Journal on Communications ›› 2013, Vol. 34 ›› Issue (9): 132-141.doi: 10.3969/j.issn.1000-436x.2013.09.016
• Academic paper • Previous Articles Next Articles
Xian-liang JIANG1,3,Guang JIN2,3,Jian-gang YANG1,Jia-ming HE2,3
Online:
2013-09-25
Published:
2017-07-05
Supported by:
Xian-liang JIANG,Guang JIN,Jian-gang YANG,Jia-ming HE. AS-level model for restraining DoS attacks[J]. Journal on Communications, 2013, 34(9): 132-141.
"
方案 | 属性 | ||||||
网络架构 | 防御阶段 | 防御层次 | 计算 | 通信 | 复杂性 | 顽健性 | |
PPM[ | IPv4 | 响应 | 网络层 | 高 | 低 | 低 | 低 |
DPM[ | IPv4 | 响应 | 网络层 | 中 | 低 | 低 | 中 |
Pi[ | IPv4 | 响应 | 网络层 | 中 | 低 | 低 | 低 |
SIFF[ | IPv4/NGSI | 预防和响应 | 网络层 | 中 | 中 | 低 | 中 |
TVA[ | NGSI | 预防和响应 | 网络层和应用层 | 高 | 高 | 中 | 高 |
StopIt[ | NGSI | 检测和响应 | 网络层和应用层 | 低 | 高 | 高 | 中 |
NetFence[ | NGSI | 检测和响应 | 网络层 | 低 | 低 | 中 | 中 |
BINC[ | NGSI | 预防 | 应用层 | 低 | 低 | 中 | 低 |
本文方案 | NGSI | 预防和响应 | 网络层和应用层 | 中 | 中 | 低 | 高 |
[1] | Arbor networks . worldwide infrastructure security report[EB/OL]. , 2012 |
[2] | PENG T , LECKIE C , RAMAMOHANARAO K . Survey of network-based defense mechanisms countering the DoS and DDoS problems[J]. ACM Computing Surveys, 2007,39(1): 1-42. |
[3] | 张永铮, 肖军, 云晓春 ,等. DDoS 攻击检测和控制[J]. 软件学报, 2012,23(8): 2258-2072. ZHANG Y Z , XIAO J , YUN X C ,et al. DDoS attacks detection and control mechanisms[J]. Journal of Software, 2012,23(8): 2258-2072. |
[4] | 王进, 阳小龙, 隆克平 . 基于大偏差统计模型的Http-Flood DDoS检测机制及性能分析[J]. 软件学报, 2012,23(5): 1272-1280. WANG J , YANG X L , LONG K P . Http-flood DDoS detection scheme based on large deviation and performance analysis[J]. Journal of Software, 2012,23(5): 1272-1280. |
[5] | GOODRICH M T . Probabilistic packet marking for large-scale IP traceback[J]. IEEE/ACM Transactions on Networking, 2008,16(1): 15-24. |
[6] | BELENKY A , ANSARI N . On deterministic packet marking[J]. Computer Networks, 2007,51(10): 2677-2700. |
[7] | YAAR A , PERRIG A , SONG D . Pi:a path identification mechanism to defend against DDoS attacks[A]. Proceedings of IEEE Symposium on Security and Privacy[C]. 2003. |
[8] | YAAR A , PERRIG A , SONG D . StackPi:new packet marking and filtering mechanisms for DDoS and IP spoofing defense[J]. IEEE Journal on Selected Areas in Communications, 2006,24(10): 1853-1863. |
[9] | 金光, 张飞, 钱江波 ,等. 融合路径追溯和标识过滤的DDoS 攻击防御方案[J]. 通信学报, 2011,32(2): 61-67. JIN G , ZHANG F , QIAN J B ,et al. DDoS defense with IP traceback and path identification[J]. Journal on Communications, 2011,32(2): 61-67. |
[10] | ANDERSON T , ROSCOE T , WETHERALL D . Preventing internet denial-of-service with capabilities[J]. ACM SIGCOMM Computer Communications Review, 2004,34(1): 39-44. |
[11] | BELLOVIN S M , CLARK D , PERRIG A ,et al. A clean-slate design for the next-generation secure internet[A]. Proceedings of National Science Foundation Workshop on Next-Generation Secure Internet[C]. 2005. |
[12] | 吴建平, 吴茜, 徐恪 . 下一代互联网体系结构基础研究及探索[J]. 计算机学报, 2008,31(9): 1536-1548. WU J P , WU Q , XU K . Research and exploration of next-generation Internet architecture[J]. Chinese Journal of Computers, 2008,31(9): 1536-1548. |
[13] | 林闯, 雷蕾 . 下一代互联网体系结构研究[J]. 计算机学报, 2007,30(5): 693-711. LIN C , LEI L . Research on next generation Internet architecture[J]. Chinese Journal of Computers, 2007,30(5): 693-711. |
[14] | YAAR A , PERRIG A , SONG D . SIFF:a stateless internet f filter to mitigate DDoS flooding attacks[A]. Proceedings of IEEE Symposium on Security and Privacy[C]. 2004. |
[15] | YANG X , WETHERALL D , ANDERSON T . TVA:a DoS-limiting network architecture[J]. IEEE/ACM Transactions on Networking, 2008,16(6): 1267-1280. |
[16] | SHUE C A , KALAFUT A J , ALLMAN M ,et al. On building inexpensive network capabilities[J]. ACM SIGCOMM Computer Communication Review, 2012,42(2): 73-79. |
[17] | ARGYRAKI K , CHERITON D . Network capabilities:the good,the bad and the ugly[A]. Proceedings of ACM HotNets IV[C]. 2005. |
[18] | LIU X , YANG X , LU Y . To filter or to authorize:network-layer DoS defense against multimillion-node botnets[A]. Proceedings of ACM SIGCOMM[C]. 2008. |
[19] | LIU X , YANG X , XIA Y . NetFence:preventing Internet denial of service from inside out[A]. Proceedings ofACM SIGCOMM[C]. 2010. |
[20] | 孙红杰, 方滨兴, 张宏莉 . 基于链路特征的DDoS攻击检测方法[J]. 通信学报, 2007,28(2): 88-93. SUN H J , FANG B X , ZHANG H L . DDoS attacks detection based on link character[J]. Journal on Communications, 2007,28(2): 88-93. |
[21] | 臧天宇, 云晓春, 张永铮 ,等. 基于通信特征和D-S证据理论分析僵尸网络相似度[J]. 通信学报, 2011,32(4): 66-76. ZANG T Y , YUN X C , ZHANG Y Z ,et al. Botnet’s similarity analysis based on communication features and D-S evidence theory[J]. Journal on Communications, 2011,32(4): 66-76. |
[22] | 金光, 杨建刚, 魏蔚 ,等. 基于增强权证的无状态过滤机制[J]. 电子与信息学报, 2008,30(10): 2490-2493. JIN G , YANG J G , WEI W ,et al. Stateless filtering based on enhanced capabilities[J]. Journal of Electronics & Information Technology, 2008,30(10): 2490-2493. |
[23] | RESCORLA E . Diffie-hellman key agreement method[EB/OL]. , 1999. |
[24] | CAIDA[EB/OL]. , 2011. |
[25] | MAHAJAN R , BELLOVIN S M , FLOYD S ,et al. Controlling high bandwidth aggregates in the network[J]. ACM Computer Communication Review, 2002,32(3): 62-73. |
[26] | PARNO B , PERRIG A , WENDLANDT D ,et al. Portcullis:protecting connection setup from denial-of-capability attacks[A]. ACM SIGCOMM[C]. 2007. |
[27] | BGP routing table analysis reports[EB/OL]. , 2011. |
[1] | Shiqi ZHAO, Xiaohong HUANG, Zhigang ZHONG. Research and implementation of reputation-based inter-domain routing selection mechanism [J]. Journal on Communications, 2023, 44(6): 47-56. |
[2] | Haiyan KANG, Molan LONG. Research on network attack analysis method based on attack graph of absorbing Markov chain [J]. Journal on Communications, 2023, 44(2): 122-135. |
[3] | Hongbin ZHANG, Yan YIN, Dongmei ZHAO, Bin LIU. Network security situational awareness model based on threat intelligence [J]. Journal on Communications, 2021, 42(6): 182-194. |
[4] | Tengfei ZHANG, Shunzheng YU. Research prospects of user information detection from encrypted traffic of mobile devices [J]. Journal on Communications, 2021, 42(2): 154-167. |
[5] | Xu CHENG, Yingying WANG, Nianjie ZHANG, Zhangjie FU, Beijing CHEN, Guoying ZHAO. Multi-level loss object tracking adversarial attack method based on spatial perception [J]. Journal on Communications, 2021, 42(11): 242-254. |
[6] | Tao HUANG, Jiang LIU, Shuo WANG, Chen ZHANG, Yunjie LIU. Survey of the future network technology and trend [J]. Journal on Communications, 2021, 42(1): 130-150. |
[7] | Zhiyong LUO,Xu YANG,Jiahui LIU,Rui XU. Network intrusion intention analysis model based on Bayesian attack graph [J]. Journal on Communications, 2020, 41(9): 160-169. |
[8] | Hanxun ZHOU,Chen CHEN,Runze FENG,Junkun XIONG,Hong PAN,Wei GUO. Mobile malware traffic detection approach based on value-derivative GRU [J]. Journal on Communications, 2020, 41(1): 102-113. |
[9] | Haijun ZHAO,Chunlin HE,Bin PU,Mengtian CUI. Geographical routing and participant collaboration model based communication mechanism of WSAN [J]. Journal on Communications, 2019, 40(7): 77-86. |
[10] | JIANG Lyu,ZHANG Hengwei,WANG Jindong. Optimal strategy selection method for moving target defense based on signaling game [J]. Journal on Communications, 2019, 40(6): 128-137. |
[11] | Zhiyong LUO, Xu YANG, Guanglu SUN, Zhiqiang XIE, Jiahui LIU. Finite automaton intrusion tolerance system model based on Markov [J]. Journal on Communications, 2019, 40(10): 79-89. |
[12] | Shirui HUANG,Hengwei ZHANG,Jindong WANG,Ruiyu DOU. Network security threat warning method based on qualitative differential game [J]. Journal on Communications, 2018, 39(8): 29-36. |
[13] | Xiaodong ZANG,Jian GONG,Xiaoyan HU. Detecting malicious domain names based on AGD [J]. Journal on Communications, 2018, 39(7): 15-25. |
[14] | Le-yi SHI,Hui SUN,Yu-wen CUI,Hong-bin GUO,Jian-lan LI. Web plug-in paradigm for anti-DoS attack based on end hopping [J]. Journal on Communications, 2017, 38(Z1): 19-24. |
[15] | Tao WANG,Hong-chang CHEN,Guo-zhen CHENG. Research on software-defined network and the security defense technology [J]. Journal on Communications, 2017, 38(11): 133-160. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|