检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:鲁宁[1,2] 李峰 王尚广 史闻博[1] 杨放春 LU Ning;LI Feng;WANG Shang-Guang;SHI Wen-Bo;YANG Fang-Chun(College of Information Science and Engineering, Northeastern University, Shenyang 110819, China;State Key Laboratory of Networking and Switching Technology (Beijing University of Posts and Telecommunications), Beijing 100876,China)
机构地区:[1]东北大学信息科学与工程学院,辽宁沈阳110819 [2]网络与交换技术国家重点实验室(北京邮电大学),北京100876
出 处:《软件学报》2019年第9期2791-2814,共24页Journal of Software
基 金:国家自然科学基金(61601107,61402094);河北省自然科学基金(F2015501122,F2015501105);辽宁省博士科研启动基金(F201501143)~~
摘 要:IP 匿名是当前互联网协议中最具威胁的安全漏洞,它会引发一系列安全、管理和计费问题.基于对等过滤的域间源地址验证方法通过构建反匿名联盟,能够利用当前已广泛实现、轻量的 Egress Filtering 有选择性地将流向联盟成员的匿名包清理掉,在保证高效的同时兼具部署激励性.然而,现有方法存在以下问题:过于扁平化、单一化的联盟体系结构,使得其过滤器需求量和成员更新传播范围随联盟规模的扩张而急剧增大;过于随机的非成员判定方式和低效的数据处理方式,使得其过滤规则优化算法的计算开销和精度都有待完善.对此,提出了一种层次化的基于对等过滤的反匿名联盟构建方法.通过理论分析和基于大规模真实互联网拓扑的仿真实验结果表明:相比以往同类典型方案,该方法在继承其优势的同时改善了过滤器开销、通信开销、计算开销和优化精度.IP spoofing, as one of the most threatening security flaws in the current Internet, can bring a series of issues about network management and telecommunications billing. For this reason, the researchers propose the mutual egress filtering based defense mechanism, which uses the best current anti-spoofing practice, i.e., egress filtering, to clean the anonymous packets with high-efficiency, and simultaneously increase the incentive deployment through constructing the anti-spoofing alliance. However, the existing work has the following disadvantages: the flat and plain architecture leads to the higher overhead on the filter and communication;the inefficient data processing and non-member identification leads to the higher computation overhead and the lower precision of filter optimization. Therefore, this study proposes a hierarchical anti-spoofing alliance construction approach based on mutual egress filtering. Extensive mathematical analysis and simulations are performed to evaluate the proposed approach. The results show that the proposed approach significantly outperforms the prior approaches in terms of the filter overhead, communication overhead, computation overhead, and the precision of filter optimization.
关 键 词:IP 匿名 源地址验证 出边界过滤 对等过滤 层次化
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.249