VPN网络防御DOS攻击的探讨

虚拟专用网(VPN)通过加密提供安全信道,尽管VPN支持两个主机间的认证并认证后才提供VPN服务,但VPN并不拒绝试图建立连接的请求,因此,还是可以被拒绝服务(DOS)和分布式拒绝服务(DDOS)攻击,除非整个网络全部采用IPSec协议提供身份认证,否则就找不到攻击源头。针对已采用IPSec协议的VPN,文章补充了一个模块以增加其安全性并抵御中小型DOS攻击,尽量减少攻击造成的损害,并探讨了下一代网络采用IPSec必要性。     

互联网防御DOS/DDOS攻击策略研究

主要介绍DOS/DDOS攻击的原理与种类,并着重介绍防御DOS/DDOS攻击的应对策略,并结合专业防御系统对构建专业防御体系进行了探讨。     

基于PROBE的DDOS攻击检测分析

分布式拒绝服务(DDOS)攻击是目前严重威胁网络安全和影响网站服务质量的一种攻击手段DDOS攻击就是利用多个分布式攻击源向攻击对象发送超出攻击目标处理能力的海量数据包,来消耗可用系统和带宽资源,从而导致网络服务瘫痪的一种攻击.目前有很多方法检测和防御DDOS攻击,传统的检测和防范措施是基于特征匹配的检测往往要求有一定的先验知识难以区分突发正常流量与DDOS攻击.本文通过介绍PROBE技术来检测应对DDOS攻击,并探究了PROBE在DDOS攻击检测中的应用策略.     

浅谈电信网络环境下的DDOS攻击防护技术

近年来,随着网络技术的快速发展及广泛普及,网络安全问题面临的形势愈加严重,网络攻击防护越来越受人们的重视,而电信运营商网络几乎成为拒绝服务攻击(DDOS)的首选攻击对象。本文主要以中华通信系统研发的基于ISP网络的拒绝服务攻击防御系统为例简要分析DDOS攻击以及在电信网络环境下的DDOS攻击防护技术。     

DDOS防范对策研究

分布式拒绝服务攻击（DDOS）严重成胁着Internet的安全。本文分析了DDOS攻击的原理及最新发展，根据DDOS攻击特点。提出了在域内进行DDOS攻击防御的四层防御体系。     

Web安全问答

问:什么叫DOS./DDOS答:DoS即Denial Of Service,拒绝服务的缩写。DoS是指利用网络协议实现的缺陷来耗尽被攻击对象的资源,目的是让目标计算机或网络无法提供正常的服务或资源访问,使目标系统服务系统停止响应甚至崩溃,而在此攻击中并不包括侵入目标服务器或目     

Web安全问答（7）

问：如何应对DOS/DDOS攻击 答：从目前现有的技术角度来讲,还没有一项解决办法针对DoS非常有效。所以,防止DoS攻击的最佳手段就是防患于未然。     

简讯

Web安全问答(1)问:什么叫DOS./DDOS答:DoS即DenialOfService,拒绝服务的缩写。DoS是指利用网络协议实现的缺陷来耗尽被攻击对象的资源,目的是让目标计算机或网络无法提供正常的服务或资源访问,使目标系统服务系统停止响应甚至崩溃,而     

基于GUARD的DDOS攻击防护策略

分布式拒绝服务(distributed denial of service,简称DDOS)攻击是当今互联网的重要威胁之一。基于攻击包所处网络层次,将DDOS攻击分为网络层DDOS攻击和应用层DDOS攻击,介绍了基于GUARD的DDOS攻击防护策略,最后分析了现有检测和控制方法应对DDOS攻击的不足,并探究了GUARD在DDOS攻击防护中的应用与发展趋势。     

无线Ad Hoc网络中MAC层DoS攻击检测系统的设计

文章在引入拒绝服务攻击（DOS）和分布武拒绝服务（DDoS）攻击的原理的基础上．讨论了无线Ad Hoc网络可能遭受的拒绝服务攻击类型，针对其中的MAC层拒绝服务攻击提出了一种检测系统设计方案。并描述了该方案的算法流程和多线程数据处理步骤．最后通过仿真对该检测系统在失效告警率和内存占用率两方面的性能进行了分析。     

Shield Techniques for Application Layer DDoS Attack in MANET: A Methodological Review

In today’s world of wireless networks the mobile ad-hoc networks are widely preferred as a communication medium as these are infrastructure less networks. The application layer of these networks is targeted by attackers because it is responsible for actual data exchange with end users. As human dependency on wireless networks is increasing the DDoS attacks i.e. distributed denial of service attack which becomes a nightmare for the researchers. This attack is one of the most devastating attacks that can be executed on web-servers and congest the network keys like socket connections, CPU cycles, and memory database. In this current mobile computing world the necessity of DDOS attack management is significantly increased because this attack can degrade the entire web experience. Further, this DDOS attack is commenced along with the legitimate requests so it is also important to differentiate DDoS attack from other similar Events. This review endeavors to explore with more emphasis on application layer DDoS attack and its management stages like prevention, detection, mitigation and Differentiation along with comparative statement of prominent techniques discovered in each stage. This methodological survey report shall lead the way to researchers and network designers to suit the specific management scheme to provide the complete protection of wireless networks from DDoS attack.

     

概率包标记技术综述

防御分布式拒绝服务攻击是目前网络安全的一大难题,在应对分布式拒绝服务攻击的各种措施中,概率包标记技术是一种重要手段,受到了广泛的重视。文章对Savage提出的基本概率包标记以及目前的常见的概率包标记方案进行了分析研究,按照采用的标记手段和方法做了一定的归类并对其性能和效果进行了比较和分析,最后对概率包标记技术的发展趋势作了简单分析和展望。     

基于深度学习的实时DDoS攻击检测

分布式拒绝服务(DDoS)攻击是一种分布式、协作式的大规模网络攻击方式,提出了一种基于深度学习的DDoS攻击检测方法,该方法包含特征处理和模型检测两个阶段:特征处理阶段对输入的数据分组进行特征提取、格式转换和维度重构;模型检测阶段将处理后的特征输入深度学习网络模型进行检测,判断输入的数据分组是否为DDoS攻击分组.通过ISCX2012数据集训练模型,并通过实时的DDoS攻击对模型进行验证.结果表明,基于深度学习的DDoS攻击检测方法具有高检测精度、对软硬件设备依赖小、深度学习网络模型易于更新等优点.     

DDOS攻击原理及对策研究

本文主要介绍了DDOS的攻击原理及特点,并分析了攻击中常用的攻击工具.在防御DDOS方面,本文按照防御阶段进行了探讨,在平时如何预防DDOS的攻击,减少攻击成功的概率,而当发生这种攻击时如何应对,减少攻击造成的损失.     

Security upgrade against RREQ flooding attack by using balance index on vehicular ad hoc network

VANET is an ad hoc network that formed between vehicles. Security in VANET plays vital role. AODV routing protocol is a reactive or on-demand routing protocol which means if there is data to be send then the path will create. AODV is the most commonly used topology based routing protocol for VANET. Using of broadcast packets in the AODV route discovery phase caused it is extremely vulnerable against DOS and DDOS flooding attacks. Flooding attack is type of a denial of service attack that causes loss of network bandwidth and imposes high overhead to the network. The method proposed in this paper called Balanced AODV (B-AODV) because it expects all network node behave normally. If network nodes are out of the normal behavior (too much route request) then they identified as malicious node. B-AODV is designed with following feature: (1) The use of adaptive threshold according to network conditions and nodes behavior (balance index) (2) Not using additional routing packets to detect malicious nodes (3) Perform detection and prevention operations independently on each node (4) Perform detection and prevention operations in real time (5) No need for promiscuous mode. This method for detection and prevention flooding attack uses average and standard deviation. In this method each node is employing balance index for acceptation or rejection RREQ packets. The results of the simulation in NS2 indicates B-AODV is resilience against flooding attack and prevent loss of network bandwidth. Comparing between AODV with B-AODV in normal state (non-attacker) shows B-AODV is exactly match with AODV in network performance, this means that the B-AODV algorithm does not impose any overhead and false positive to AODV.     

DDoS攻击的技术分析与防御策略

系统地分析分析了DDoS攻击的实现原理,列举了发动DDoS攻击的常用工具,针对攻击产生的机理,提出了详细可行的DDoS攻击防御策略.最后给出市场上典型DDoS攻击检测与响应系统的主要性能和防御DDoS攻击的研究方向.     

分布式拒绝服务攻击及IP溯源技术探析

拒绝服务攻击已经成为威胁互联网安全的重要攻击手段,本文介绍了分布式拒绝服务（DDoS）攻击的概念,分析了DDoS攻击的原理;最后介绍了多种IP溯源技术的优缺点。