| 多数据中心基于流量感知的DDoS攻击消除策略 |
| |
| 引用本文: | 齐 星,李光磊,周华春,陈 佳.多数据中心基于流量感知的DDoS攻击消除策略[J].计算机工程与应用,2018,54(24):87-96. |
| |
| 作者姓名: | 齐 星 李光磊 周华春 陈 佳 |
| |
| 作者单位: | 北京交通大学 电子信息工程学院,北京 100044 |
| |
| 摘 要: | 多数据中心DDoS攻击频发,现有攻击消除方式虽能阻拦攻击流量,但难以避免对合法流量的干扰。在服务功能链的基础上结合流量感知技术,提出一种针对多数据中心的DDoS攻击消除策略。通过在数据中心入口部署感知组件,感知异常流量并与控制器交互,将DDoS攻击消除工作放在数据中心外的清洗域,避免干扰合法流量。同时在清洗域提出一种负载均衡算法,为多数据中心提供足够的处理能力。最后搭建原型系统,通过实验对比验证策略的可行性。
|
| 关 键 词: | 多数据中心 感知 安全服务链 负载均衡 |
DDoS attack elimination policy based on traffic awareness for multi-data center |
| |
| QI Xing,LI Guanglei,ZHOU Huachun,CHEN Jia.DDoS attack elimination policy based on traffic awareness for multi-data center[J].Computer Engineering and Applications,2018,54(24):87-96. |
| |
| Authors: | QI Xing LI Guanglei ZHOU Huachun CHEN Jia |
| |
| Affiliation: | School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing 100044, China |
| |
| Abstract: | As DDoS attacks occur frequently in multi-data center and existing DDoS attack eliminating methods cannot avoid the interference to legitimate traffic, this paper proposes a DDoS attack elimination strategy for multi-data center, based on service function chaining and traffic awareness technology. By deploying the perception component to the entrance of data center, which detects abnormal data traffic, and interacts with controller, the controller will put the work of attack eliminating in the scrubbing domain, which is outside the data center, thus avoiding interference to legitimate data traffic. At the same time, a load balancing algorithm is proposed for the scrubbing domain to ensure stable processing capability when serving multi-data center. This paper builds a prototype to verify the feasibility of the strategy through experiments. |
| |
| Keywords: | multi-data center awareness security service chain load balancing |
|
| 点击此处可从《计算机工程与应用》浏览原始摘要信息 |
|
点击此处可从《计算机工程与应用》下载全文 |
|
