北京航空航天大学学报 ›› 2004, Vol. 30 ›› Issue (11): 1033-1037.

• 论文 • 上一篇    下一篇

防御和控制DOS/DDOS攻击新方法的研究

房至一1, 张美文1, 魏华1, 王巍2   

  1. 1. 吉林大学 计算机科学与技术学院 长春 130012;
    2. 锦州市红十字中心血站, 锦州 120000
  • 收稿日期:2004-06-25 出版日期:2004-11-30 发布日期:2010-09-24
  • 作者简介:房至一 (1957-),男,吉林长春人,教授, zyfang@public.cc.jl.cn.

Study of new measure to recover and control DOS/DDOS atta ck

Fang Zhiyi1, Zhang Meiwen1, Wei Hua1, Wang Wei2   

  1. 1. Department of Computer, Jilin University, Chang Chun 130012, China;
    2. The Center of Blood Station, Jin Zhou 120000, China
  • Received:2004-06-25 Online:2004-11-30 Published:2010-09-24

摘要: DOS(Denial\|of\|Service)/DDOS(Distributed Denial\|of\|Service)网络攻击不但给被攻 击目标带来麻烦,而且还严重干扰与被攻击目标共享网络的其它流量.利用主动网络将一些计算功能增加到每个中间节点(路由节点、交换机等),提出一个防御和控制DOS/DDOS攻击的机制体系,这个机制体系主要包括以下3个机制 :基于集群的自动鉴别和控制机制、基于集群的主动通告追踪机制和基于管理域的控制合作 机制.基于集群的自动鉴别和控制机制包括对DOS/DDOS网络攻击集群的鉴别策略及控制它们 的速率限制策略.基于集群的主动通告追踪机制则是把这些攻击集群特征通告给上游主动节 点并使之激活当地的速率限制策略.利用该系统,在试验中能够有效地预防和控制DOS/DDOS 攻击.

Abstract: DOS(denial\|of\|service)/DDOS(distributed denial\|of\|service) network attack no t only causes harm to attacked target, but also disturbs other flows that share the same network with attacked target. By adding computing into every bosom node (route, switch), a mechanism system to recover and control DOS/DDOS attack which based on active network was advanced. The mechanism system was composed of three mechanisms: cluster-based automatic identification and control mechanism, cluster-based active notify trace mechanism and administration domain based control cooperation mechanism. Cluster-based automatic identification and control mechanism included identification policy of attack cluster and rate-limit policy of controlling them. Cluster-based active notify trace mechanism will notify the characteristic of attack cluster to upstream active node and activate local rate-limit policy. Effective recovery and the control o f DOS/DDOS attack can be realized by using this system at lab.

中图分类号: 


版权所有 © 《北京航空航天大学学报》编辑部
通讯地址:北京市海淀区学院路37号 北京航空航天大学学报编辑部 邮编:100191 E-mail:jbuaa@buaa.edu.cn
本系统由北京玛格泰克科技发展有限公司设计开发