命名数据网络中基于包标记的Interest泛洪攻击缓解研究  被引量:6

Research on Interest Flooding Attack mitigation based on packet marking in NDN

在线阅读下载全文

作  者:邢光林[1] 陈璟 余俊乐[1] 侯睿[1] XING Guanglin;CHEN Jing;YU Junle;HOU Rui(College of Computer Science,South-Central University for Nationalities,Wuhan 430074,China)

机构地区:[1]中南民族大学计算机科学学院,武汉430074

出  处:《中南民族大学学报(自然科学版)》2021年第2期204-209,共6页Journal of South-Central University for Nationalities:Natural Science Edition

基  金:国家自然科学基金资助项目(61972424);中央高校基本科研业务费专项资金资助项目(CZT20025);中南民族大学研究生学术创新基金项目(3212020sycxjj128)。

摘  要:命名数据网络因其关注请求对象本身而非地址并具有网间缓存等特点,得到了学术界的肯定.但在Interest泛洪攻击中,攻击者恶意占用PIT表等资源,导致其拒绝对合法用户服务,从而使网络遭受严重危害.针对基于熵的Interest泛洪攻击防御方案在定位攻击源、网络开销方面存在的不足,提出了一种基于包标记的缓解方法.该方法通过让Interest包携带边缘路由器信息,在检测到攻击并找出恶意前缀后对攻击源进行定位,然后向下游路由器发送溯源数据包,从而对攻击者采取限制措施.仿真结果表明:该方法可以更加精确地定位攻击源并有效地降低网络中的开销.Named Data Networking(NDN)has been recognized by academic circles because it pays attention to the request object itself rather than the address and has the characteristics of inter-network cache.However,in Interest Flooding Attack(IFA),the attacker maliciously occupies resources such as the pending interest table(PIT)and causes it refusing to serve legitimate users,thus brings serious harm to the network.Aiming at the deficiency of entropy-based IFA defense scheme in locating attack source and network overhead,a mitigation method based on packet marking is proposed.This method locates the attack source after detecting the attack and finding the malicious prefix by attaching the information of the edge router to the Interest packets,and then sends traceable packets to the downstream routers to take restrictive measures against the attacker.Simulation results show that this method can locate the attack source more accurately and effectively reduce the overhead in the network.

关 键 词:命名数据网络 Interest泛洪攻击 包标记 攻击溯源 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象