期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于端信息跳变DoS攻击防护机制中的插件策略 被引量:10

Plug-in policy for DoS attack defense mechanism based on end hopping
在线阅读 下载PDF
导出
摘要 拒绝服务(DoS)攻击严重威胁着计算机网络的安全,并造成了巨大的损失。石乐义等人提出了一种新的基于端信息跳变的网络安全防护模型,可以有效地抵御DoS攻击。在对该模型的防护机制进行深入分析后,发现其中具有潜在的端信息网络泄漏问题,可能导致端信息跳变模型形同虚设。于是,对原有模型加以改进,提出了一组插件策略,对客户端进行认证,并且隐藏了服务器的真实端信息。实验结果表明,该插件机制能够很好地防止端信息网络泄漏,并且不影响服务器的网络性能。 Denial of service(DoS) attacks have been a serious threat on the computer network security, and have caused huge loss.Shi et al.proposed a new network security model based on end hopping, which can effectively defend DoS at-tacks.By analyzing the end hopping mechanism, a serious problem in it was found, namely, the network leakage of end information, which is likely to invalidate the function of this mechanism.Therefore, a set of plug-in policies are added to the original model, which authenticate the clients and conceal the actual end information of servers.Experimental results show that the plug-in mechanism is able to avoid the network leakage of end information and imposes little influence on the capacity of servers.
作者 贾春福 林楷 鲁凯
机构地区 南开大学信息技术科学学院 国家计算机病毒应急处理中心
出处 《通信学报》 EI CSCD 北大核心 2009年第S1期114-118,共5页 Journal on Communications
基金 国家自然科学基金资助项目(60973141) 天津市自然科学基金资助项目(09JCYBJ00300)~~
关键词 端信息跳变 网络对抗 拒绝服务 插件 服务跳变 end hopping network confrontation denial of service plug-in service hopping
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献6

二级参考文献26

  • 1贾春福,钟安鸣,张炜,马勇.网络安全不完全信息动态博弈模型[J].计算机研究与发展,2006,43(z2):530-533. 被引量:11
  • 2李树军.基于协议转变的拒绝服务攻击技术的研究[J].计算机应用,2006,26(10):2323-2325. 被引量:4
  • 3Savage S, Wetherall D, and Karlin A, et al.. Practical network support for ip traceback. Proc. ACM SIGCOMM 2000. New York, 2000: 295-306.
  • 4Bellovin S. The ICMP traceback message, http://www. research.att.com, 2000.
  • 5Ferguson P and Senie D. Network ingress filtering: Defeating denial of service attacks which employs ip source address spoofing, http://www.ietf.org/rfc/rfc2267.txt, 1998.
  • 6SANS Institute. Egress filtering, http://www.sans.org/y2k /egress.htm, 2000.
  • 7Wang J and Lu L. Tolerating denial of service attacks using overlay networks: Impact of overlay network topology. Proc. 1st ACM Workshop on Survivable and Serf-Regenerative Systems, Fairfax VA, 2003: 43-52.
  • 8Lee H C J and Thing V L L. Port hopping for resilient networks. Proc. 60th IEEE Vehicular Technology Conference, Washington, 2004: 3291-3295.
  • 9Atighetchi M, Pal P, and Webber F, et al.. Adaptive use of network-centric mechanisms in cyber-defense. Proc. 6th IEEE Int'l Syrup. Object-Oriented Real-Time Distributed Computing, Hokkaido, 2003: 183-192.
  • 10Shi L, Jia C, and Lu S, et al. Port and address hopping for active cyber-defense. Pacific Asia Workshop on Intelligence and Security Informatics, Chengdu, 2007, LNCS 4430: 295-300.

共引文献51

同被引文献45

  • 1林楷,贾春福,翁臣.Distributed Timestamp Synchronization for End Hopping[J].China Communications,2011,8(4):164-169. 被引量:9
  • 2李树军.基于协议转变的拒绝服务攻击技术的研究[J].计算机应用,2006,26(10):2323-2325. 被引量:4
  • 3马祺,戴浩,赵新昱,赵鹏.运用跳端口技术进行信息隐藏[J].计算机工程与设计,2007,28(4):849-851. 被引量:20
  • 4Lee H C J, Thing V L L. Port hopping for resilient net- works [ C ] //2004 IEEE 60th Vehicular Technology Con- ference, 2004 : 3291-3295.
  • 5Badishi G, Herzberg A, Keidar I. Keeping denial-of-serv- ice attackers in the dark [ C ]//International Symposium Distributed Computing ( DISC ) , Springer-Verlag, 2005 : 18-31.
  • 6Sifalakis M, Schmid S, Hutchison D. Network address hopping: A mechanism to enhance data protection for packet communications [ C ] //2005 IEEE International Conference on Communications,2005 : 1518-1523.
  • 7Atighetchi M, Pal P, Webber F, et al. Adaptive use of network-centric mechanisms in cyber-defense [ C ]//Pro- ceedings of the 6th IEEE International Symposium onObject-oriented Real-time Distributed Computing, 2003: 183-192.
  • 8Savage S, Wetherall D, Karlin A, et al. Practical network support for ip traceback [ J ]. Proceedings of the Confer- ence on Applications, Technologies, Architectures, and Protocols for Computer Communication, 2000, 30 ( 4 ) : 295 -306.
  • 9Wang J,Lu L Y, Chien A A. Tolerating denial of service attacks using overlay networks:Impact of overlay network topology[ C]//Proceedings of the 1st ACM Workshop on Survivable and Selfregenerative Systems, Faiffax VA, 2003:43-52.
  • 10Shi L Y,Jia C F,Lv S W,et al. Port and address hopping for active cyber-defense [ C ] //Proceedings of the 2007 Pacific Asia Conference on Intelligence and Security In- formatics, Chengdu ,2007, LNCS 4430:295-300.

引证文献10

二级引证文献61

通信学报
2009年 第S1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
关于我们 | 版权声明 | 联系我们 | 帮助中心| 意见反馈
主办单位:上海市教育委员会
技术支持:重庆维普资讯有限公司
渝公网安备 50019002500403号
使用帮助 返回顶部