基于增强权证的无状态过滤机制  被引量:2

Stateless Filtering Based on Enhanced Capabilities

在线阅读下载全文

作  者:金光[1,2] 杨建刚[1] 魏蔚[1] 董亚波[1] 

机构地区:[1]浙江大学计算机科学与技术学院,杭州310027 [2]宁波大学信息科学与工程学院,宁波315211

出  处:《电子与信息学报》2008年第10期2490-2493,共4页Journal of Electronics & Information Technology

基  金:浙江省自然科学基金(Y106023);宁波市自然科学基金(2006A610014)资助课题

摘  要:该文针对拒绝服务攻击的防御技术,着重分析了新涌现的权证技术,包括基本思想、无状态过滤和通信量验证体系。探讨了权证能否引发新的攻击和对网络传输性能的影响,针对已有方案的一些技术缺陷提出了改进对策,包括:用通知保护权证请求,多级别权证,动态的权证分配。理论估算和仿真试验表明,这些方法能更好地兼顾安全性和效率性,性能明显优于原方案,提高了权证技术的可行性。Major defensive mechanisms against DoS attacks in the Internet are reviewed. Especially the most recent capabilities techniques, such as basic concepts, stateless flow filtering and the Traffic Validation Architecture (TVA), are analyzed deeply. The related discussions about the shortcomings of current capabilities techniques, such as potential Denial-of-Capability (DoC) attacks, decrement of transmission efficiency, are given in detail. Some improvement methods are provided. They include protecting capabilities requests with notifications, bi-level capabilities, flexible and dynamical capabilities assignment, etc. These methods enhance the robustness and efficiency of capabilities. Theoretical evaluations and simulations show that the improvements outperform original schemes and are more practical in the Internet.

关 键 词:网络安全 拒绝服务攻击 无状态过滤 权证 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象