| 防御DDoS攻击的新过滤PHF模型 |
| |
| 引用本文: | 李渊,金光,张会展,陈征,钱江波.防御DDoS攻击的新过滤PHF模型[J].宁波大学学报(理工版),2008,21(4):501-504. |
| |
| 作者姓名: | 李渊 金光 张会展 陈征 钱江波 |
| |
| 作者单位: | 宁波大学信息科学与工程学院,浙江,宁波,315211 |
| |
| 基金项目: | 浙江省自然科学基金
,
浙江省教育厅科学研究计划
,
宁波市自然科学基金
,
宁波大学人才基金
|
| |
| 摘 要: | 在分布式拒绝服务攻击对网络安全的危害日益严重的情况下,在众多的攻击防御技术中,采取路径标识是一种能有效对抗DDoS攻击的技术.而为更有效地防御DDoS攻击,利用Pi方案中,受害主机使用Pi标记对收到的数据包进行过滤的方式,提出了结合Pi标记与跳数的新过滤模型,即受害主机采用〈Pi,HC〉元组识别和过滤攻击包方式.并通过基于真实因特网拓扑的实验,证明PHF模型的防御效果明显优于Pi方案.
|
| 关 键 词: | 因特网安全 分布式拒绝服务攻击 路径标识 跳数 |
A New Filtering PHF Model to Defend Against DDoS Attacks |
| |
| LI Yuan,JIN Guang,ZHANG Hui-zhan,CHEN Zheng,QIAN Jiang-bo.A New Filtering PHF Model to Defend Against DDoS Attacks[J].Journal of Ningbo University(Natural Science and Engineering Edition),2008,21(4):501-504. |
| |
| Authors: | LI Yuan JIN Guang ZHANG Hui-zhan CHEN Zheng QIAN Jiang-bo |
| |
| Institution: | ( Faculty of Information Science and Technology, Ningbo University, Ningbo 315211, China ) |
| |
| Abstract: | Distributed Denial of Service (DDoS) attacks have been posing more and more threats to cyber security. Among many proposed defending techniques, Path Identification (Pi) is a promising DDoS countermeasure. In the Pi scheme, the victim filters incoming packets based on Pi marks. To defend against DDoS attacks more efficiently, a new filter model is proposed of combining the Pi mark and the hop count (HC). In the proposed model, a victim host identifies and screens out malicious packets based on 〈Pi, HC〉 pair. The simulation experiments are conducted on real Internet topology, revealing that the PHF model outperforms the Pi scheme. |
| |
| Keywords: | internet security distributed denial of service path identification hop-count |
| 本文献已被 维普 万方数据 等数据库收录! |
|
