| 基于汇聚流回推的DDoS防御系统 |
| |
| 引用本文: | 李晓宁.基于汇聚流回推的DDoS防御系统[J].计算机应用,2005,25(7):1531-1534. |
| |
| 作者姓名: | 李晓宁 |
| |
| 作者单位: | 中山大学,电子与通信工程系,广东,广州,510275 |
| |
| 基金项目: | 国家自然科学基金资助项目(90304011),广东省自然科学基金项目(04009747),珠海市科技计划项目(PC20041100) |
| |
| 摘 要: | 提出了一种基于汇聚流回推的DDoS(Distributed Denial of Setvice)综合防御方案。此方案对本地路由器上的汇聚流及其上游汇聚流回推树上第n层路由器上的汇聚流进行分布限速,以达到抵御DDoS攻击的目的。给出了汇聚流限流算法和回推汇聚流所需的反向汇聚流往返树的构建算法。汇聚流限流算法旨在最大限度地限制DDoS流,同时保护正常的用户流。反向汇聚流往返树的构建算法通过动态地探测高流量的汇聚流路径,将自动生成回推汇聚流所需的反向汇聚流往返树。
|
| 关 键 词: | DDoS 回推 基于汇聚流的拥塞控制 汇聚树探测 |
| 文章编号: | 1001-9081(2005)07-1531-04 |
DDoS defense system based on aggregated traffic pushback |
| |
| LI Xiao-ning.DDoS defense system based on aggregated traffic pushback[J].journal of Computer Applications,2005,25(7):1531-1534. |
| |
| Authors: | LI Xiao-ning |
| |
| Abstract: | A new combined method of DDoS defense based on pushback of aggregated traffic was proposed. The distributed traffic limit were made in the edge router where DDoS traffics aggregated and in the level-n of the reverse aggregate traversal tree to offend the DDoS attack. Both algorithms for limiting traffic and constructing reverse aggregate traversal tree were described. The former can limit the DDoS traffic as more as possible and prevent the good traffic of users at the same time, and the latter can build the reverse aggregate traversal tree to be needed in pushbacking the aggregated traffic by detecting the path of the high aggregated traffic. |
| |
| Keywords: | DDoS(Distributed Denial of Service) pushback aggregate-based congestion control(ACC) aggregate initiation detection (AID) |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
