共查询到17条相似文献,搜索用时 312 毫秒
1.
一种分块包标记的IP追踪方案 总被引:7,自引:0,他引:7
DDoS攻击以其高发性、高破坏力和难以防范的特点,近年来成为互联网的主要安全威胁之一.研究者们提出了多种对抗DDoS攻击的方法.:乓中,Savage等人提出的概率包标记方案以其易于实施、消耗资源小等优点,引起人们的重视.然而概率包标记方案存在两个明显缺陷:多攻击路径重构时的高误报率和高计算复杂度.在概率包标记的基础上,提出了一种分块包标记方案,该方案与概率包标记方案相比具有较低的误报率和较低的计算复杂度,因而具有更高的实际应用意义. 相似文献
2.
在自适应概率包标记的基础上提出了一种基于跨域的自适应概率包标记编码方案。模拟实验表明:采用该方法在重构路径时,所需要的包个数低于同类型的自适应概率包标记方案和高级包标记方案。 相似文献
3.
非固定概率包标记的IP追踪研究 总被引:1,自引:0,他引:1
概述了IP回溯和包标记追踪问题,分析了固定概率包标记方案存在的缺陷,并研究了现有的非固定概率包标记方案,着重对基于三种距离度量的非固定概率包标记进行了分析,指出并部分改进了其中不合理之处。还提出了一种基于攻击者到标记路由器距离的非固定包标记的改进方案,并进行了性能分析。 相似文献
4.
大多数概率包标记IP追踪方案因为固定标记概率而存在最弱链问题,从而导致重构路径的弱收敛性,动态概率包标记虽然在这些方面有所改善,但仍有路由器的负担过重和存储空间要求过高的问题。可以用一种动-静态结合的概率包标记方案来解决上述问题,通过分析表明该方案在收敛时间和最弱链问题上优于静态概率包标记,而在存储空间和路由器负担上优于动态概率包标记。 相似文献
5.
6.
概率包标记(PPM)是一种有效的IP追踪技术,但传统方案基于不现实的假设,存在很多不足,影响了实用性。基于合理的假设条件改进了高级标记方案(AMS),使用可调节的标记概率,根据TTL值计算距离和点采样等策略,改善了高级包标记方案存在的弱收敛性,不支持渐进部署,易受伪造标记攻击等缺陷,具有较好的实用性。 相似文献
7.
8.
9.
10.
罗桂琼 《计算技术与自动化》2010,29(2):142-144
对包标记技术进行较为深入的研究,在动态概率包标记的基础上提出动态概率与压缩边采样标记法相结合的DHPPM(Dynamic Hash and Probability Packet Marking,动态散列概率包标记)算法,该算法能有效降低边界路由器的标记负载,通过定时更新压缩函数,增加追踪过程的抗干扰性。 相似文献
11.
分布式拒绝服务(DDoS)攻击是目前最难处理的网络难题之一,在提出的多种对策中,通过包标记方法来进行IP跟踪受到广泛重视。提出了一种新的包标记方法(IPPM),来改进包标记方法需要网络中每个路由器都支持的弱点。通过实验表明,在包标记方法不完整配置的网络中,该方法能有效地重构攻击路径并且误报率很低。 相似文献
12.
包标记算法是IPv4下追踪DDOS攻击源最多的一种方法,但IPv6下实施困难.由此对IPv6下包标记方法的可行性进行了研究.为有效和安全的部署和实施数据包标记算法,利用IPv6新的特点,并结合标记流标签等字段,提出两种基于IPv6的改进方案AMS-v6和APPM-v6.在IPv4和IPv6协议下设计模型分别对两种算法进行实验对比,仿真实验结果表明了该算法在IPv6下数据包标记的有效性和适用性,并有效减少重构时间和所需数据包数量,提高重构攻击路径的速度. 相似文献
13.
Al-Duwairi B. Govindarasu M. 《Parallel and Distributed Systems, IEEE Transactions on》2006,17(5):403-418
Tracing DoS attacks that employ source address spoofing is an important and challenging problem. Traditional traceback schemes provide spoofed packets traceback capability either by augmenting the packets with partial path information (i.e., packet marking) or by storing packet digests or signatures at intermediate routers (i.e., packet logging). Such approaches require either a large number of attack packets to be collected by the victim to infer the paths (packet marking) or a significant amount of resources to be reserved at intermediate routers (packet logging). We adopt a hybrid traceback approach in which packet marking and packet logging are integrated in a novel manner, so as to achieve the best of both worlds, that is, to achieve a small number of attack packets to conduct the traceback process and a small amount of resources to be allocated at intermediate routers for packet logging purposes. Based on this notion, two novel traceback schemes are presented. The first scheme, called distributed link-list traceback (DLLT), is based on the idea of preserving the marking information at intermediate routers in such a way that it can be collected using a link list-based approach. The second scheme, called probabilistic pipelined packet marking (PPPM), employs the concept of a "pipeline" for propagating marking information from one marking router to another so that it eventually reaches the destination. We evaluate the effectiveness of the proposed schemes against various performance metrics through a combination of analytical and simulation studies. Our studies show that the proposed schemes offer a drastic reduction in the number of packets required to conduct the traceback process and a reasonable saving in the storage requirement. 相似文献
14.
In a hostile environment, sensor nodes may be compromised and then be used to launch various attacks. One severe attack is
false data injection which is becoming a serious threat to wireless sensor networks. An attacker uses the compromised node
to flood the network and exhaust network resources by injecting a large number of bogus packets. In this paper, we study how
to locate the attack node using a framework of packet marking and packet logging. We propose a combined packet marking and
logging scheme for traceback (CPMLT). In CPMLT, one packet can be marked by up to M nodes, each node marks a packet with certain probability. When one packet is marked by M nodes, the next marking node will log this packet. Through combining packet marking and logging, we can reconstruct the entire
attack path to locate the attack node by collecting enough packets. In our simulation, CPMLT achieves fast traceback with
little logging overhead. 相似文献
15.
16.