| 摘要(英) |
Many attacks on the internet reveal much vulnerability in recent years; causing the largest damage among them we called DDoS. For much existent defense strategies, the DDoS is hard to prevent. With the popularity of the internet, it is more and more easily to find vulnerable server; some intent attacker will use these weakness to attack the particular server that the service can’t be available to the legitimate user .
Due to DDoS has characteristic of congestion and continuity, so that the packet can’t be forwarded normally because of router-overloading. Most defense mechanism can’t communicate through the congested network; it is unnecessary to say that if attacks occur, other protection mechanism will work.
In view of this, this paper proposed the overload protection mechanism under DDoS that it can bypass the attacking packet quickly and precisely also defend large source and decrease loading of router when attacks occur in order to transmit packet fluently for other legitimate user. Moreover, it can work with other defense mechanism to enhance the performance of protection mechanism.
We use the physical topology to simulate the performance of our protection mechanism under DDoS attack. The result of our experiment evidenced that overload protection mechanism is practical and decreases the influence effectively. |
| 參考文獻 |
[1] http://www.cert.org/
[2] http://www.sans.org/
[3] http://www.insecure.org
[4] http://www.securityfocus.com/
[5] Microsoft Security Home Page http://www.microsoft.com/security/default.mspx
[6] DDoS attack tool timeline http://staff.washington.edu/dittrich/talks/sec2000/timeline.html
[7] Tfn attack tool analysis
http://staff.washington.edu/dittrich/misc/tfn.analysis.txt
[8] stacheldraht attack tool analysis
http://staff.washington.edu/dittrich/misc/stacheldraht.analysis.txt
[9] TFN2k attack tool analysis http://packetstormsecurity.com/distributed/TFN2k_Analysis-1.3.txt
[10] shaft attack tool analysis
http://home.adelphi.edu/~spock/shaft_analysis.txt
[11] Jelena Mirkovic, Janice Martin and Peter Reiher “A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms” Computer Science Department University of California, Los Angeles
[12] Alefiya Hussain John Heidemann Christos Papadopoulos “A Framework for Classifying Denial of Service Attacks”
[13] Ratul Mahajan,Steven M. Bellovin,Sally Floyd,John Ioannidis, Vern Paxson, and Scott Shenker “Aggregate-Base Congestion Control” ICSI Center for Intenet Research(ICIR) AT&T Labs Research
[14] John Ioannidis, Steven M.Bellovin “Implementing Pushback: Router-Based Defense Against DDoS Attack” AT&T Labs Research
[15] Peter Reiher, Gregory Prier, Scott Michael, and Jun Li D-WARD: DDoS Network Attack Recognition and Defense home page “http://www.lasr.cs.ucla.edu/ddos/”
[16] J. Mirkovic, G. Prier and P. Reiher, “Attacking DDoS at the Source”, Proceedings of ICNP 2002, pp. 312-321, Paris, France, November 2002.
[17] Ju Wang Linyuan Lu Andrew A. Chien “Tolerating Denial of Service Attacks Using Overlay Networks Impact of Topology” Department of Computer Science and Engineering University of California, San Diego
[18] Ju Wang and Andrew A.Chien “An Analysis of Using Overlay Networks to Resist Distributed Denial-of-Service Attacks” Department of Computer Science and Engineering University of California,San Diego
[19] Angelos D. Keromytis Vishal Misra Dan Rubenstein “SOS:Secure Overlay Services” Department of Computer Science Department of Electrical Engineering Columbia University
[20] Hun-Jeong Kang, Seung-Hwa Chung, Seong-Cheol Hong, Myung-Sup Kim and James W. Hong “Towards Flow-based Abnormal Network Traffic Detection” DP&NM Lab.
[21] Alex C. Snoeren, Craig Partridge, Luis A. Sanchez, Christine E. Jones ,Fabrice Tchakountio “Hash-Based IP Traceback”
[22] Bao-Tung Wang, Henning Schulzrinne “An IP Traceback Mechanism for Reflective DoS Attacks” Department of Computer Science, Columbia University
[23] Rocky K.C.Chang “Defending against Flooding-Based Distributed Denial-of-Service Attacks:A Tutorial The Hong Kong Polytechnic University
[24] Udaya Kiran Tupakula,Vijay Varadharajan “A Practical Method to Couteract Denial of Service Attacks” Information and Networked System Security Research Division of Information and Communication Sciences Macquarie University Sydney,Australia
[25] William G.Morein, Angelos Stavrou, Debra L.Cook,etc... ”Using Graphic Turing Tests To Counter Automated DDoS Attacks Against Web Servers” Department of Computer Science ,Department of Electical Engineering Columbia University in the City of New York |
[Endnote RIS 格式]
[相關文章]
[文章引用]
[完整記錄]
[館藏目錄]
[檢視]
plurk
funp
live
udn
HD
myshare
netvibes
friend
youpush
delicious
baidu
Google bookmarks
del.icio.us
hemidemi
facebook
twitter
google
reddit