| 基于认证的反射DDoS源追踪新方案研究 |
| |
| 引用本文: | 胡志刚 戴诏,张健.基于认证的反射DDoS源追踪新方案研究[J].计算机应用,2007,27(1):98-101. |
| |
| 作者姓名: | 胡志刚 戴诏 张健 |
| |
| 作者单位: | 中南大学信息科学与工程学院,湖南长沙410083 |
| |
| 摘 要: | 利用基于密钥集序列的消息认证码理论,以动态概率包标记和现代代数理论为基础,针对当前危害甚大的分布式反射拒绝服务攻击,提出了一种新的基于认证的源IP追踪方案。通过采用一种新的动态概率序列,既达到了较高的追踪收敛率,又能有效过滤掉攻击者伪造的垃圾数据包。采用基于密钥集序列的HMAC算法,对标记信息进行认证,防止攻击者修改已有的标记信息,达到较高的安全性和抗干扰性。
|
| 关 键 词: | 分布式反射拒绝服务攻击 IP追踪 动态概率包标记 消息认证码 |
| 文章编号: | 1001-9081(2007)01-0098-04 |
| 收稿时间: | 2006-07-03 |
| 修稿时间: | 2006-07-032006-10-08 |
New research on DDoS/DRDoS attacks IP traceback based on HMAC |
| |
| HU Zhi-gang,DAI Zhao,ZHANG Jian.New research on DDoS/DRDoS attacks IP traceback based on HMAC[J].journal of Computer Applications,2007,27(1):98-101. |
| |
| Authors: | HU Zhi-gang DAI Zhao ZHANG Jian |
| |
| Affiliation: | School of Information Science and Engineering, Central-South University, Changsha Hunan 410083, China |
| |
| Abstract: | Based on the Keyed-Hashing for Message Authentication(HMAC) with Key Collection Exposure,Dynamic Probabilistic Packet Marking and modern algebraic theoretics,a new Authenticated IP Traceback Scheme against DRDoS/DDoS was proposed.The results show that the scheme can achieve greater astringency and higher efficiency by adopting a new dynamic probability value sequence,and prevent the marking information from being tampered by using HMAC for authentication,thus this scheme is secure and robust. |
| |
| Keywords: | HMAC(Keyed-Hashing for Message Authentication) DRDoS(Distributed Reflection Denial of Service) IP traceback dynamic probabilistic packet marking |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
