| 利用路由器自适应限流防御分布拒绝服务攻击 |
| |
| 引用本文: | 梁丰,David Yau.利用路由器自适应限流防御分布拒绝服务攻击[J].软件学报,2002,13(7):1220-1227. |
| |
| 作者姓名: | 梁丰 David Yau |
| |
| 作者单位: | 1. 浙江工业大学,浙江省光纤通信技术重点实验室,浙江,杭州,310014
2. 普度大学,计算机科学系,IN47907,美国 |
| |
| 基金项目: | Supported by the Natural Science Foundation of Zhejiang Province of China under Grant No.697053 (浙江省自然科学基金); CERIAS, the National Science Foundation of US under Grant No.CCR-9875742 (CAREER) |
| |
| 摘 要: | 提出一种自适应路由器限流算法防御分布拒绝服务攻击的机制.该算法的关键是由被攻击者要求经挑选的相距k跳(hop)的上游路由器对目的为被攻击者的数据流进行限流,从而将被攻击者的服务支援在各数据流之间达到一种类最大-最小公平的流量分配.还在一个实际的因特网拓扑上针对攻击数据流和合法数据流的不同分布和流量模型考察了算法的效果.结果表明这种以服务器为中心的路由器限流是对抗分布拒绝服务攻击的一种很有前途的方法.
|
| 关 键 词: | 网络安全 分布拒绝服务 路由器 因特网 计算机网络 |
| 收稿时间: | 2001/12/7 0:00:00 |
| 修稿时间: | 2002/4/29 0:00:00 |
Using Adaptive Router Throttles Against Distributed Denial-of-Service Attacks |
| |
| LIANG Feng and David Yau.Using Adaptive Router Throttles Against Distributed Denial-of-Service Attacks[J].Journal of Software,2002,13(7):1220-1227. |
| |
| Authors: | LIANG Feng and David Yau |
| |
| Abstract: | In this paper, an adaptive router throttle algorithm is presented to defend a server against distributed denial-of-service (DDoS) attacks. The key point of the algorithm is that the server asks selected upstream routers k hops away to install throttles on traffic flows destined for it so that the server's service capacity can be allocated among all flows with a max-min like fairness. The algorithm effectiveness is evaluated by using a realistic Internet topology and various models for attacker and good user distributions and behaviors. The results indicate that this server-centric router throttling is a promising approach to countering DDoS attacks. |
| |
| Keywords: | network security DDoS router Internet computer network |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
