检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:谢丽霞[1] 丁颖 XIE Lixia;DING Ying(School of Computer Science and Technology,Civil Aviation University of China,Tianjin 300300,China)
机构地区:[1]中国民航大学计算机科学与技术学院
出 处:《清华大学学报(自然科学版)》2019年第1期36-43,共8页Journal of Tsinghua University(Science and Technology)
基 金:国家自然科学基金民航联合研究基金项目(U1833107);中央高校基本科研业务费项目(ZYGX2018028)
摘 要:针对Crossfire分布式拒绝服务(distributed denial of service,DDoS)攻击,该文提出一种基于软件定义网络(software defined network,SDN)的攻击防御机制。在对Crossfire攻击分析基础上,设计一个SDN流量层级的集中监测及分流控制模型并部署到防御机制中,利用SDN的重路由策略疏解被攻击链路的拥塞负载,通过对流量的灵活调度缓解拥塞并避免关键链路中断对网络业务造成严重干扰。利用SDN的移动目标防御(mobile target defense,MTD)机制动态调整网络配置和网络行为并诱使攻击者对攻击流量进行调整,提高诱饵服务器对攻击的检测效率。实验结果表明:该机制可以有效防御Crossfire攻击且SDN的防御机制和重路由策略不会造成显著开销。This paper presents a software defined network(SDN)based defense mechanism to detect and mitigate a new distributed denial of service(DDoS) attack named Crossfire. An SDN traffic-level centralized monitoring and shunt control model was defined based on the Crossfire characteristics for the defense mechanism.The SDN re-routing strategy was used to resolve the congestion load of the attacked link with flexible traffic scheduling used to alleviate the congestion and avoid critical link interruption that could seriously interfere with network service.The SDN mobile target defense mechanism was used to dynamically adjust the network configuration and network behavior to induce the attacker to adjust the attack traffic;thereby improving the attack detection efficiency of the bait server.Tests show that this mechanism can effectively defend against Crossfire attacks and that the SDN defense mechanism and rerouting strategy does not require significant overhead.
关 键 词:Crossfire分布式拒绝服务(DDoS)攻击 软件定义网络(SDN) 重路由
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.249