| 路由器端基于模式聚集的流量控制研究 |
| |
| 引用本文: | 张伟 孙知信 李杏华. 路由器端基于模式聚集的流量控制研究[J]. 微机发展, 2005, 15(8): 71-74 |
| |
| 作者姓名: | 张伟 孙知信 李杏华 |
| |
| 作者单位: | 南京邮电学院计算机科学与技术系,南京邮电学院计算机科学与技术系,中兴通讯股份有限公司南京研发中心 江苏南京210003,苏州大学计算机科学与技术系,江苏苏州215006,江苏南京210003,江苏南京210012 |
| |
| 摘 要: | 不断发展的DoS/DDoS攻击对Internet安全是一个严重的威胁,传统的IDS针对DoS/DDoS攻击的防御方法并不能减少路由器上的攻击流量。文中提出了一种新的运行在核心路由器上的基于多层模式聚集的流量控制机制,它根据不同协议的统计特征设计出不同聚集模式,使用轻量级的协议分析和多层聚集来控制流量。实验证明该机制不但简化了包分类的复杂性,对攻击手段的变化还有一定的免疫性,能对恶意攻击包进行有效过滤,实现在骨干网络上限制非法流量的目的。
|
| 关 键 词: | 包过滤 聚集 速率限制 DoS/DDoS攻击 |
| 文章编号: | 1005-3751(2005)08-0071-04 |
| 收稿时间: | 0204-11-15 |
| 修稿时间: | 2004-11-15 |
Research of Traffic Control Mechanism Based on Model Aggregation in Router |
| |
| Zhang Wei;Sun ZhiXin;Li XingHua. Research of Traffic Control Mechanism Based on Model Aggregation in Router[J]. Microcomputer Development, 2005, 15(8): 71-74 |
| |
| Authors: | Zhang Wei Sun ZhiXin Li XingHua |
| |
| Abstract: | The increasing DoS/DDoS attacks pose a serious threat to the security of Internet services, and the method deployed by the traditional IDS for the attacks can not reduce the traffic of attacks in the network. A novel multi-levels model aggregates traffic control mechanism(MMATC) running in core routes is proposed . Different aggregates models are designed with different protocol statistic characteristics, and the traffic is under the control of MMATC using lightweight protocol analysis and multi-levels aggregates. MMATC is testified not only to be simple for packet-classification but also to be immune to the change of attacks by the experimentations, and achieves the aim to limit the illegal traffic in the backbone routes since it could filter the offending attack packets. |
| |
| Keywords: | packet filtering aggregates rate limitation DoS/DDoS attacks |
| 本文献已被 CNKI 维普 等数据库收录! |
