分布式DNS反射DDoS攻击检测及控制技术

doi:10.11959/j.issn.1000-0801.2015270

Abstract

Abstract:

Distributed DNS reflective DDoS attack has become one of the main forms of denial of service attacks，and traditional security technology based on network traffic analysis and network traffic control technology can’t meet the needs of protection.Detection technology of DNS reflection attack based on time to live （TTL）value intelligent judgments was proposed，and the detection technology can accurately detect spoofed source IP address of the packet.The control technology based on multi system fusion can block attack traffic flow into the network in the source.

Key words: DNS reflective attack, DDoS attack, fake source address, network security

Zhiqiang Luo,Jun Shen,Huamin Jin. Detection and Control Technology of Distributed DNS Reflective DDoS Attack[J]. Telecommunications Science, 2015, 31(10): 1-196.

Figures/Tables 4

References 6

1	国家互联网应急中心. 2013年互联网网络安全态势综述，2014 CNCERT. A Survey of Internet Security Situation in 2013， 2014
2	国家互联网应急中心. 2014年互联网网络安全态势综述，2015 CNCERT. A Survey of Internet Security Situation in 2014， 2015
3	罗志强，史国水，沈军等. 移动互联网安全热点技术研究. 电信科学， 2013（Z1）： 254～256，261 Luo Z Q ， Shi G S ， Shen J ， et al. Research on mobile Internet security technology. Telecommunications Science， 2013（Z1）： 254～256，261
4	唐宏，罗志强，沈军 . 僵尸网络DDoS攻击主动防御技术研究与应用. 电信技术， 2014（11）： 76～80 Tang H ， Luo Z Q ， Shen J . Research and application of the active defense technology of DDoS attack in botnet. Telecommunications Technology， 2014（11）： 76～80
5	徐图，罗瑜，何大可 . 多类支持向量机的DDoS攻击检测的方法. 电子科技大学学报， 2008，37（2）： 274～277 Xu T ， Luo Y ， He D K . Detecting DDoS attack based on multi-class SVM. Journal of University of Electronic Science and Technology of China， 2008，37（2）： 274～277
6	顾晓清，王洪元，倪彤光等. 基于时间序列分析的应用层DDoS攻击检测. 计算机应用， 2013，33（8）： 2228～2231 Gu X Q ， Wang H Y ， Ni T G ， et al. Detection of application-layer DDoS attack based on time series analysis. Journal of Computer Applications， 2013，33（8）： 2228～2231

Metrics

Recommended 0

No Suggested Reading articles found!

计数器最大门限值变化次数/s	僵尸网络攻击端数目/个	攻击峰值总流量/pps	接收峰值总流量/pps	检测率
不启用	1	1 000	1 000	0.00%
	2	2 000	2 000	0.00%
	5	5 000	5 000	0.00%
	10	10 000	9 998	0.02%
1 000	1	1 000	1 000	0.00%
	2	2 000	1 635	18.25%
	5	5 000	1 356	72.88%
	10	10 000	1 082	89.18%
200	1	1 000	1 000	0.00%
	2	2 000	474	76.30%
	5	5 000	332	93.36%
	10	10 000	228	97.72%

[1]	Le ZHANG, Hongyuan MA. Practice on edge cloud security of telecom operators [J]. Telecommunications Science, 2023, 39(4): 165-172.
[2]	Weixiong CHEN, Xiaochen YANG, Zengjun CHUN, Ruolan LI, Hua ZHANG. Research and practice of network security threat intelligence management system for power enterprise [J]. Telecommunications Science, 2022, 38(7): 184-189.
[3]	Yatian LIU, Bowen HU, Maofei CHEN, Dongxin LIU. Study on the 5GC security situational awareness system [J]. Telecommunications Science, 2022, 38(11): 73-85.
[4]	Yue GU, Dan LI, Kaihui GAO. Research on network traffic classification based on machine learning and deep learning [J]. Telecommunications Science, 2021, 37(3): 105-113.
[5]	Ming GAO,Jin LUO,Huiying ZHOU,Hai JIAO,Lili YING. A differential feedback scheduling decision algorithm based on mimic defense [J]. Telecommunications Science, 2020, 36(5): 73-82.
[6]	Yuanying XIAO,Yaodong YOU,Lixi XIANG. Causes and optimization of the false alarm rate of code review system [J]. Telecommunications Science, 2020, 36(12): 155-162.
[7]	Zhiqiang YANG,Li SU,Minpeng QI,Bo YANG. Overview and prospect of 5G security [J]. Telecommunications Science, 2020, 36(12): 1-19.
[8]	Guofeng HE. Application protection in 5G cloud network using zero trust architecture [J]. Telecommunications Science, 2020, 36(12): 123-132.
[9]	Ping XIE,Xiaosong LIU. Security of the deployment of SDN-based IoT using blockchain [J]. Telecommunications Science, 2020, 36(12): 139-146.
[10]	Hang YU,Shuai WANG,Huamin JIN. RASP based Web security detection method [J]. Telecommunications Science, 2020, 36(11): 113-120.
[11]	Junwen WANG. Technical requirement of future industrial internet [J]. Telecommunications Science, 2019, 35(8): 26-38.
[12]	Cong LI, Bo LEI, Chongfeng XIE, Yunhe LI. Trustworthy network based on blockchain technology [J]. Telecommunications Science, 2019, 35(10): 60-68.
[13]	Jianquan WANG,Zhangchao MA,Xinzhong LI,Lei SUN,Changwei HU. Quantum secure communication network architecture and mobile application solution [J]. Telecommunications Science, 2018, 34(9): 10-19.
[14]	. Interestmeasurement and system construction of personal information protectionLI Meiyan [J]. Telecommunications Science, 2018, 34(8): 160-166.
[15]	Qi LIANG. Security＆ safety protection solution of ICS [J]. Telecommunications Science, 2018, 34(4): 144-150.

Detection and Control Technology of Distributed DNS Reflective DDoS Attack

RichHTML

PDF下载

Knowledge

Cited

Abstract

Cite this article

share this article

Figures/Tables 4

References 6

Related Articles 15

Metrics

Recommended 0