检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]清华大学网络科学与网络空间研究院,北京100084 [2]清华信息科学与技术国家实验室(筹)(清华大学),北京100084
出 处:《软件学报》2014年第3期591-605,共15页Journal of Software
基 金:国家重点基础研究发展计划(973)(2009CB320505);国家自然科学基金(61170211;61202356);教育部博士学科点专项基金(20110002110056)
摘 要:低速率拒绝服务攻击是新型的拒绝服务攻击,对Internet的安全造成严重的潜在威胁,引起众多研究者的兴趣和重视,成为网络安全领域的重要研究课题之一.自2003年以来,研究者先后刻画了Shrew攻击、降质攻击、脉冲拒绝服务攻击和分布式拒绝服务攻击等多种低速率拒绝服务攻击方式,并提出了相应的检测防范方法.从不同角度对这种新型攻击的基本机理和攻击方法进行了深入的研究;对TCP拥塞控制机制进行了安全性分析,探讨了引起安全问题的原因;对现有的各种各样的LDoS攻击防范和检测方案,从多个方面进行了分类总结和分析评价;最后总结了当前研究中出现的问题,并展望了未来研究发展的趋势,希望能为该领域的研究者提供一些有益的启示.Low-Rate denial of service (LDoS) attack is a new category of denial of service attacks which may become a serious threat to Internet. It has attracted many researchers' interest and is becoming an important research topic in network security area. Since 2003, researchers have revealed several kinds of low-rate denial of service attacks, such as the shrew attack, the reduction of quality (RoQ) attack, the pulsing denial-of-service (PDoS) attack and the distributed low-rate denial of service attacks (DLDoS). They also proposed some corresponding defense and detection methods. This paper thoroughly reviews the state-of-the-art of LDoS attack and prevention research, and also analyzes the basic mechanism and attack methods of different LDoS attacks. Especially, it analyzes the security of TCP congestion avoidance mechanism, and illustrates the cause of potential security issue of such mechanism. In addition, the paper also reviews and evaluates the current LDoS attack prevention and detection approaches. Finally, the paper identifies some open research issues and points out possible future research directions in LDoS attack research area.
关 键 词:网络安全 低速率拒绝服务攻击 异常检测 TCP拥塞控制 主动队列管理
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.222