IPv6与隧道多地址性的DoS攻击放大问题研究  被引量：2

作　　者：崔宇[1] 张宏莉[1] 田志宏[1] 方滨兴[1] 

机构地区：[1]哈尔滨工业大学网络与信息安全技术研究中心,哈尔滨150001

出　　处：《计算机研究与发展》2014年第7期1594-1603,共10页Journal of Computer Research and Development

基　　金：国家"九七三"重点基础研究发展计划基金项目(2012BAH37B01);国家自然科学基金项目(61202457);国家"八六三"高技术研究发展计划基金项目(2011AA010705;2012AA012506;2012AA012502)

摘　　要：DoS攻击是威胁IPv4网络安全的重要问题之一.随着IPv6的发展,相关安全问题也逐步体现并影响IPv6网络的正常运行.该文指出利用IPv6和隧道主机的多地址性,攻击者可获得大量合法IPv6地址,通过伪装成多个虚拟主机实施对目标设备的DoS攻击.这种攻击具有大量的可用地址范围,且受控于同一真实主机,通过不断使用新地址和多地址间配合,可避开以IP为单位的传统检测与防御策略,并可有效放大攻击节点数目或减少实际攻击节点数量.为此提出了基于地址特征分类的防御框架(defense framework based on addresses classification,DFAC).通过分类不同地址特征,构造特征子集,在特征子集基础上实施对虚拟主机攻击的检测和防御,解决虚拟主机引发的放大问题.原型系统实验结果表明,DFAC有效地降低了上述DoS攻击对系统负载的影响.DoS attacks pose serious threats for the security of IPv4 Internet. With the rapid development of IPv6, similar security problems have progressively appeared and started to influence the normal operation of IPv6 services and networks. This paper studies the multi-addresses property of native IPv6 and IPv6 tunnel hosts. Pointed out that by exploiting this property, attackers could configure huge amount of legal IPv6 addresses and perform DoS attacks on the target by pretending to be normal connections from different hosts. As a result of the huge range of addresses and the control by the same real host, by using new addresses at intervals and coordinating between different connections, this kind of attack could effectively avoid the typical detection and defense processes based on IP addresses. The quantity of virtual attacking hosts could be amplified and the quantity of actual attacking hosts could be reduced. To defense this kind of attack, the method of ＂defense framework based on addresses classification＂ （DFAC） is presented. By classifying addresses with different property and constructing property sets, DFAC could perform detection and defense on this kind of amplification attack. Experimental results by proto-system show that DFAC effectively alleviates the influence on system payload caused by these DoS attacks.

关 键 词：IPV6 隧道 安全 拒绝服务攻击 TCP流 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]