共查询到17条相似文献,搜索用时 171 毫秒
1.
2.
3.
对IKEv2协议的交换过程和主要工作原理进行分析,得出其存在着内存耗尽型和基于分片的DoS攻击的安全缺陷,针对内存耗尽型DoS攻击通过改进初始交换过程,增加Cookie信息来认证发起方杜绝IP欺骗引起的耗尽型DoS攻击,针对基于分片的DoS攻击采用增加IP地址分片重组列表的方案来进行抵御,这些针对DoS攻击的防范进一步增强了IKEv2的安全性。 相似文献
4.
为解决网络攻击与信息窃听环境下的多智能体系统分布式共识问题,提出一种能有效抵御网络拒绝服务(Do S)攻击和保护节点状态隐私的平均共识算法。首先,结合网络化控制系统中DoS攻击的特性,构建与时间相关的周期性Do S攻击模型。其次,利用邻居节点间的信息交互给出一种基于差分隐私的分布式网络节点信息处理机制,并将其引入平均共识算法。再次,结合事件触发机制,提出一种适用于DoS攻击下无向通信网络的分布式共识算法,并分别对其收敛性和隐私保护性能进行了严格的数学分析。最后,通过数值仿真实验和硬件实验验证了所提算法的有效性。 相似文献
5.
谭冬文李彩虹李守亮李廉 《微电子学与计算机》2017,(10):47-52
为克服Logistic映射存在的缺陷,基于延迟反馈设计了一种改进的Logistic混沌映射.基于该混沌映射,提出了一种新的密钥与明文相关的图像加密算法.仿真结果表明,提出的图像加密算法只需进行一轮置乱扩散操作即可获得较好的加密效果,可有效抵御统计分析攻击、差分攻击和选择明文攻击,同时展现出较强的鲁棒性. 相似文献
6.
GEAR路由是无线传感器网络中一种高效的位置和能量感知的地理路由协议,在抵御路由攻击方面有较好的特性,但是GEAR路由不能抵御虚假路由、女巫、选择性转发等攻击。针对该问题,提出了一种适合无线传感器网络特征的、基于位置密钥对引导模型的安全GEAR路由协议SGEAR,并对该协议进行了性能分析,分析显示在较小的系统开销下,SGEAR能有效抑制上述攻击及DoS攻击。 相似文献
7.
基于Gnutella协议的P2P网络中DoS攻击防御机制 总被引:2,自引:0,他引:2
乐光学 《微电子学与计算机》2005,22(8):26-31,35
对基于Gnutella协议的P2P计算网络实施DoS攻击的特征进行了详细分析,通过设置攻击容忍度和防御起点,提出了一种简单的基于特征的DoS攻击防御策略,运用基于贝叶斯推理的异常检测方法发现攻击,使系统能根据DoS攻击的强弱,自适应调整防御机制,维持网络的服务性能.仿真结果表明,本文提出的防御策略能有效的防御恶意节点对网络发动的DoS攻击,使网络服务的有效性达到98%,正常请求包被丢弃的平均概率为1.83%,预防机制平均时间开销仅占网络总开销的6.5%. 相似文献
8.
9.
10.
为了防范基于Web的 DoS 攻击,验证码技术得到了广泛应用.分析了Web上实施DoS攻击的基本原理,讨论了图片验证码的实现技术以及图片验证码的重要安全性指标--图片识别率问题.论证了运用基于验证码的表单提交技术,该技术能够有效地防范针对数据交互这一薄弱环节所实施的DoS攻击.最后对实现方法的进一步完善提出了建议. 相似文献
11.
乐光学 《微电子学与计算机》2005,22(7):92-98
对基于Gnutella协议的P2P计算网络实施DoS攻击的特征进行了详细分析,通过设置攻击容忍度和防御起点,提出了一种简单的基于特征的DoS攻击防御策略,运用基于贝叶斯推理的异常检测方法发现攻击.使系统能根据DoS攻击的强弱,自适应调整防御机制,维持网络的服务性能。仿真结果表明,本文提出的防御策略能有效防御恶意节点对网络发动的DoS攻击,使网络服务的有效性达到98%,正常请求包被丢弃的平均概率为1.83%,预防机制平均时间开销仅占网络总开销的6.5%。 相似文献
12.
Denial of Service (DoS) attack, especially Distributed Denial of Service (DDoS) attack, is one of
the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in the behaviors of the network and can not deal with the problem exactly. In this paper, we start from the security of the protocol, then we propose a novel theory for security protocol analysis of Denial of Service in order to deal with the DoS attack. We first introduce the
conception of weighted graph to extend the strand space model, then we extend the penetrator model and define the goal of anti-DoS attack through the conception of the DoS-stop protocol, finally we propose two kinds of DoS test model and erect the novel formal theory for security protocol analysis of Denial of Service. Our new formal theory is applied in two example protocols. It is proved that the Internet key exchange (IKE) easily suffers from the DoS attacks, and the efficient DoSresistant
secure key exchange protocol (JFK) is resistant against DoS attack for the server, respectively. 相似文献
13.
在vBNN-IBS签名基础上提出了一种抗DoS攻击的多用户传感器网络广播认证方案DDA-MBAS,利用散列运算及用户信息进行虚假数据过滤。与现有的多用户传感器网络广播认证方案相比,DDA-MBAS在抵抗节点妥协攻击、主动攻击的基础上,以较低的能耗过滤虚假消息并有效地限制了妥协用户发起的DoS攻击及共谋攻击的安全威胁。 相似文献
14.
Kai Wang Jia Chen Huachun Zhou Yajuan Qin Hongke Zhang 《International Journal of Communication Systems》2014,27(12):4355-4368
Named data networking (NDN) has attracted much attention on the design for next generation Internet architecture. Although it embeds some security primitives in its original architecture, it may suffer from denial‐of‐service (DoS) attacks. In this paper, we model one representative type of NDN‐specific DoS attacks named DoS against pending interest table (PIT), or DoS‐PIT, which floods malicious Interests that request nonexistent content to bypass cached content at routers and to exhaust the memory resource for PIT, bringing in severe service degradation. In our proposed analytical model, the closed‐form expressions for the DoS probability for users suffering DoS‐PIT are derived, while considering several important factors of NDN networks such as PIT size, time‐to‐live of each PIT entry, popularity of content, and cache size. Moreover, extensive simulation experiments demonstrate the accuracy of the proposed model on evaluating the damage effect of DoS‐PIT. In addition, the proposed model can be chosen to guide designing effective countermeasures for DoS‐PIT (or attacks with similar way to harm NDN) by properly setting the values of some parameters (e.g., cache size) of each NDN router. Copyright © 2013 John Wiley & Sons, Ltd. 相似文献
15.
Denial of service (DoS) attacks is a serious threat for the Internet. DoS attacks can consume memory, Computer processing unit (CPU), and network bandwidths and damage or shut down the operation of the resource under attack. In this paper, based on the taxonomy of DoS attacks, two typical types of DoS—flood DoS (FDoS) and low-rate DoS (LDoS) attacks, are studied on their generation principle, mechanism utilization, signature, impacts, and defense mechanisms. Simulation results illustrate that 1) FDoS is easy to be launched but its signature is easy to be detected. 2) LDoS organizes an average small quantity of traffic and it is stealthier. Comparison of LDoS with FDoS shed light on the emerging new features of DoS attacks and can make the detection and defense mechanisms more efficient. 相似文献
16.
17.
ICMP协议的缺陷常常被攻击者用来进行网络DoS攻击。论文探讨了利用ICMP缺陷进行DoS攻击的机理,模拟了利用ICMP缺陷实施DoS攻击及其拦截,并由此提出了一些防范此类攻击的措施。 相似文献