检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:张会展[1] 金光[1] 李渊[1] 陈征[1] 钱江波[1]
机构地区:[1]宁波大学信息科学与工程学院,浙江宁波315211
出 处:《宁波大学学报(理工版)》2009年第1期61-65,共5页Journal of Ningbo University:Natural Science and Engineering Edition
基 金:浙江省自然科学基金(Y106023);浙江省教育厅科研项目(20070978);宁波市自然科学基金(2006A610014;2007A610007);宁波大学人才工程项目(XR0710004)
摘 要:权证机制能有效地防御DoS攻击,但其新引起的拒绝权证攻击则严重地制约了其防御效果,因此针对此类攻击,提出基于猜谜的增强权证请求机制,如果一旦请求信道带宽被耗尽,权证路由器将实施拥塞猜谜策略,向请求权证的所有源主机发送谜题,要求其必须首先解谜,并将答案附于增强请求包中,经路由器验证后才予转发.仿真试验证明:该机制具有较好的防御效果,即使在恶意权证请求严重泛滥的情况下也能保证合法用户高效地获得权证.The Capability mechanism is well known for its effective defense against DoS attacks, but Denial-of-Capability(DoC) attacks may seriously compromise this defense effect. To tackle the problems of DoC attacks, a new scheme called Enhanced Capability Request (ECR) based on puzzle is proposed. Once the request channel is exhausted, capability-enabled routers will implement congestion-puzzle mechanisms to send puzzles to all clients requesting for riddling. All the clients are expected to solve the puzzles and attach answers to ECR packets which are to be validated by routers and then transferred if answers are correct. Simulation results show that the mechanism is effective in its defense performance, and it can allow legitimate users to acquire capabilities with high efficiencies even when malicious capabilities request packets are flooding the routers.
关 键 词:网络安全 拒绝服务攻击 权证 拒绝权证请求 拥塞猜谜
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:18.218.135.221