 |
|
|
|
 |
 |
 |
|
 |
|
 |
|
|
| 孙知信,李清东.基于源目的IP地址对数据库的防范DDos攻击策略.软件学报,2007,18(10):2613-2623 |
| 基于源目的IP地址对数据库的防范DDos攻击策略 |
| Defending DDos Attacks Based on the Source and Destination IP Address Database |
| 投稿时间:2006-06-05 修订日期:2006-11-13 |
| DOI: |
| 中文关键词: 分布式拒绝服务攻击 路由器 无参数CUSUM算法 bloom filter |
| 英文关键词:Ddos (distributed denial of service attacks) router non-parametric CUSUM bloom filter |
| 基金项目:Supported by the National Natural Science Foundation of China under Grant No.60572131 (国家自然科学基金); the Key Technologies R&D Program of Jiangsu Province of China under Grant No.BE2007058 (江苏省科技攻关项目); the Scientific Research Foundation of ZTE and Huawei Corporation of China (中兴及华为基金); the Scientific Development Foundation of Government of China (南京市科技发展计划); the Scientific Research Foundation of NUPT of China under Grant Nos.NY206008, NY206050 (南京邮电大学攀登计划及青蓝计划) |
| 作者 | 单位 | | 孙知信 | 南京邮电大学,计算机学院,江苏,南京,210003
南京邮电大学,计算机技术研究所,江苏,南京,210003 | | 李清东 | 南京邮电大学,计算机学院,江苏,南京,210003 |
|
| 摘要点击次数: 3361 |
| 全文下载次数: 3724 |
| 中文摘要: |
| 提出了一种基于源目的IP地址对数据库的防范分布式拒绝服务攻击(distributed denial of service attacks,简称DDos)攻击策略.该策略建立正常流量的源目的IP地址对数据库(source and destination IP address database,简称SDIAD),使用扩展的三维Bloom Filter表存储SDIAD,并采用改进的滑动窗口无参数CUSUM(cumulative sum)算法对新的源目的IP地址对进行累积分析,以快速准确地检测出DDos攻击.对于SDIAD的更新,采用延迟更新策略,以确保SDIAD的及时性、准确性和鲁棒性.实验表明,该防范DDos攻击策略主要应用于边缘路由器,无论是靠近攻击源端还是靠近受害者端,都能够有效地检测出DDos攻击,并且有很好的检测准确率. |
| 英文摘要: |
| This paper proposes a scheme to defend distributed denial of service attacks (DDos) based on the source and destination IP address database. The scheme establishes the source and destination IP address database (SDIAD) by observing the normal traffic and storages SDIAD in a three dimension Bloom Filter table. Then this paper cumulates and analyses the new pair of source and destination IP address based on the slide non-parametric cumulative sum (CUSUM) algorithm to detect the DDos attacks quickly and accurately. The secheme updates SDIAD by using a delayed update policy to keep SDIAD timely,accurate and robust. This secheme is mainly applied in the edge router and it can detect the DDos attacks efficiently either the edge router or the last-mile router is the first-mile router. The simulation results display that the secheme do a good performance in detecting DDos attacks. |
|
HTML 下载PDF全文 查看/发表评论 下载PDF阅读器 |
|
|
|
|
|
|
 |
|
|
|
|
 |
|
 |
|
 |
|
