共查询到20条相似文献,搜索用时 187 毫秒
1.
杨建新 《电子产品维修与制作》2010,(11):89-89
Linux面临的威胁主要有DoS攻击、本地用户获取非授权的文件的读写权限、远程用户获得特权文件的读写权限、远程用户获得root权限等。 相似文献
2.
3.
为检测目标主机是否存在DoS漏洞及承受DoS攻击的能力,在Linux平台上实现一个基于SYN Flood的DoS攻击工具。首先,介绍SYN Flood攻击原理。然后利用原始套接字结合IP欺骗技术,实现SYN Flood攻击报文的构造和发送,实现了基于SYN Flood攻击工具synAttacker。最后,利用synAttacker进行测试,并对测试结果进行分析。测试结果表明synAttacker能够进行有效的SYN Flood攻击,可以作为DoS渗透攻击工具。 相似文献
4.
对IKEv2协议的交换过程和主要工作原理进行分析,得出其存在着内存耗尽型和基于分片的DoS攻击的安全缺陷,针对内存耗尽型DoS攻击通过改进初始交换过程,增加Cookie信息来认证发起方杜绝IP欺骗引起的耗尽型DoS攻击,针对基于分片的DoS攻击采用增加IP地址分片重组列表的方案来进行抵御,这些针对DoS攻击的防范进一步增强了IKEv2的安全性。 相似文献
5.
6.
基于Gnutella协议的P2P网络中DoS攻击防御机制 总被引:2,自引:0,他引:2
乐光学 《微电子学与计算机》2005,22(8):26-31,35
对基于Gnutella协议的P2P计算网络实施DoS攻击的特征进行了详细分析,通过设置攻击容忍度和防御起点,提出了一种简单的基于特征的DoS攻击防御策略,运用基于贝叶斯推理的异常检测方法发现攻击,使系统能根据DoS攻击的强弱,自适应调整防御机制,维持网络的服务性能.仿真结果表明,本文提出的防御策略能有效的防御恶意节点对网络发动的DoS攻击,使网络服务的有效性达到98%,正常请求包被丢弃的平均概率为1.83%,预防机制平均时间开销仅占网络总开销的6.5%. 相似文献
7.
8.
乐光学 《微电子学与计算机》2005,22(7):92-98
对基于Gnutella协议的P2P计算网络实施DoS攻击的特征进行了详细分析,通过设置攻击容忍度和防御起点,提出了一种简单的基于特征的DoS攻击防御策略,运用基于贝叶斯推理的异常检测方法发现攻击.使系统能根据DoS攻击的强弱,自适应调整防御机制,维持网络的服务性能。仿真结果表明,本文提出的防御策略能有效防御恶意节点对网络发动的DoS攻击,使网络服务的有效性达到98%,正常请求包被丢弃的平均概率为1.83%,预防机制平均时间开销仅占网络总开销的6.5%。 相似文献
9.
拒绝服务(DoS)攻击是目前最难处理的网络难题之一.最近,研究人员针对DoS攻击提出了多种方案,这些方案都各有优缺点.其中,由Savage等人提出的概率包标记方案受到了广泛的重视,也有不少的变种出现.在这一类的标记方案中,路由器以固定的概率选择是否标记一个数据包,这导致受害需要较多的数据包进行攻击路径的重构.本文提出一种自适应的标记策略,经实验验证受害者用较少的数据包即可重构攻击路径,这不仅为受害者及早地响应攻击争取了更多的时间,还限制了攻击者的伪造能力. 相似文献
10.
11.
12.
本文基于单向函数针对信息保密系统提出了一种双重认证的存取控制方案。该方案与已有类似方案相比要更安全一些,因为在该方案中,用户保密密钥不仅用来计算对所需访问文件的存取权,也用于认证需访问保密文件的请求用户的合法性。该方案能够在动态环境中执行像改变存取权和插入/删除用户或文件这样的存取控制操作,而不影响任何用户的保密密钥。此外,该方案还具有建立简单的特点。 相似文献
13.
In order to design an efficient edge caching policy considering spatial heterogeneity and temporal fluctuations of users’ content requests,a proactive caching scheme was proposed with UAV’s deployment location design based on user preference prediction.Firstly,each user’s preference characteristics were predicted based on file similarity and user similarity,and the request time and user location were also predicted when a content request occurs.Thereafter,on the basis of the predicted geographical location,request time and user preference,each UAV’s deployment location and the corresponding content placement were determined by virtue of clustering method based on SOM and AGNES.Simulation results show that the proposed scheme outperforms other three comparison schemes in terms of hit ratio and transmission delay.Furthermore,the results also reveal that content preference is correlated with different user features by different weights.Accordingly,different impact weights should be matched with different user features. 相似文献
14.
In a proof-of-retrievability system, a data storage center must prove to a verifier that he is actually storing all of a client’s data. The central challenge is to build systems that are both efficient and provably secure—that is, it should be possible to extract the client’s data from any prover that passes a verification check. In this paper, we give the first proof-of-retrievability schemes with full proofs of security against arbitrary adversaries in the strongest model, that of Juels and Kaliski. Our first scheme, built from BLS signatures and secure in the random oracle model, features a proof-of-retrievability protocol in which the client’s query and server’s response are both extremely short. This scheme allows public verifiability: anyone can act as a verifier, not just the file owner. Our second scheme, which builds on pseudorandom functions (PRFs) and is secure in the standard model, allows only private verification. It features a proof-of-retrievability protocol with an even shorter server’s response than our first scheme, but the client’s query is long. Both schemes rely on homomorphic properties to aggregate a proof into one small authenticator value. 相似文献
15.
As an all-important cryptographical technique, proxy re-signature (PRS) is broadly applied to distributed computation, copyright transfer and hidden path transfer because it permits a proxy to translate an entity’s signature into another entity’s signature on the identical message. Most existing PRS schemes make use of time-consuming pairing computation. Recently, to discard time-consuming pairing operator and complicated certificate-management, Wang et al. proposed two efficient pairing-free ID-based PRS schemes, and declared that their schemes were provably secure in the ROM. Very unluckily, in this investigation, we point out that Wang et al.’s schemes suffer from attacks of universal forgery by analyzing their security, i.e., any one can fabricate a signature on arbitrary data. After the relevant attacks are shown, the reasons which result in such attacks are analyzed. Finally, to address the above-mentioned attacks, we put forward an improved ID-based PRS scheme. The improved scheme not only preserves all advantages of Wang et al.’s scheme, but also is demonstrated to be provably secure in the ROM. Compared with the other two ID-PRS schemes, our improved ID-PRS scheme offers more advantages in respect of the overall performance and security.
相似文献16.
The authors evaluate the performance of both the fixed buffer allocation (FBA) and the adaptive buffer allocation (ABA) schemes, in which the network nodes are allowed to offer less than the requested buffer size. The performance measures of interest are the blocking probability, file transfer delay, and the adaptation speed for ABA for a given buffer size and the offered load. The authors develop and analyze a quasi-birth-death model of the ABA scheme (with exponential file lengths and negligible delay in carrying out reservation and cancellation procedures). In particular, they develop a recursive computational scheme exploiting the structure of the underlying model. This is supplemented by a first-passage time analysis to evaluate the transient behavior of the control strategy. The authors use both analytic and simulation methods. The results demonstrate that the ABA schemes provide significant advantages over the FBA scheme if the parameters are appropriately chosen. They also provide guidelines on the choice of these parameters 相似文献
17.
Jaecheol Kim Ji Hoon Lee Hojin Lee Taekyoung Kwon Yanghee Choi 《Wireless Communications and Mobile Computing》2012,12(11):999-1012
In wireless network convergence, each mobile host is expected to have multiple kinds of wireless interfaces. Multicast‐based applications are expected to be widely deployed. In this paper, a new network selection scheme is proposed for a mobile host to select the most appropriate wireless access network to maximize user satisfaction and ISP's profit, simultaneously. We have devised a metric to measure a user's satisfaction and we also developed a ‘normalized network resource’ metric for system profit measure. We have compared our scheme with three other reference schemes, through simulations. Depending on the network deployment situations, our scheme exhibits one‐fifth service disruption time of other reference schemes, while the resource consumption of our scheme is comparable to that of the minimum resource scheme. Overall, the gain of our scheme becomes higher as users move faster and/or the population density increases. Copyright © 2010 John Wiley & Sons, Ltd. 相似文献
18.
随着工业互联网、车联网、元宇宙等新型互联网应用的兴起,网络的低时延、可靠性、安全性、确定性等方面的需求正面临严峻挑战。采用网络功能虚拟化技术在虚拟网络部署过程中,存在服务功能链映射效率低与部署资源开销大等问题,联合考虑节点激活成本、实例化开销,以最小化平均部署网络成本为优化目标建立了整数线性规划模型,提出基于改进灰狼优化算法的服务功能链映射(improved grey wolf optimization based service function chain mapping,IMGWO-SFCM)算法。该算法在标准灰狼优化算法基础上添加了基于无环K最短路径(K shortest path,KSP)问题算法的映射方案搜索、映射方案编码以及基于反向学习与非线性收敛改进三大策略,较好地平衡了其全局搜索及局部搜索能力,实现服务功能链映射方案的快速确定。仿真结果显示,该算法在保证更高的服务功能链请求接受率下,相较于对比算法降低了11.86%的平均部署网络成本。 相似文献
19.