DDoS防御技术综述

分布式拒绝服务攻击(DDoS)是Internet面临的最严峻的威胁之一。本文介绍了DDoS攻击原理,总结了近年来防御技术的研究成果,对DDoS防御技术进行了分析,指出了防御DDoS攻击面临的挑战。     

一种基于Flow-Spec的网络异常流量防护策略

互联网应用在日益发展的同时也带来了安全性问题,网络攻击的多样性与危害性不断升级,尤以DDoS为甚,这些攻击直接劣化了网络性能、业务可用性和服务质量,对ISP、ICP、客户都造成了极大影响。从目前DDoS攻击防御的经验来看,通过在运营商网络中部署防御策略,尽量从网络源头切断攻击流量,其效果是比较有效的。文章提出了利用Flow-Spec技术实现DDoS攻击防御,并分析了该方案的原理特点及部署方式,与现有方式相比,该方案比黑洞方式更为合理有效,比流量清洗方式更为简单而易于实现。     

北京联通防DDoS攻击服务介绍

近年来的互联网DDoS攻击日渐增多,其攻击方式多样难于防御.越来越多的客户尤其是银行客户,提出了防DDoS攻击服务的需求以保障其网银业务的安全性.本文说明了DDoS攻击的基本原理,概括了客户在攻击前、攻击中和攻击后三个阶段对防DDoS服务的需求.介绍了北京联通防DDoS攻击服务的系统建设、服务内容和实际应用,最后进行了...     

DDoS攻击方式与防御措施浅议

随着Internet互联网络带宽的增加和多种DDoS黑客工具的不断发布,DDoS拒绝服务攻击的实施越来越容易,DDoS攻击事件正在成上升趋势。论文通过对常用的各种DDoS攻击方式进行分类,对攻击的原理进行了探讨,最后在此基础上有针对性地提出了一些防御DDoS攻击的方法。     

DDoS攻击原理及其防御机制的研究

DDoS攻击是一种被黑客广泛应用的攻击方式,它以破坏计算机系统或网络的可用性为目标,危害性极大。本文首先介绍了DDoS攻击的攻击原理,接着从DDoS攻击的攻击手段和攻击方式两个方面对DoS攻击进行分类介绍,然后针对DDoS攻击的方式,提出了一种检测和防御DDoS攻击的模型,最后利用入侵检测技术和数据包过滤技术,设计了一个针对DDoS攻击的检测与防御系统,该系统具有配置简单、易于扩展、实用性较强等优点。     

基于IXP 1200平台的DDoS攻击防御研究

分布式拒绝服务攻击（DDoS）已经成为互联网最大的威胁之一.提出了一种基于Intel IXP1200网络处理器平台的DDoS防御系统的设计方案,并实际实现了一个防御系统D-Fighter.提出了解决DDoS攻击的两个关键技术：数据包认证和细微流量控制的原理和方法,并在D-Fighter中设计实现.经过实际网络测试环境的应用测试表明,D-Fighter达到了设计目标,对DDoS攻击的防御有较好的效果.     

一种基于软件定义网络的通信网络保护方法

为了应对互联网数据传输过程中的分布式拒绝服务攻击(DDoS),提高互联网数据传输的安全性,通过对SYN泛洪 攻击机理进行分析研究,提出应对SYN泛洪攻击较为有效的软件定义网络(SDN)防御机制,分析其防御机理,建立 SDN信息熵计算模型,并构建了实际仿真计算实验环境, 研究结果证明SDN能够较为快速有效的对SYN泛洪攻击进行防御,同时能够对类似于SYN攻击的其他DDoS攻击进行有效防御。     

基于流媒体服务DDoS攻击防范研究

分布式拒绝服务（Distributed Deny of Service,DDoS）攻击是目前最难解决的网络安全问题之一。在研究RTSP（Real-Time Streaming Protocol）协议漏洞基础上,提出一种有效防御流媒体服务DDoS攻击防御方案。该方案基于时间方差图法（Variance-TimePlots,VTP）,计算自相似参数Hurst值,利用正常网络流量符合自相似模型的特性来进行DDoS攻击检测,并综合采用黑白名单技术对流量进行处理。最后通过MATLAB仿真工具进行了模拟实验,并对结果进行了分析,在协议分析基础上能合理控制流量,使得DDoS攻击检测准确率、实时性高,目标流媒体服务器带宽和资源得到了有效保护。     

基于动态概率包标记的DDOS攻击源追踪技术研究

如何防御分布式拒绝服务(DDoS)攻击是当今最难解决的网络安全问题之一.针对如何追踪DDoS攻击源进行研究,在分析原有动态概率包标记算法的基础上,提出新的算法,并对两种算法的优劣进行分析比较.     

基于自治系统的DDoS攻击防御技术研究

DDoS攻击是危害巨大且难以防御的一种网络攻击方式,基于自治系统路由器上流量认证的防御技术,可有效地抵御这种攻击,但其也存在_些不足.由此对一些尚不完善的地方进行了改进,提出了基于自治系统的两级认证体制,满足了数据传输效率与安全性的要求,并通过引入数据传输速率与当前剩余生存周期的的关系,扩展了其防御攻击的范围,实现了不但可以抵御洪水DDoS攻击,还可以抵御半开式连接DDoS攻击.     

软件定义网络中的DDoS安全

随着现代化信息技术的广泛应用,近年来,我国信息环境呈现了明显的复杂化演变趋势。基于网络信息安全,文章主要介绍了软件定义网络中的DDoS安全保证价值,并简要概述了软件定义网络中的DDoS攻击检测路径,探究基于SDSNM逻辑架构的防御体系、基于OpenFlow攻击缓解方法、基于强化学习的攻击防御系统和基于DPDK的攻击防御系统,旨在全面优化网络信息安全环境。     

基于DPDK的DDoS攻击防御技术分析与实现

针对当前规模日益增大的分布式拒绝服务攻击(DDoS),提出一种基于Intel DPDK的DDoS攻击防御技术,对比分析其相对于传统DDoS防御技术的优缺点。在此基础上使用网络测试仪进行仿真测试,结果表明DPDK对于提升整体DDoS防御性能效果显著。     

DDoS attack detection and defense based on hybrid deep learning model in SDN

Software defined network (SDN) is a new kind of network technology,and the security problems are the hot topics in SDN field,such as SDN control channel security,forged service deployment and external distributed denial of service (DDoS) attacks.Aiming at DDoS attack problem of security in SDN,a DDoS attack detection method called DCNN-DSAE based on deep learning hybrid model in SDN was proposed.In this method,when a deep learning model was constructed,the input feature included 21 different types of fields extracted from the data plane and 5 extra self-designed features of distinguishing flow types.The experimental results show that the method has high accuracy,it’s better than the traditional support vector machine (SVM) and deep neural network (DNN) and other machine learning methods.At the same time,the proposed method can also shorten the processing time of classification detection.The detection model is deployed in SDN controller,and the new security policy is sent to the OpenFlow switch to achieve the defense against specific DDoS attack.     

Intrusion Detection Routers: Design, Implementation and Evaluation Using an Experimental Testbed

In this paper, we present the design, the implementation details, and the evaluation results of an intrusion detection and defense system for distributed denial-of-service (DDoS) attack. The evaluation is conducted using an experimental testbed. The system, known as intrusion detection router (IDR), is deployed on network routers to perform online detection on any DDoS attack event, and then react with defense mechanisms to mitigate the attack. The testbed is built up by a cluster of sufficient number of Linux machines to mimic a portion of the Internet. Using the testbed, we conduct real experiments to evaluate the IDR system and demonstrate that IDR is effective in protecting the network from various DDoS attacks.     

DDoS攻击恶意行为知识库构建

针对分布式拒绝服务（distributed denial of service,DDoS）网络攻击知识库研究不足的问题,提出了DDoS攻击恶意行为知识库的构建方法。该知识库基于知识图谱构建,包含恶意流量检测库和网络安全知识库两部分：恶意流量检测库对 DDoS 攻击引发的恶意流量进行检测并分类;网络安全知识库从流量特征和攻击框架对DDoS 攻击恶意行为建模,并对恶意行为进行推理、溯源和反馈。在此基础上基于DDoS 开放威胁信号（DDoS open threat signaling,DOTS）协议搭建分布式知识库,实现分布式节点间的数据传输、DDoS攻击防御与恶意流量缓解功能。实验结果表明,DDoS攻击恶意行为知识库能在多个网关处有效检测和缓解DDoS攻击引发的恶意流量,并具备分布式知识库间的知识更新和推理功能,表现出良好的可扩展性。     

基于流量强度的DDoS攻击源追踪快速算法

DDoS攻击以其破坏力大、易实施、难检测、难追踪等特点,而成为网络攻击中难处理的问题之一。攻击源追踪技术是阻断攻击源、追踪相关责任、提供法律证据的必要手段。基于网络拓扑理论和路由器流量特性原理以及可编程式路由器的体系结构,提出了一种追踪DDoS攻击源的分布式快速算法,该算法可以准确、协调、高效地判断路由器的数据流量值,受害者可以根据流量强度推断出恶意攻击数据流的来源,从而快速追溯和定位DDoS攻击源。     

Adaptive Defense Against Various Network Attacks

In defending against various network attacks, such as distributed denial-of-service (DDoS) attacks or worm attacks, a defense system needs to deal with various network conditions and dynamically changing attacks. Therefore, a good defense system needs to have a built-in “adaptive defense” functionality based on cost minimization—adaptively adjusting its configurations according to the network condition and attack severity in order to minimize the combined cost introduced by false positives (misidentify normal traffic as attack) and false negatives (misidentify attack traffic as normal) at any time. In this way, the adaptive defense system can generate fewer false alarms in normal situations or under light attacks with relaxed defense configurations, while protecting a network or a server more vigorously under severe attacks. In this paper, we present concrete adaptive defense system designs for defending against two major network attacks: SYN flood DDoS attack and Internet worm infection. The adaptive defense is a high-level system design that can be built on various underlying nonadaptive detection and filtering algorithms, which makes it applicable for a wide range of security defenses.     

DDoS攻击检测研究综述

DDoS攻击作为当前网络安全最严重的威胁之一,近年来随着僵尸网络的盛行,其攻击影响日趋扩大,因此对DDoS攻击进行检测变得尤为重要。本文按照攻击层次和检测位置的不同,对于不同的DDoS攻击检测方法给出了详细的分类,同时在此基础上对各类检测方法进行分析和性能比较,明确了各种检测方法的特点和应用范围,最后讨论了当前攻击检测存在的问题及进一步研究的方向。     

Research on low-rate DDoS attack of SDN network in cloud environment

Aiming at the problems of low-rate DDoS attack detection accuracy in cloud SDN network and the lack of unified framework for data plane and control plane low-rate DDoS attack detection and defense,a unified framework for low-rate DDoS attack detection was proposed.First of all,the validity of the data plane DDoS attacks in low rate was analyzed,on the basis of combining with low-rate of DDoS attacks in the aspect of communications,frequency characteristics,extract the mean value,maximum value,deviation degree and average deviation,survival time of ten dimensions characteristics of five aspects,to achieve the low-rate of DDoS attack detection based on bayesian networks,issued by the controller after the relevant strategies to block the attack flow.Finally,in OpenStack cloud environment,the detection rate of low-rate DDoS attack reaches 99.3% and the CPU occupation rate is 9.04%.It can effectively detect and defend low-rate DDoS attacks.