首页 | 本学科首页   官方微博 | 高级检索  
相似文献
 共查询到20条相似文献,搜索用时 281 毫秒
1.
边界网关协议(BGP路由)在路由表中存放的路由数据可以反映互联网规模、运行的状态、及路由体系结构的演化,是互联网基础研究的重要组成部分,域间网络路由通过BGP路由信息交换来完成,但是,BGP协议设计存在一些重要的安全漏洞,容易导致前缀劫持、路由泄漏、以及各类针对互联网的拒绝服务攻击,本文主要分析BGP在不同域间路由传播的主要特性,研究探讨BGP在域间传播面临的主要安全威胁,进而对各种增强BGP域间安全传播的技术和方案进行合理分类和详尽研究,最终对BGP的未来安全研究进行相关分析与展望.  相似文献   

2.
基于边界网关协议(BGP)的域间路由系统已经成为Internet的核心路由设施,但由于BGP本身缺乏安全机制,很容易受到各种人为配置错误或者恶意攻击的影响。我们开发的域间路由监测系统可以从4个层次实现对域间路由的安全监测,分别是Internet、国家网络、特定ISP和特定路由。本文详细介绍了多层次域间路由安全监测系统的组成结构、软件结构、设计思想、实现技术和测试结果。  相似文献   

3.
互联网域间路由系统安全态势评估   总被引:2,自引:0,他引:2  
基于边界网关协议BGP的互联网域间路由系统缺乏必要的安全机制,面临严重的安全威胁.尽管人们对BGP路由系统的安全问题进行了详尽研究,但是很少量化该系统的安全态势,并且网络管理员也确实需要有用的安全态势信息来感知自治系统(AS)的路由安全状况.为了解决这个问题,分析了互联网域间路由系统的层次特性,提出了一个基于BGP异常路由的安全评估模型.该方法的基本思想是基于BGP路由系统的层次特性构造路由状态树,准确地刻画BGP路由系统中各路由实体之间的层次关系、存储和表达每个实体的路由安全状态;并根据所检测的异常路由计算每个实体的路由安全状态.实验测试表明,该模型能同时评估BGP路由器、自治系统和互联网域间路由系统的安全威胁态势,可为网络管理员提供直观的安全态势曲线.  相似文献   

4.
基于BGP的域间路由系统是下一代互联网的关键基础设施.本文系统地分析了下一代互联网域间路由系统的脆弱性,建立了下一代互联网域间路由的攻击模型对各种攻击目标和攻击方式进行描述,并从多个层次对BGP-4和BGP4+的安全能力进行分析与比较.此外,我们给出了路由攻击检测系统方案,该方法可有效实现域间路由系统的安全控制  相似文献   

5.
侯春雨  朱珂  王堃 《计算机工程与应用》2004,40(16):159-161,174
边界网关协议(BGP)是Internet域间路由的事实标准,它允许各自治系统独立配置路由选择和播发策略,但这种局部配置可能导致全局策略配置冲突和低效,从而引起路由振荡的问题。文章分析了域间路由振荡问题,并综述了其相应的各种解决方案。  相似文献   

6.
李凯  朱培栋  刘功杰 《计算机工程》2006,32(18):166-168
域间路由系统是Internet的基础设施和网络的关键支撑,然而由于其自身的脆弱性而存在许多安全方面的问题。从域间路由监测的角度出发,基于路由异常行为规则库和流量模式设计并实现了一个域间路由安全实时监测系统。系统可以实时检测网络流量异常以及非法路由,并向用户提供告警信息,同时根据BGP更新报文生成并维护BGP路由表,为基于路由表分析的监测方法做好了准备。给出了系统试验,并对系统性能进行了评价。  相似文献   

7.
域间路由协议BGP安全性研究   总被引:1,自引:0,他引:1       下载免费PDF全文
BGP协议安全是域间路由安全的核心问题之一,其关键问题就是如何确保每个AS发布BGP路由信息的正确性和完效的部署。本文建立了完整的BGP威胁模型,对当前提出的BGP安全机制进行了系统的分析,针对域间路由安全中的关键问题提出了一些新的研究思路。  相似文献   

8.
围绕基于BGP的域间路由安全,考察已发生的域问路由安全事件,介绍当前域间路由保护机制,分析核心网络路由设施支持能力和潜在的域间路由安全威胁,最后着重指出域问路由安全的研究方向并提出一些新的见解。  相似文献   

9.
自治系统间的安全路由协议GesBGP   总被引:3,自引:1,他引:2  
域间路由协议BGP的安全性直接影响着互联网路由的可用性.虽然现有很多改进的BGP安全方案可以解决这些安全问题,但这类方案存在很多设计缺陷(例如,路由资源消耗问题).在文中,作者充分考虑了安全BGP的目标并提出了一个Good-Enough-Security BGP(GesBGP)协议.GesBGP在可信计算技术的基础上使用基于身份的密钥(IBS)算法确保BGP协议中身份的真实性.IBS算法的引入有效地消除了传统安全BGP协议中部署集中公钥基础设施(PKI)以及公钥证书的分发和储存问题.此外,GesBGP不单纯依赖于安全密钥算法,基于可信计算技术的BGP可信服务从路由器系统本身防止了系统配置的非法篡改,消除了路由消息的多重累积签名.在提出的优化GesBGP协议中,通过部署BGP的安全规则建立AS之间强制信任关系,进一步消除了BGP通告消息中的累积签名.安全分析和性能评价表明,优化的GesBGP在确保BGP安全性的同时有效地改进了GesBGP的性能.  相似文献   

10.
针对Internet域间路由慢收敛问题,提出基于简单路径向量协议(SPVP)的BGP路由收敛算法。分析该算法在4种全接连网络拓扑中的Tdown收敛边界值得出,通过检测域间失效链路的根源节点能有效减少路由收敛时间和更新消息开销。SSFNet仿真结果表明,该算法收敛时间上限为O(d)。  相似文献   

11.
Abstract This paper describes an approach to the design of interactive multimedia materials being developed in a European Community project. The developmental process is seen as a dialogue between technologists and teachers. This dialogue is often problematic because of the differences in training, experience and culture between them. Conditions needed for fruitful dialogue are described and the generic model for learning design used in the project is explained.  相似文献   

12.
European Community policy and the market   总被引:1,自引:0,他引:1  
Abstract This paper starts with some reflections on the policy considerations and priorities which are shaping European Commission (EC) research programmes. Then it attempts to position the current projects which seek to capitalise on information and communications technologies for learning in relation to these priorities and the apparent realities of the marketplace. It concludes that while there are grounds to be optimistic about the contribution EC programmes can make to the efficiency and standard of education and training, they are still too technology driven.  相似文献   

13.
融合集成方法已经广泛应用在模式识别领域,然而一些基分类器实时性能稳定性较差,导致多分类器融合性能差,针对上述问题本文提出了一种新的基于多分类器的子融合集成分类器系统。该方法考虑在度量层融合层次之上通过对各类基多分类器进行动态选择,票数最多的类别作为融合系统中对特征向量识别的类别,构成一种新的自适应子融合集成分类器方法。实验表明,该方法比传统的分类器以及分类融合方法识别准确率明显更高,具有更好的鲁棒性。  相似文献   

14.
Development of software intensive systems (systems) in practice involves a series of self-contained phases for the lifecycle of a system. Semantic and temporal gaps, which occur among phases and among developer disciplines within and across phases, hinder the ongoing development of a system because of the interdependencies among phases and among disciplines. Such gaps are magnified among systems that are developed at different times by different development teams, which may limit reuse of artifacts of systems development and interoperability among the systems. This article discusses such gaps and a systems development process for avoiding them.  相似文献   

15.
This paper presents control charts models and the necessary simulation software for the location of economic values of the control parameters. The simulation program is written in FORTRAN, requires only 10K of main storage, and can run on most mini and micro computers. Two models are presented - one describes the process when it is operating at full capacity and the other when the process is operating under capacity. The models allow the product quality to deteriorate to a further level before an existing out-of-control state is detected, and they can also be used in situations where no prior knowledge exists of the out-of-control causes and the resulting proportion defectives.  相似文献   

16.
Going through a few examples of robot artists who are recognized worldwide, we try to analyze the deepest meaning of what is called “robot art” and the related art field definition. We also try to highlight its well-marked borders, such as kinetic sculptures, kinetic art, cyber art, and cyberpunk. A brief excursion into the importance of the context, the message, and its semiotics is also provided, case by case, together with a few hints on the history of this discipline in the light of an artistic perspective. Therefore, the aim of this article is to try to summarize the main characteristics that might classify robot art as a unique and innovative discipline, and to track down some of the principles by which a robotic artifact can or cannot be considered an art piece in terms of social, cultural, and strictly artistic interest. This work was presented in part at the 13th International Symposium on Artificial Life and Robotics, Oita, Japan, January 31–February 2, 2008  相似文献   

17.
Although there are many arguments that logic is an appropriate tool for artificial intelligence, there has been a perceived problem with the monotonicity of classical logic. This paper elaborates on the idea that reasoning should be viewed as theory formation where logic tells us the consequences of our assumptions. The two activities of predicting what is expected to be true and explaining observations are considered in a simple theory formation framework. Properties of each activity are discussed, along with a number of proposals as to what should be predicted or accepted as reasonable explanations. An architecture is proposed to combine explanation and prediction into one coherent framework. Algorithms used to implement the system as well as examples from a running implementation are given.  相似文献   

18.
This paper provides the author's personal views and perspectives on software process improvement. Starting with his first work on technology assessment in IBM over 20 years ago, Watts Humphrey describes the process improvement work he has been directly involved in. This includes the development of the early process assessment methods, the original design of the CMM, and the introduction of the Personal Software Process (PSP)SM and Team Software Process (TSP){SM}. In addition to describing the original motivation for this work, the author also reviews many of the problems he and his associates encountered and why they solved them the way they did. He also comments on the outstanding issues and likely directions for future work. Finally, this work has built on the experiences and contributions of many people. Mr. Humphrey only describes work that he was personally involved in and he names many of the key contributors. However, so many people have been involved in this work that a full list of the important participants would be impractical.  相似文献   

19.
为了设计一种具有低成本、低功耗、易操作、功能强且可靠性高的煤矿井下安全分站,针对煤矿安全生产实际,文章提出了采用MCS-51系列单片机为核心、具有CAN总线通信接口的煤矿井下安全监控分站的设计方案;首先给出煤矿井下安全监控分站的整体构架设计,然后着重阐述模拟量输入信号处理系统的设计过程,最后说明单片机最小系统及其键盘、显示、报警、通信等各个组成部分的设计;为验证设计方案的可行性与有效性,使用Proteus软件对设计内容进行仿真验证,设计的煤矿井下安全监控分站具有瓦斯、温度等模拟量参数超标报警功能和电机开停、风门开闭等开关量指示功能;仿真结果表明:设计的煤矿井下安全监控分站具有一定的实际应用价值.  相似文献   

20.
基于复小波噪声方差显著修正的SAR图像去噪   总被引:4,自引:1,他引:3       下载免费PDF全文
提出了一种基于复小波域统计建模与噪声方差估计显著性修正相结合的合成孔径雷达(Synthetic Aperture Radar,SAR)图像斑点噪声滤波方法。该方法首先通过对数变换将乘性噪声模型转化为加性噪声模型,然后对变换后的图像进行双树复小波变换(Dualtree Complex Wavelet Transform,DCWT),并对复数小波系数的统计分布进行建模。在此先验分布的基础上,通过运用贝叶斯估计方法从含噪系数中恢复原始系数,达到滤除噪声的目的。实验结果表明该方法在去除噪声的同时保留了图像的细节信息,取得了很好的降噪效果。  相似文献   

设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号