网络与信息安全学报 ›› 2019, Vol. 5 ›› Issue (2): 66-76.doi: 10.11959/j.issn.2096-109x.2019018

• 学术论文 • 上一篇    下一篇

基于NFV的新的协作式DDoS防御技术

许传丰1,2,林晖1,2(),郭烜成1,2,汪晓丁1,2   

  1. 1 福建师范大学数学与信息学院,福建 福州 350117
    2 福建师范大学福建省网络安全与密码技术重点实验室,福建 福州 350117
  • 修回日期:2019-01-25 出版日期:2019-04-15 发布日期:2019-04-16
  • 作者简介:许传丰(1994- ),男,江苏宿迁人,福建师范大学硕士生,主要研究方向为网络安全、博弈论。|林晖(1977- ),男,福建福州人,博士,福建师范大学副教授、硕士生导师,主要研究方向为信任管理、无线网络信息安全、移动云计算。|郭烜成(1995- ),女,福建龙岩人,福建师范大学硕士生,主要研究方向为网络安全、机器学习。|汪晓丁(1982- ),男,福建福州人,福建师范大学讲师,主要研究方向为网络优化与无线通信网络。
  • 基金资助:
    国家自然科学基金面上资助项目(61772008);福建省引导基金资助项目(原工业重点基金资助项目)(2016Y0031);福州市科技局基金资助项目(2017-G-79);福建省自然科学基金资助项目(2016J01289)

New collaborative DDoS defense technology based on NFV

Chuanfeng XU1,2,Hui LIN1,2(),Xuancheng GUO1,2,Xiaoding WANG1,2   

  1. 1 School of Mathematics and Computer Science,Fujian Normal University,Fuzhou 350117,China
    2 Fujian Provincial Key Laboratory of Network Security and Cryptology,Fujian Nomal University,Fuzhou 350117,China
  • Revised:2019-01-25 Online:2019-04-15 Published:2019-04-16
  • Supported by:
    The National Natural Science Foundation of China(61772008);Fujian Province Guiding Project (formerly Key Industrial Project)(2016Y0031);Fuzhou Science and Technology Bureau Project(2017-G-79);The Natural Science Foundation of Fujian Province(2016J01289)

摘要:

在采取网络功能虚拟化技术构建的协作式网络抵御分布式拒绝服务攻击的过程中,由于协作网络中的资源有限,协作网络中的参与者存在为了自身安全而采取自私行为的问题,进而减弱协作网络缓解 DDoS攻击能力。针对上述问题,提出了一种新的缓解DDoS攻击策略。该策略在协作网络中构建重复囚徒困境博弈模型,引入奖罚分明激励机制加强协作网络的合作性,并采取基于社会信誉值评估的动态资源分配机制。仿真实验表明,新的协作式DDoS攻击防御技术在分组丢失率、合作性和资源分配率方面优于现有方案,提高了DDoS攻击防御的有效性。

关键词: 分布式拒绝服务攻击, 网络功能虚拟化, 协作网络, 自私行为, 囚徒困境博弈

Abstract:

To solve the problem of selfish behavior for self-security due to limited resources in the process of resisting distributed denial of service (DDoS) attacks by a collaborative network built with network function virtualization (NFV) technology,a new collaborative DDoS defense network model was proposed.a repeat prisoner's dilemma game model was built in the collaborative network,a reward and punishment incentive mechanism was introduced to strengthen the cooperation of the collaborative network,and a dynamic resource allocation mechanism based on social reputation value assessment was adopted.Simulation results show that the new collaborative DDoS attack defense technology outperforms existing solutions in terms of packet loss rate,cooperation,and resource allocation rate,improving the effectiveness of DDoS attack defense.

Key words: distributed denial of service attack, network function virtualization, collaborative network, selfish behavior, prisoner's dilemma game

中图分类号: 

No Suggested Reading articles found!