共查询到19条相似文献,搜索用时 109 毫秒
1.
防御无线传感器网络Sybil攻击的新方法 总被引:7,自引:1,他引:6
在传感器网络中,Sybil 攻击是一类主要的攻击手段.通过随机秘密信息预分配,利用节点身份证人确认机制,提出了防御传感器网络Sybil 攻击的新方案并进行了综合性能分析.在新方案中,基于单向累加器建立了传感器网络节点秘密信息管理和分配方案,在共享密钥建立阶段,提出了传感器网络认证对称密钥建立协议,并在universally composable(UC)安全模型中对该协议进行了可证明安全分析,该协议可建立网络邻居节点之间惟一的对称密钥. 相似文献
2.
3.
针对形式化方法对安全协议DoS攻击分析的不足之处,提出了一种基于串空间模型的扩展形式化方法。利用扩展后的形式化方法,对IEEE802.11i四步握手协议进行了DoS攻击分析,发现其的确存在DoS攻击漏洞。通过分析,提出一种可以改善DoS攻击的方法,并通过了扩展形式化方法对于判断安全协议DoS攻击分析的测试规则。最后,根据扩展形式化方法对改进后的四步握手协议进行证明,得出改进后协议可以通过两类DoS测试规则运行至结束。 相似文献
4.
基于Gnutella协议的P2P网络中DoS攻击防御机制 总被引:2,自引:0,他引:2
乐光学 《微电子学与计算机》2005,22(8):26-31,35
对基于Gnutella协议的P2P计算网络实施DoS攻击的特征进行了详细分析,通过设置攻击容忍度和防御起点,提出了一种简单的基于特征的DoS攻击防御策略,运用基于贝叶斯推理的异常检测方法发现攻击,使系统能根据DoS攻击的强弱,自适应调整防御机制,维持网络的服务性能.仿真结果表明,本文提出的防御策略能有效的防御恶意节点对网络发动的DoS攻击,使网络服务的有效性达到98%,正常请求包被丢弃的平均概率为1.83%,预防机制平均时间开销仅占网络总开销的6.5%. 相似文献
5.
用Puzzle方法积极防御DoS攻击 总被引:2,自引:0,他引:2
讨论了Puzzle方法的原理及其在认证协议中的应用。其它协议中采用的防御DoS攻击的方法,都是先进行开销小的弱认证,通过后再进行开销大的强认证。Puzzle方法与他们相比它更加灵活而有效。 相似文献
6.
在移动通信网中,无线通信的安全问题基本集中在无线接口上。其中包括实体认证和会话密钥建立、分配与协商等。本文提出了一种新的认证与密钥建立协议,对协议的安全性及其性能进行了分析。 相似文献
7.
乐光学 《微电子学与计算机》2005,22(7):92-98
对基于Gnutella协议的P2P计算网络实施DoS攻击的特征进行了详细分析,通过设置攻击容忍度和防御起点,提出了一种简单的基于特征的DoS攻击防御策略,运用基于贝叶斯推理的异常检测方法发现攻击.使系统能根据DoS攻击的强弱,自适应调整防御机制,维持网络的服务性能。仿真结果表明,本文提出的防御策略能有效防御恶意节点对网络发动的DoS攻击,使网络服务的有效性达到98%,正常请求包被丢弃的平均概率为1.83%,预防机制平均时间开销仅占网络总开销的6.5%。 相似文献
8.
9.
为保障传感器安全接入信息内网,保障数据在传输、存储和使用过程中的机密性、完整性和可用性,本文在考虑设备性能和数字签名情况下提出了基于多因素的身份认证方案.随后利用椭圆曲线密码系统,提出了一种基于身份的新密钥建立协议.通过安全性能分析,与已有经典方案相比,本文所提方案在面对重播、模仿、中间人攻击(MITM)和去同步化攻击... 相似文献
10.
ARP协议安全漏洞分析及其防御方法 总被引:10,自引:0,他引:10
论文在对ARP协议简要介绍的基础上,主要分析了利用ARP协议漏洞进行网络攻击的原理和攻击的常见方式,讨论了防御ARP攻击的常见方法,并且针对ARP协议自身的特点,提出了一种利用“拒绝无请求型应答,采用ARP包认证”的规则防范ARP攻击的算法,适用于网络安全性要求较高的局域网。 相似文献
11.
Heterogeneous networks, which can be either integrated wired and wireless networks or fully wireless networks, are convenient as they allow user nodes to be connected whenever and wherever they desire. Group key agreement (GKA) protocols are used to allow nodes in these networks to communicate securely with each other. Dynamic GKA protocols such as Join and Leave Protocol are also important since users can join and leave the network at anytime and the group key has to be changed to provide backward and forward secrecy. Denial-of-Service (DoS) attacks on GKA protocols can disrupt GKA services for secure group communications but most GKA protocols in current literature do not consider protection against DoS attacks. Furthermore, most current GKA protocols only consider outsider attacks and do not consider insider attacks. In this paper, we present three authenticated, energy-efficient and scalable GKA protocols, namely Initial GKA, Join and Leave Protocol, that provide protection against insider and DoS attacks and key confirmation properties. We also present a detection protocol to detect malicious group insiders and continue establishing a group key after blocking these malicious insiders. Unlike current communication energy analysis that uses a single energy per bit value, our communication energy analysis separates point-to-point (P2P) and broadcast communications to provide more detailed study on communications in GKA. Both the complexity and energy analysis show that the three proposed protocols are efficient, scalable and suitable for heterogeneous networks. 相似文献
12.
Design and analysis of a denial-of-service-resistant quality-of-service signaling protocol for MANETs 总被引:1,自引:0,他引:1
Hejmo M. Mark B.L. Zouridaki C. Thomas R.K. 《Vehicular Technology, IEEE Transactions on》2006,55(3):743-751
Quality-of-service (QoS) signaling protocols for mobile ad hoc networks (MANETs) are highly vulnerable to attacks. In particular, a class of denial-of-service (DoS) attacks can severely cripple network performance with relatively little effort expended by the attacker. A distributed QoS signaling protocol that is resistant to a class of DoS attacks on signaling is proposed. The signaling protocol provides QoS for real-time traffic and employs mechanisms at the medium access control (MAC) layer, which serve to avoid potential attacks on network resource usage. The key MAC layer mechanisms that provide support for the QoS signaling scheme include sensing of available bandwidth, traffic policing, and rate monitoring, all of which are performed in a distributed manner by the mobile nodes. The proposed signaling scheme achieves a compromise between signaling protocols that require the maintenance of per-flow state and those that are completely stateless. The signaling scheme scales gracefully in terms of the number of nodes and/or traffic flows in the MANET. The authors analyze the security properties of the protocol and present simulation results to demonstrate its resistance to DoS attacks. 相似文献
13.
Anwar Ghani Khwaja Mansoor Shahid Mehmood Shehzad Ashraf Chaudhry Arif Ur Rahman Malik Najmus Saqib 《International Journal of Communication Systems》2019,32(16)
Wireless sensor networks (WSN) consist of hundreds of miniature sensor nodes to sense various events in the surrounding environment and report back to the base station. Sensor networks are at the base of internet of things (IoT) and smart computing applications where a function is performed as a result of sensed event or information. However, in resource‐limited WSN authenticating a remote user is a vital security concern. Recently, researchers put forth various authentication protocols to address different security issues. Gope et al presented a protocol claiming resistance against known attacks. A thorough analysis of their protocol shows that it is vulnerable to user traceability, stolen verifier, and denial of service (DoS) attacks. In this article, an enhanced symmetric key‐based authentication protocol for IoT‐based WSN has been presented. The proposed protocol has the ability to counter user traceability, stolen verifier, and DoS attacks. Furthermore, the proposed protocol has been simulated and verified using Proverif and BAN logic. The proposed protocol has the same communication cost as the baseline protocol; however, in computation cost, it has 52.63% efficiency as compared with the baseline protocol. 相似文献
14.
Denial of service (DoS) attacks is a serious threat for the Internet. DoS attacks can consume memory, Computer processing unit (CPU), and network bandwidths and damage or shut down the operation of the resource under attack. In this paper, based on the taxonomy of DoS attacks, two typical types of DoS—flood DoS (FDoS) and low-rate DoS (LDoS) attacks, are studied on their generation principle, mechanism utilization, signature, impacts, and defense mechanisms. Simulation results illustrate that 1) FDoS is easy to be launched but its signature is easy to be detected. 2) LDoS organizes an average small quantity of traffic and it is stealthier. Comparison of LDoS with FDoS shed light on the emerging new features of DoS attacks and can make the detection and defense mechanisms more efficient. 相似文献
15.
16.
Denial of Service (DoS) attack, especially Distributed Denial of Service (DDoS) attack, is one of
the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in the behaviors of the network and can not deal with the problem exactly. In this paper, we start from the security of the protocol, then we propose a novel theory for security protocol analysis of Denial of Service in order to deal with the DoS attack. We first introduce the
conception of weighted graph to extend the strand space model, then we extend the penetrator model and define the goal of anti-DoS attack through the conception of the DoS-stop protocol, finally we propose two kinds of DoS test model and erect the novel formal theory for security protocol analysis of Denial of Service. Our new formal theory is applied in two example protocols. It is proved that the Internet key exchange (IKE) easily suffers from the DoS attacks, and the efficient DoSresistant
secure key exchange protocol (JFK) is resistant against DoS attack for the server, respectively. 相似文献
17.
提出了一种针对网络信息审计系统的拒绝服务攻击(DoS)的检测算法。该算法通过分析系统告警的频率与分散度提取能够标示系统状态变化的两维特征向量,然后使用经过样本训练的K最近邻分类器检测DoS攻击。实验结果表明,该算法能够及时发现、防御DoS攻击,有效地阻止DoS攻击对网络信息审计系统的破坏。 相似文献
18.
A denial‐of‐service (DoS) attack is a serious attack that targets web applications. According to Imperva, DoS attacks in the application layer comprise 60% of all the DoS attacks. Nowadays, attacks have grown into application‐ and business‐layer attacks, and vulnerability‐analysis tools are unable to detect business‐layer vulnerabilities (logic‐related vulnerabilities). This paper presents the business‐layer dynamic application security tester (BLDAST) as a dynamic, black‐box vulnerability‐analysis approach to identify the business‐logic vulnerabilities of a web application against DoS attacks. BLDAST evaluates the resiliency of web applications by detecting vulnerable business processes. The evaluation of six widely used web applications shows that BLDAST can detect the vulnerabilities with 100% accuracy. BLDAST detected 30 vulnerabilities in the selected web applications; more than half of the detected vulnerabilities were new and unknown. Furthermore, the precision of BLDAST for detecting the business processes is shown to be 94%, while the generated user navigation graph is improved by 62.8% because of the detection of similar web pages. 相似文献