检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:金光[1] 赵杰煜[1] 赵一鸣[1] 王肖虹[1]
机构地区:[1]宁波大学信息科学与工程学院,宁波315211
出 处:《计算机研究与发展》2004年第7期1117-1123,共7页Journal of Computer Research and Development
基 金:浙江省科技厅重点科研项目 ( 2 0 0 3C2 10 0 9) ;宁波市软件产生发展基金项目 (R2 0 0 3 3 6) ;宁波大学校内基金项目 ( 0 3 10 0 48)
摘 要:针对因特网上的DoS攻击 ,路径追溯可能成为一种新的防范手段 在分析已有技术的基础上 ,提出一种新颖的在入口路由器端对数据包进行地址元组标记的算法模型 ,受害主机通过分析攻击包中的标记信息 ,能较方便地直接还原出真实攻击入口地址 给出了可供实用的算法要点和必要的理论分析 在一般网络环境中进行的模拟实验获得了良好的与理论估算相吻合的结果 讨论分析了算法模型的性能特点、计算复杂度。IP traceback is a new technique to defeat the denial of service attacks in Internet. On the basis of analyzing the previous methods,a new algorithm scheme called ingress address marking (IAM) is presented,which is focused on the attack ingress instead of the whole attack path. In the marking procedure,the ingress router converts its IP address into an n -tuple and embeds one element of the tuple into the ID field of the forwarding packet. In the recovery procedure,the victim extracts the marking information from the attack packets and recovers the IP address of the ingress router. The necessary mathematical analyses based on the set algebra and the probability theory are provided. Two important techniques to improve the recovery performance,i.e.,the correlation function and the redundant decomposition are used and discussed. The theoretical deduction of the recovery ratio λ is provided in detail and a practical scheme is given. Some simulation experiments are conducted in a comprehensive network environment. The practical results coincide well with the theoretical estimations. The advantages,efficiencies,and complexity of the scheme are discussed. It is shown that IAM is better than the previous IP traceback methods and finally conclusions and expectations are given.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.208
