计算机科学 ›› 2014, Vol. 41 ›› Issue (7): 210-215.doi: 10.11896/j.issn.1002-137X.2014.07.044
张洪豪,王劲松,黄玮,赵祥麟
ZHANG Hong-hao,WANG Jin-song,HUANG Wei and ZHAO Xiang-lin
摘要: 介绍了面向未来互联网的防御DDoS攻击的Capabilities机制的原理及其关键技术,阐述了当前基于Capabilities机制的几个典型方案。研究了基于Capabilities机制的DDoS防御体系的全局框架,并探讨了该框架所包含的流分类、执行、Capabilities管理这3部分在未来互联网中可行的实现方案。建立了Capabilities机制框架下的流量模型,从理论上分析并论证了Capabilities机制框架下的安全性与效率等问题。通过仿真实验,比较了在不同场景下各种Capabilities方案的性能及效率。
[1] Worldwide Infrastructure Security Report.http://www.arbornetworks.com/research/infrastructure-security-report,2013 [2] Bellovin S,Clark D,Perrig A,et al.A Clean-Slate Design for the Next-Generation Secure Internet[C]∥National Science Foundation Workshop on Next-Generation Secure Internet.CMU,GENI Design Document,2005 [3] Anderson T,Roscoe T,Wetherall D.Preventing Internet Denial-of-Service with Capabilities [J].Computer Communication Review,2004,34(1):39-44 [4] Yaar A,Perrig A,Song D.SIFF:A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks[C]∥Proceedings of IEEE Symposium on Security and Privacy.May 2004 [5] Yang X,Wetherall D,Anderson T.A DoS limiting Architecture[C]∥Proceedings of ACM SIGCOMM.2005:241-252 [6] Argyraki K,Cheriton D.Network Capabilities:The Good,the Bad and the Ugly[C]∥Proceedings of ACM HotNets IV.College Park,Maryland,2005 [7] Walfish M,Vutukuru M,Balakrishnan H,et al.DDoS defenseby offense[J].Proceedings of ACM SIGCOMM,2006,36(4):303-314 [8] Parno B,Wendlandt D,Shi E,et al.Portcullis:Protecting Connection Setup from Denial-of-Capability Attacks [J].Procee-dings of ACM SIGCOMM,2007,37(4):289-300 [9] Liu X,Yang X,Lu Y.To Filter or to Authorize:Network-LayerDoS Defense Against Multimillion-node Botnets[J].Proceedings of ACM SIGCOMM,2008,38(4):195-206 [10] Liu X,Yang X,Xia Y.NetFence:Preventing internet denial of service from inside out[C]∥Proceedings of the ACM SIGCOMM.2010:255-266 [11] Van Jacobson.Congestion avoidance and control[C]∥Procee-dings of ACM SIGCOMM’88.1988 [12] CAIDA.http://www.caida.org/home/ [13] The Network Simulator NS2.http:// www.isi.edu/nsn-am/ns/ |
No related articles found! |
|