposed defense mechanisms.     

基于软件定义物联网的分布式拒绝服务攻击检测方法

由于物联网（IoT）设备众多、分布广泛且所处环境复杂,相较于传统网络更容易遭受分布式拒绝服务（DDoS）攻击,针对这一问题提出了一种在软件定义物联网（SD-IoT）架构下基于均分取值区间长度-K均值（ELVR-Kmeans）算法的DDoS攻击检测方法。首先,利用SD-IoT控制器的集中控制特性通过获取OpenFlow交换机的流表,分析SD-IoT环境下DDoS攻击流量的特性,提取出与DDoS攻击相关的七元组特征;然后,使用ELVR-Kmeans算法对所获取的流表进行分类,以检测是否有DDoS攻击发生;最后,搭建仿真实验环境,对该方法的检测率、准确率和错误率进行测试。实验结果表明,该方法能够较好地检测SD-IoT环境中的DDoS攻击,检测率和准确率分别达到96.43%和98.71%,错误率为1.29%。     

基于流量行为特征的DoS&DDoS攻击检测与异常流识别

针对现有方法仅分析粗粒度的网络流量特征参数,无法在保证检测实时性的前提下识别出拒绝服务(DoS)和分布式拒绝服务(DDoS)的攻击流这一问题,提出一种骨干网络DoS&DDoS攻击检测与异常流识别方法。首先,通过粗粒度的流量行为特征参数确定流量异常行为发生的时间点;然后,在每个流量异常行为发生的时间点对细粒度的流量行为特征参数进行分析,以找出异常行为对应的目的IP地址;最后,提取出与异常行为相关的流量进行综合分析,以判断异常行为是否为DoS攻击或者DDoS攻击。仿真实验的结果表明,基于流量行为特征的DoS&DDoS攻击检测与异常流识别方法能有效检测出骨干网络中的DoS攻击和DDoS攻击,并且在保证检测实时性的同时,准确地识别出与攻击相关的网络流量     

Defending against Distributed Denial of Service Attacks: Issues and Challenges

ABSTRACT

Distributed Denial of Service (DDoS) attacks on user machines, organizations, and infrastructures of the Internet have become highly publicized incidents and call for immediate solution. It is a complex and difficult problem characterized by an explicit attempt of the attackers to prevent access to resources by legitimate users for which they have authorization. Several schemes have been proposed on how to defend against these attacks, yet the problem still lacks a complete solution. The main purpose of this paper is therefore twofold. First is to present a comprehensive study of a wide range of DDoS attacks and defense methods proposed to combat them. This provides better understanding of the problem, current solution space, and future research scope to defend against DDoS attacks. Second is to propose an integrated solution for completely defending against flooding DDoS attacks at the Internet Service Provider (ISP) level.     

MDCI:一个分布式检测DDoS攻击的方法

鉴于DDoS攻击分布式、汇聚性的特点，实现分布在大规模网络环境中的多个IDS系统间合作检测有助于在攻击流形成规模前合成攻击全貌并适当反应．MDCI系统首次提出了环形合作模式，即构建一个环重要网络信息资源的IDS系统合作组，通过组内节点同信息共享和警报关联分析，迅速判定DDoS攻击、MDCI系统中，采用报头内容分析和反向散射分析相结合的方法对本地捕获的数据报进行分析并采用统一标准格式对可疑特征进行报警；采用数据流分类概率评估的方法实现合作结点间警报信息的关联分析，从而合成攻击的全貌．通过实验可以看到，该系统有效地提高了针对DDoS攻击的预警速度．     

基于负载均衡策略的DDoS攻击对策

分布式拒绝服务攻击(Distributed Denial of Service, DDoS)是目前Internet面临的最严峻的威胁之一, 给互联网业务带来了不可估量的损失. 分析了DDoS攻击的特点, 针对企业级系统, 介绍了基于硬件和软件相结合的多重负载均衡策略, 以及其在防范DDoS攻击中的应用. 设计实现了典型应用系统, 针对实际攻击作了性能分析.     

IPv6协议栈在ARM平台的设计与移植

首先介绍了嵌入式IPv6协议的数据处理流程,接着重点阐述了IPv6的核心协议:IPv6协议,ICMPv6协议和邻居发现协议的设计,最后,介绍了嵌入式IPv6协议的移植方法。     

基于IPv6的嵌入式Internet设计

随着嵌入式技术和Internet技术的发展,越来越多的嵌入式设备通过TCP/IPv4协议栈接入到Internet上,使得IP地址空间危机更加严重。该文提出了一种基于平台无关性的嵌入式IPv6协议栈的实现方案,对IPv6、ICMPv6、邻居协议、TCP协议进行了裁剪,并进行的相关的测试。测试结果表明,该协议栈运行平稳,是一种将嵌入式设备接入Internet的可行方法。     

IPv6中的邻居发现协议——NDP功能浅析

介绍了IPv6中的邻居发观协议的功能,并且详细阐述了知何利用ICMPv6中的信息控制报文来实现这些功能.     

网络攻击追踪技术性能分析

DoS攻击(拒绝服务攻击)和DDoS攻击(分布式拒绝服务攻击)IP追踪目前成为当今网络安全领域中最难解决的问题,IP追踪系统目的是在数据包源地址非真时识别出IP数据包源地址.对一些解决该问题最有前景的追踪技术进行了比较,以寻找更有效方法,并提出了一个新的IP追踪系统,该系统能够只用一个数据包就可以实现追踪而不需要受害者数据包.     

一种IPv6环境下实时DDoS防御方法

现有的DDoS防御方法大多是针对传统IPv4网络提出的,而且它们的防御实时性还有待进一步提高。针对这种情况,提出了一种IPv6环境下实时防御DDoS的新方法,其核心思想是首先在受害者自治系统内建立决策判据树,然后依据决策判据1和2对该树进行实时监控,如果发现攻击,就发送过滤消息通知有关实体在受害端和源端一起对攻击包进行过滤,从而保护受害者。实验证明,该方法能够在秒钟数量级检测到攻击并且对攻击包进行过滤,能有效地防范多个DDoS攻击源。另外,该方法还能准确地区分攻击流和高业务流,可以在不恢复攻击路径的情况下直接追踪到攻击源所在的自治系统（甚至是子网）。