可动态扩展的高效单包溯源方法  被引量：3

作　　者：鲁宁[1,2] 王尚广 李峰[1] 史闻博 杨放春 LU Ning;WANG Shang-Guang;LI Feng;SHI Wen-Bo;YANG Fang-Chun(College of Information Science and Engineering,Northeastern University,Shenyang 110819,China;State Key Laboratory of Networking and Switching Technology（Beijing University of Posts and Telecommunications）,Beijing 100876 China)

机构地区：[1]东北大学信息科学与工程学院,辽宁沈阳110819 [2]网络与交换技术国家重点实验室(北京邮电大学),北京100876

出　　处：《软件学报》2018年第11期3554-3574,共21页Journal of Software

基　　金：国家自然科学基金(61601107;61402094;61472074);河北省自然科学基金(F2015501122);辽宁省科研博士启动基金(F201501143)~~

摘　　要：由于能够隐藏攻击位置、避开攻击过滤、窃取用户隐私和增强攻击危害,IP匿名已被各类网络攻击广泛使用并造成极大的危害.为此,研究者们提出了IP溯源——一种能够在匿名攻击发生后揭露攻击主机身份的追踪技术.鉴于已有的IP溯源研究在面对大规模网络时存在扩展性差、处理开销大、拓扑隐私泄露等问题,提出了一种可动态扩展的高效单包溯源方法,简称SEE.该方法采用域间和域内相分离的层次化系统架构模型来弱化自治域之间的溯源联系、避免拓扑隐私泄露,并通过域内溯源网络构建、域内溯源地址分配、域内路径指纹建立和提取、域间反匿名联盟构建和域内到域间的平稳过渡等策略来改善系统的扩展性和处理开销.通过理论分析和基于大规模真实和人工互联网拓扑的仿真实验,结果表明,相对于以往方案,SEE在高效性和扩展性方面确实有了很大的改善.IP spoofing, as a trick that can conceal the attackers＇ location, bypass the attack prevention, gather the confidential information and enhance the destructive power, has been prevalent in the current network attacks to further bring about severe damage to the Internet. For this reason, the IP traceback technology that can trace an individual attack packet to its origin and then disclose the attacker identity has been extensively researched and developed. Although the existing research can achieve the purpose of tracking to some extent, they also suffer from the following disadvantages： the leakage of topology privacy, the lack of scalability and the higher processing overhead. To tackle those issues, this paper proposes a dynamically scalable and efficient approach for single-packet IP traceback, termed as SEE. SEE first designs the hierarchical traceback system architecture to weaken the traceability relationships among the autonomous domains, and then employs the intra-AS traceback network construction based on OSPF, the traceback address assignment based on edge-coloring, path fingerprint establishment and extraction based on link-binding, the anti-spoofing alliance establishment based on peer-peer relationship and the stable transition process from intra AS to inter AS to improve the scalability and cut down the processing overhead. Extensive mathematical analysis and simulations are performed to evaluate our approach. The results show that the proposed approach significantly out per forms the prior approaches in terms of the scalability and high-efficiency.

关 键 词：网络安全 拒绝服务攻击 IP匿名 IP溯源 单包溯源 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]