| 域间IP欺骗防御服务净化机制 |
| |
| 引用本文: | 吕高锋,孙志刚,卢锡城.域间IP欺骗防御服务净化机制[J].计算机学报,2009,32(3). |
| |
| 作者姓名: | 吕高锋 孙志刚 卢锡城 |
| |
| 作者单位: | 国防科学技术大学计算机学院,长沙,410073 |
| |
| 基金项目: | 国家重点基础研究发展规划(973计划) |
| |
| 摘 要: | IP地址真实性验证成为构建可信网络的基础,基于粗粒度的源-目的自治域标识(密钥)的域间IP欺骗报文过滤机制具有处理简单、保护范围广、部署激励高等优点,却存在不能过滤自治域内子网间IP欺骗报文等不足.而细粒度的源-目的子网标识能够解决过滤粒度粗的问题,却带来了更严重的处理复杂、计算和存储开销大等同题.针对IP欺骗防御机制的计算复杂度和过滤粒度之间的矛盾,提出一种新颖的域间IP欺骗防御服务净化机制RISP.RISP立足于域间IP欺骗防御,根据自治域内拓扑结构的稳定性,引入非对称的细粒度的源子网-目的自治域标识方式,实现对自治域间和自治域内子网间IP欺骗报文的检测与过滤.根据主要的IP欺骗报文攻击的流特征,引入流异常检测机制,实现细粒度标识的动态触发,进一步降低细粒度标识的计算和存储开销,同时对子网内恶意数据流进行流速限制.RISP在不增加自治域内防御实体的情况下,使得防御实体能够过滤自治域内子网间IP欺骗报文,计算和存储开销小,过滤粒度细,而且具有较高的部署激励.
|
| 关 键 词: | IP欺骗防御 非对称标识 动态标记 可信网络 |
Refining the Inter-Domain IP Spoofing Prevention |
| |
| LU Gao-Feng,SUN Zhi-Gang,LU Xi-Cheng.Refining the Inter-Domain IP Spoofing Prevention[J].Chinese Journal of Computers,2009,32(3). |
| |
| Authors: | LU Gao-Feng SUN Zhi-Gang LU Xi-Cheng |
| |
| Affiliation: | School of Computer Science;National University of Defense Technology;Changsha 410073 |
| |
| Abstract: | The validation of source IP addresses becomes the key technique for devising a trustworthy network.Inter-domain IP spoofing preventions based on coarse-grained labels of source-destination ASes protect wide domains of ASes and provide high incentives of deployments,however,have the shortcoming that cann't filter spoofing packets forging other hosts' IP addresses in the same subnet.IP spoofing preventions based on fine grained labels of source-destination subnets solves the above problem,but the complexity o... |
| |
| Keywords: | IP spoofing prevention unsymmetrical fine-grained label dynamic marking trustworthy network |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
