首页 | 本学科首页   官方微博 | 高级检索  
     

低速率拒绝服务攻击研究与进展综述
引用本文:文坤,杨家海,张宾.低速率拒绝服务攻击研究与进展综述[J].软件学报,2014,25(3):591-605.
作者姓名:文坤  杨家海  张宾
作者单位:清华大学 网络科学与网络空间研究院, 北京 100084;清华信息科学与技术国家实验室筹清华大学, 北京 100084;清华大学 网络科学与网络空间研究院, 北京 100084;清华信息科学与技术国家实验室筹清华大学, 北京 100084;清华大学 网络科学与网络空间研究院, 北京 100084;清华信息科学与技术国家实验室筹清华大学, 北京 100084
基金项目:国家重点基础研究发展计划(973)(2009CB320505);国家自然科学基金(61170211,61202356);教育部博士学科点专项基金(20110002110056)
摘    要:低速率拒绝服务攻击是新型的拒绝服务攻击,对Internet的安全造成严重的潜在威胁,引起众多研究者的兴趣和重视,成为网络安全领域的重要研究课题之一.自2003年以来,研究者先后刻画了Shrew攻击、降质攻击、脉冲拒绝服务攻击和分布式拒绝服务攻击等多种低速率拒绝服务攻击方式,并提出了相应的检测防范方法.从不同角度对这种新型攻击的基本机理和攻击方法进行了深入的研究;对TCP拥塞控制机制进行了安全性分析,探讨了引起安全问题的原因;对现有的各种各样的LDoS攻击防范和检测方案,从多个方面进行了分类总结和分析评价;最后总结了当前研究中出现的问题,并展望了未来研究发展的趋势,希望能为该领域的研究者提供一些有益的启示.

关 键 词:网络安全  低速率拒绝服务攻击  异常检测  TCP拥塞控制  主动队列管理
收稿时间:2012/7/17 0:00:00
修稿时间:2013/11/11 0:00:00

Survey on Research and Progress of Low-Rate Denial of Service Attacks
WEN Kun,YANG Jia-Hai and ZHANG Bin.Survey on Research and Progress of Low-Rate Denial of Service Attacks[J].Journal of Software,2014,25(3):591-605.
Authors:WEN Kun  YANG Jia-Hai and ZHANG Bin
Affiliation:Institute for the Network Sciences and Cyberspace, Tsinghua University, Beijing 100084, China;Tsinghua National Laboratory for Information Science and Technology Tsinghua University, Beijing 100084, China;Institute for the Network Sciences and Cyberspace, Tsinghua University, Beijing 100084, China;Tsinghua National Laboratory for Information Science and Technology Tsinghua University, Beijing 100084, China;Institute for the Network Sciences and Cyberspace, Tsinghua University, Beijing 100084, China;Tsinghua National Laboratory for Information Science and Technology Tsinghua University, Beijing 100084, China
Abstract:Low-Rate denial of service (LDoS) attack is a new category of denial of service attacks which may become a serious threat to Internet. It has attracted many researchers' interest and is becoming an important research topic in network security area. Since 2003, researchers have revealed several kinds of low-rate denial of service attacks, such as the shrew attack, the reduction of quality (RoQ) attack, the pulsing denial-of-service (PDoS) attack and the distributed low-rate denial of service attacks (DLDoS). They also proposed some corresponding defense and detection methods. This paper thoroughly reviews the state-of-the-art of LDoS attack and prevention research, and also analyzes the basic mechanism and attack methods of different LDoS attacks. Especially, it analyzes the security of TCP congestion avoidance mechanism, and illustrates the cause of potential security issue of such mechanism. In addition, the paper also reviews and evaluates the current LDoS attack prevention and detection approaches. Finally, the paper identifies some open research issues and points out possible future research directions in LDoS attack research area.
Keywords:network security  low-rate DoS (LDoS) attacks  anomaly detection  TCP congestion control  AQM
点击此处可从《软件学报》浏览原始摘要信息
点击此处可从《软件学报》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号