DoS/DDoS数据两阶段聚类算法

提出了一种无监督的两阶段聚类算法TPC(Two-Phase Clustering Algorithm)用于识别DoS(denial of service)/DDoS(distributed denial of service)攻击流数据,算法第一阶段根据样本的距离相似性计算密度区域和稀疏区域,利用密度连接的概念对样本集进行初步聚合,第二阶段利用聚类内部的散布程度和样本平均距离来表示计算聚类之间的相似性,对性质相似的聚类进一步递归聚合.算法不仅够识别不规则形状的聚类,还能识别对不同密度的聚类,解决了密度聚类算法需要设置合适的全局参数的弊端.     

基于移动IP认证缺陷的DoS攻击及其防范

移动IP在全球范围内的应用引入了许多安全问题,其中以认证问题最为关键,特别是当移动节点在外地链路上漫游时这种问题尤为明显。论文介绍了移动IP的认证机制以及针对其缺陷进行的DoS攻击,提出了一系列防范措施。理论分析表明,这些防范措施可以在一定程度上对DoS攻击进行防范,并维护移动IP网络的系统安全。     

抵抗DoS攻击的IKE协议改进方案

描述了IKE协议中阶段一的野蛮模式协商过程,针对当前日益严重的拒绝服务(DoS)攻击提出了防御策略和协议修改方案,并对其安全性进行了分析.     

Resilient and Safe Platooning Control of Connected Automated Vehicles Against Intermittent Denial-of-Service Attacks

Connected automated vehicles (CAVs) serve as a promising enabler for future intelligent transportation systems because of their capabilities in improving traffic efficiency and driving safety, and reducing fuel consumption and vehicle emissions. A fundamental issue in CAVs is platooning control that empowers a convoy of CAVs to be cooperatively maneuvered with desired longitudinal spacings and identical velocities on roads. This paper addresses the issue of resilient and safe platooning control of CAVs subject to intermittent denial-of-service (DoS) attacks that disrupt vehicle-to-vehicle communications. First, a heterogeneous and uncertain vehicle longitudinal dynamic model is presented to accommodate a variety of uncertainties, including diverse vehicle masses and engine inertial delays, unknown and nonlinear resistance forces, and a dynamic platoon leader. Then, a resilient and safe distributed longitudinal platooning control law is constructed with an aim to preserve simultaneous individual vehicle stability, attack resilience, platoon safety and scalability. Furthermore, a numerically efficient offline design algorithm for determining the desired platoon control law is developed, under which the platoon resilience against DoS attacks can be maximized but the anticipated stability, safety and scalability requirements remain preserved. Finally, extensive numerical experiments are provided to substantiate the efficacy of the proposed platooning method.      

基于生存性的DoS攻击防御方案

拒绝服务攻击(DoS)是Internet中常见的一种攻击形式,提出一种基于覆盖网络的防御DoS攻击的方案。通过覆盖网络中的冗余资源和自恢复功能确保系统在遭到DoS攻击时仍能提供一定性能的服务,并可自动从攻击中恢复正常。     

DDoS防御机制研究

列举了常见的DDoS攻击手段,重点介绍了一些防御方法,并根据通常的防御原则,提出了一种“分组漏斗”防御机制,目标是缓解攻击对受害者造成的影响。     

IDC网络流量及性能分析系统的设计与实现

随着信息化技术在电力行业IT网络系统中的广泛运用．大量的网络流量产生．如何对网络流量进行有效管理,保障关键业务的正常运行,提高网络传输效率、可靠性、稳定性,以及安全性等,对电力公司整个计算机信息网络的IT环境健康、和谐运营至关重要。     

Dual‐collaborative DoS/DDoS mitigation approach in information‐centric mobile Internet

The amount of wireless traffic is increasing at an overwhelming speed. Information‐centric networking (ICN) has been proposed as a promising Future Internet Architecture, which can reduce network traffic by putting data objects toward the edge. It is expected that in information‐centric mobile Internet (ICMI), the wireless traffic can be significantly reduced. Yet, DoS/DDoS attack becomes a critical issue in ICMI by causing wireless gateway blockade. To tackle the problem, we propose a dual‐collaborative DoS/DDoS mitigation approach (DCMA) and advanced DCMA to protect wireless gateways. In the algorithm, the attackers' visiting information including international mobile equipment identity (IMEI) and data object name (DON) are analyzed jointly to accurately identify potential attackers through the collaboration between the Internet and mobile network. In addition, the attacker's behaviors are analyzed centrally, and security strategies are applied distributively throughout wireless edge through the collaboration between wireless core network (CN) and radio access network (RAN). Extensive simulations are performed to verify the effectiveness of the proposed algorithms. The results demonstrate that advanced DCMA can achieve high DDoS and attacker detection probability and small false positive probability.     

流媒体服务DoS及DDoS攻击分析

针对流媒体RTSP的交互过程,指出流媒体服务具有遭受DoS及DDoS攻击的可能,通过实验验证该结论。提出一个基于位置隐藏和负载均衡的针对流媒体服务DoS及DDoS攻击的防御方案,对目前广为流行的视频点播、IPTV等流媒体应用具有普遍的借鉴意义。     

基于滑动时间窗口的IPv6地址跳变主动防御模型

针对IPv6恢复端到端通信,IPv6节点易被攻击者探测攻击等问题,提出一种基于滑动时间窗口的IPv6地址跳变（AHSTW）主动防御模型。首先通过共享密钥进行地址跳变间隔等会话参数的协商,之后引入收发时间窗口的概念,通信双方仅发送或接收处于时间窗口内的数据包,通过时间窗口自适应调整（TWAA）算法,依据网络时延的变化及时调整时间窗口大小以适应网络环境的变化。理论分析证明,该模型能够有效抵抗攻击者对目标IPv6节点的数据截获分析攻击和拒绝服务攻击（DoS）。实验结果表明,在传输相同数据包大小时,AHSTW的额外CPU开销在2~5个百分点,并无显著提高,通信效率并无显著下降;在通信过程中,通信双方地址与端口呈随机、分散、无序等特点,极大增加了攻击者的开销与攻击难度,保护了IPv6网络安全。