可编程网络中一种轻量级DDoS攻击缓解机制研究  被引量：1

作　　者：王卓昊 方琦 尹建辉 刘颖[2] 董平[2] WANG Zhuohao;FANG Qi;YIN Jianhui;LIU Ying;DONG Ping(Institute of Scientific and Technical Information of China,Beijing 100038,China;National Engineering Research Center of Advanced Network Technologies,Beijing Jiaotong University,Beijing 100044,China)

机构地区：[1]中国科学技术信息研究所,北京100038 [2]北京交通大学移动专用网络国家工程研究中心,北京100044

出　　处：《情报工程》2022年第5期115-126,共12页Technology Intelligence Engineering

摘　　要：[目的/意义]分布式拒绝服务(DDoS)攻击是互联网中威胁性最大且较难防御的攻击之一。针对传统的DDoS攻击缓解机制检测较为复杂且缓解策略生成较慢的问题,文中提出了一种基于带内遥测的轻量级DDoS攻击缓解机制。[方法/过程]首先,本文将DDoS攻击事件视为一种威胁情报,通过情报学方法研究提取普遍的DDoS攻击特征;然后,在数据平面利用带内遥测技术检测DDoS攻击,从而有效降低网络开销,实现轻量化;最后,控制平面生成限速策略并下发到数据平面交换机,通过源端限速的方法减小攻击流量对网络的影响。[结果/结论]该机制能够及时检测到DDoS攻击并有效缓解DDoS攻击造成的网络拥塞,并且通过缩短限速阈值中数据包的统计周期可以提高缓解机制的灵敏性,对DDoS攻击做出更快的反应。[Objective/Significance]Distributed denial-of-service(DDoS)attack is one of the most threatening and difficult to defend attacks on the Internet.In response to the problems that traditional DDoS attack mitigation mechanisms are more complex to detect and slower to generate mitigation policies,a lightweight DDoS attack mitigation mechanism based on inband telemetry is proposed in this paper.[Methods/Processes]First,in this paper,DDoS attack events are considered as a kind of threat intelligence,and the universal DDoS attack characteristics are extracted through intelligence research methods.Then,inband telemetry is used in the data plane to detect DDoS attacks,thus effectively reducing the network overhead and achieving lightweighting.Finally,the control plane generates a speed-limiting policy and sends it down to the data plane switches to reduce the impact of attack traffc on the network through the source-side speed-limiting method.[Results/Conclusions]That this mechanism can detect DDoS attacks in time and effectively mitigate the network congestion caused by DDoS attacks,and the sensitivity of the mitigation mechanism can be improved by shortening the statistical period of packets in the speed limit threshold to make faster response to DDoS attacks.

关 键 词：可编程网络 DDoS攻击缓解 带内遥测 拥塞避免 威胁情报 

分 类 号：G35[文化科学—情报学]