|
|||||
|
|
| 基于验证机制的应用层DDoS攻击防御方法 | |
| 引用本文: | 魏冰,徐震. 基于验证机制的应用层DDoS攻击防御方法[J]. 计算机工程与设计, 2010, 31(2) |
| 作者姓名: | 魏冰 徐震 |
| 作者单位: | 1. 中国科学院研究生院,北京,100049 2. 信息安全共性技术国家工程研究中心,北京,100080 |
| 基金项目: | 国家自然科学基金,国家高技术研究发展计划(863计划) |
| 摘 要: | 针对应用层分布式拒绝服务攻击的原理和特点,提出一种基于轻量级验证机制的防御算法,在客户端与服务器的通信过程中嵌入验证码,利用客户端计算,正确识别合法请求,过滤恶意攻击.验证机制在TCP/IP协议栈中呈非对称性,服务端的过滤在IP层进行,客户端的计算在应用层进行,使算法具有低的资源消耗和对通信双方的透明.该方法在抗分布式拒绝服务攻击网关平台上实现,测试结果表明,该方法具有良好的防御效果和优异的性能表现. |
| 关 键 词: | 应用层分布式拒绝服务 验证机制 客户透明 攻击防御 Web服务器 |
Defense approach against application level DDoS attacks based on authentication mechanism |
|
| WEI Bing,XU Zhen. Defense approach against application level DDoS attacks based on authentication mechanism[J]. Computer Engineering and Design, 2010, 31(2) | |
| Authors: | WEI Bing XU Zhen |
| Affiliation: | WEI Bing1,XU Zhen2(1.Graduate University,Chinese Academy of Sciences,Beijing 100049,China,2.National Engineering Research Center of Information Security,Beijing 100080,China) |
| Abstract: | The principle and characteristics of application level distributed denial of service attacks are analyzed and a light-weighted authentication mechanism is proposed.An authentication code is embedded in the process of communication between the client and the server.Through client computing,legitimate requests can be correctly distinguished and malicious attacks are filtered.The authentication mechanism is operated between different layers in the network stack.Server-side filtering in the IP layer and client-... |
| Keywords: | application level distributed denial of service authentication client transparency attack defense web server |
| 本文献已被 CNKI 万方数据 等数据库收录! | |