| 利用分治策略实现DDoS攻击路径标识题 |
| |
| 引用本文: | 翟继强,唐远新,叶飞,谢怡宁.利用分治策略实现DDoS攻击路径标识题[J].哈尔滨理工大学学报,2014,19(5):76-82. |
| |
| 作者姓名: | 翟继强 唐远新 叶飞 谢怡宁 |
| |
| 作者单位: | 哈尔滨理工大学计算机科学与技术学院,黑龙江哈尔滨,150080 |
| |
| 基金项目: | 黑龙江省教育厅科学技术研究面上项目 |
| |
| 摘 要: | 针对分布式拒绝服务(DDo S)攻击防御中的数据包标记溯源技术,基于分治策略提出用简单的递归关系分别表示攻击树构、攻击路径频率检测、数据包和路径关联这3个基本防御实现,使用单数据包带内路径标识符用于唯一的数据包和路径关联,而把攻击树构建及攻击路径频率作为独立的带外操作来处理.通过在真实网络拓扑环境下对网络流量和存储开销的测试,证明本方法可以高流量负荷下以很小的开销同时对大量受害主机的提供单一数据包回溯保证.
|
| 关 键 词: | DDoS 分治 IP溯源 包标记 攻击树 |
Implementation of DDoS Attack Path Labeling Using Divide-and-conquer Strategy |
| |
| ZHAI Ji-qiang,TANG Yuan-xin,YE Fei,XIE Yi-ning.Implementation of DDoS Attack Path Labeling Using Divide-and-conquer Strategy[J].Journal of Harbin University of Science and Technology,2014,19(5):76-82. |
| |
| Authors: | ZHAI Ji-qiang TANG Yuan-xin YE Fei XIE Yi-ning |
| |
| Affiliation: | 1.School of Computer Science and Technology, Harbin University of Science and Technology, Harbin 150080, China;) |
| |
| Abstract: | Focusing on packet marking traceback technology in DDoS attack defense,a novel approach is proposed to represent three elementary defending implementations namely attack tree construction,attack path frequency detection and packet to path association as succinct recurrence relations based on divide-and-conquer strategy,which uses single packet in-band path identifiers for unique packet to path association while handles attack tree construction and attack path frequency detection as independent out-of-band processes.By testing and evaluating the network traffic and storage overhead on real-life Internet,the results show that this method realistically achieves single packet traceback guarantees with minimal overhead for a large number of victims under heavy traffic loads simultaneously. |
| |
| Keywords: | DDoS divide-and-conquer IP traceback packet marking attack tree |
| 本文献已被 CNKI 维普 等数据库收录! |
|
