[1] |
Arbor networks . worldwide infrastructure security report[EB/OL]. , 2012
|
[2] |
PENG T , LECKIE C , RAMAMOHANARAO K . Survey of network-based defense mechanisms countering the DoS and DDoS problems[J]. ACM Computing Surveys, 2007,39(1): 1-42.
|
[3] |
张永铮, 肖军, 云晓春 ,等. DDoS 攻击检测和控制[J]. 软件学报, 2012,23(8): 2258-2072. ZHANG Y Z , XIAO J , YUN X C ,et al. DDoS attacks detection and control mechanisms[J]. Journal of Software, 2012,23(8): 2258-2072.
|
[4] |
王进, 阳小龙, 隆克平 . 基于大偏差统计模型的Http-Flood DDoS检测机制及性能分析[J]. 软件学报, 2012,23(5): 1272-1280. WANG J , YANG X L , LONG K P . Http-flood DDoS detection scheme based on large deviation and performance analysis[J]. Journal of Software, 2012,23(5): 1272-1280.
|
[5] |
GOODRICH M T . Probabilistic packet marking for large-scale IP traceback[J]. IEEE/ACM Transactions on Networking, 2008,16(1): 15-24.
|
[6] |
BELENKY A , ANSARI N . On deterministic packet marking[J]. Computer Networks, 2007,51(10): 2677-2700.
|
[7] |
YAAR A , PERRIG A , SONG D . Pi:a path identification mechanism to defend against DDoS attacks[A]. Proceedings of IEEE Symposium on Security and Privacy[C]. 2003.
|
[8] |
YAAR A , PERRIG A , SONG D . StackPi:new packet marking and filtering mechanisms for DDoS and IP spoofing defense[J]. IEEE Journal on Selected Areas in Communications, 2006,24(10): 1853-1863.
|
[9] |
金光, 张飞, 钱江波 ,等. 融合路径追溯和标识过滤的DDoS 攻击防御方案[J]. 通信学报, 2011,32(2): 61-67. JIN G , ZHANG F , QIAN J B ,et al. DDoS defense with IP traceback and path identification[J]. Journal on Communications, 2011,32(2): 61-67.
|
[10] |
ANDERSON T , ROSCOE T , WETHERALL D . Preventing internet denial-of-service with capabilities[J]. ACM SIGCOMM Computer Communications Review, 2004,34(1): 39-44.
|
[11] |
BELLOVIN S M , CLARK D , PERRIG A ,et al. A clean-slate design for the next-generation secure internet[A]. Proceedings of National Science Foundation Workshop on Next-Generation Secure Internet[C]. 2005.
|
[12] |
吴建平, 吴茜, 徐恪 . 下一代互联网体系结构基础研究及探索[J]. 计算机学报, 2008,31(9): 1536-1548. WU J P , WU Q , XU K . Research and exploration of next-generation Internet architecture[J]. Chinese Journal of Computers, 2008,31(9): 1536-1548.
|
[13] |
林闯, 雷蕾 . 下一代互联网体系结构研究[J]. 计算机学报, 2007,30(5): 693-711. LIN C , LEI L . Research on next generation Internet architecture[J]. Chinese Journal of Computers, 2007,30(5): 693-711.
|
[14] |
YAAR A , PERRIG A , SONG D . SIFF:a stateless internet f filter to mitigate DDoS flooding attacks[A]. Proceedings of IEEE Symposium on Security and Privacy[C]. 2004.
|
[15] |
YANG X , WETHERALL D , ANDERSON T . TVA:a DoS-limiting network architecture[J]. IEEE/ACM Transactions on Networking, 2008,16(6): 1267-1280.
|
[16] |
SHUE C A , KALAFUT A J , ALLMAN M ,et al. On building inexpensive network capabilities[J]. ACM SIGCOMM Computer Communication Review, 2012,42(2): 73-79.
|
[17] |
ARGYRAKI K , CHERITON D . Network capabilities:the good,the bad and the ugly[A]. Proceedings of ACM HotNets IV[C]. 2005.
|
[18] |
LIU X , YANG X , LU Y . To filter or to authorize:network-layer DoS defense against multimillion-node botnets[A]. Proceedings of ACM SIGCOMM[C]. 2008.
|
[19] |
LIU X , YANG X , XIA Y . NetFence:preventing Internet denial of service from inside out[A]. Proceedings ofACM SIGCOMM[C]. 2010.
|
[20] |
孙红杰, 方滨兴, 张宏莉 . 基于链路特征的DDoS攻击检测方法[J]. 通信学报, 2007,28(2): 88-93. SUN H J , FANG B X , ZHANG H L . DDoS attacks detection based on link character[J]. Journal on Communications, 2007,28(2): 88-93.
|
[21] |
臧天宇, 云晓春, 张永铮 ,等. 基于通信特征和D-S证据理论分析僵尸网络相似度[J]. 通信学报, 2011,32(4): 66-76. ZANG T Y , YUN X C , ZHANG Y Z ,et al. Botnet’s similarity analysis based on communication features and D-S evidence theory[J]. Journal on Communications, 2011,32(4): 66-76.
|
[22] |
金光, 杨建刚, 魏蔚 ,等. 基于增强权证的无状态过滤机制[J]. 电子与信息学报, 2008,30(10): 2490-2493. JIN G , YANG J G , WEI W ,et al. Stateless filtering based on enhanced capabilities[J]. Journal of Electronics & Information Technology, 2008,30(10): 2490-2493.
|
[23] |
RESCORLA E . Diffie-hellman key agreement method[EB/OL]. , 1999.
|
[24] |
CAIDA[EB/OL]. , 2011.
|
[25] |
MAHAJAN R , BELLOVIN S M , FLOYD S ,et al. Controlling high bandwidth aggregates in the network[J]. ACM Computer Communication Review, 2002,32(3): 62-73.
|
[26] |
PARNO B , PERRIG A , WENDLANDT D ,et al. Portcullis:protecting connection setup from denial-of-capability attacks[A]. ACM SIGCOMM[C]. 2007.
|
[27] |
BGP routing table analysis reports[EB/OL]. , 2011.
|