| 分布式拒绝服务攻击研究综述 |
| |
| 引用本文: | 徐恪,徐明伟,吴建平.分布式拒绝服务攻击研究综述[J].小型微型计算机系统,2004,25(3):337-346. |
| |
| 作者姓名: | 徐恪 徐明伟 吴建平 |
| |
| 作者单位: | 清华大学,计算机科学与技术系,北京,100084 |
| |
| 基金项目: | 国家自然科学基金 ( 90 10 40 0 2,60 2 0 3 0 2 5 )资助,国家 973计划 ( 2 0 0 3 CB3 14 80 1)资助 |
| |
| 摘 要: | 分布式拒绝服务攻击(distributed denial-of-service,DDoS)已经对Internet的稳定运行造成了很大的威胁.在典型的DDoS攻击中,攻击者利用大量的傀儡主机向被攻击主机发送大量的无用分组.造成被攻击主机CPU资源或者网络带宽的耗尽.最近两年来.DDoS的攻击方法和工具变得越来越复杂,越来越有效,追踪真正的攻击者也越来越困难.从攻击防范的角度来说,现有的技术仍然不足以抵御大规模的攻击.本文首先描述了不同的DDoS攻击方法,然后对现有的防范技术进行了讨论和评价.然后重点介绍了长期的解决方案-Internet防火墙策略,Internet防火墙策略可以在攻击分组到达被攻击主机之前在Internet核心网络中截取这些攻击分组。
|
| 关 键 词: | 分布式拒绝服务攻击 IP跟踪 Internet 防火墙 网络安全 网络攻击 |
| 文章编号: | 1000-1220(2004)03-0337-10 |
Research on Distributed Denial-of-service Attacks:a Survey |
| |
| XU Ke,XU Ming-wei,WU Jian-ping.Research on Distributed Denial-of-service Attacks:a Survey[J].Mini-micro Systems,2004,25(3):337-346. |
| |
| Authors: | XU Ke XU Ming-wei WU Jian-ping |
| |
| Abstract: | Distributed denial-of-service attack (DDoS) brings a very serious threat to the stability of the Internet. In a typical DDoS attack, a large number of compromised hosts are amassed to send useless packets to jam the CPU or Internet connection of victim. In the last two years, it is discovered that DDoS attack methods and tools are becoming more sophisticated, effective, and also more difficult to trace to the real attackers. On the defense side, current technologies are still unable to withstand large-scale attacks. In this paper, we first describe various DDoS attack methods, and then present a discussion and review of current defense mechanisms such as IP traceback. Then we emphasis discuss a long-term solution, the Internet firewall approach, that attempts to intercept attack packets in the Internet core, well before reaching the victim. |
| |
| Keywords: | DDoS IP traceback Internet firewall |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
