中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
拒绝服务攻击对策及网络追踪的研究
作者: 李德全
答辩日期: 2004
专业: 计算机应用技术
授予单位: 中国科学院软件研究所
授予地点: 中国科学院软件研究所
学位: 博士
关键词: 追踪 ; 拒绝服务 ; 黑客 ; 攻击
其他题名: Research on Countermeasures to Denial of Service Attack and IP Traceback
摘要: 随着网络技术和网络应用的发展,网络安全问题显得越来越重要。拒绝服务攻击由于容易实施、难以防范、难以追踪等而成为最难解决的网络安全问题之一,给网络社会带来了极大的危害。同时,拒绝服务攻击也将是未来信息战的重要手段之一。因此,研究拒绝服务攻击及其对策是极为重要的。本文对拒绝服务攻击及其对策作了较深入的研究,尤其在拒绝服务攻击的追踪方面取得了一定的成果。在本文中,我们首先研究了拒绝服务攻击的攻击机制、方法及其对策,并对以包标记的方式追踪拒绝服务攻击的来源的各种方法进行了深入的研究,分析了它们各自的优缺点,并对基本包标记方案作了改进,使得其攻击路径重构时的运算量和重构的误报率在原有基础上大为降低,达到或超过了其他一些方案的水习。针对现有包标记方法采用固定标记概率,导致受害者需要很多数据包重构攻击路径以及攻击者可以伪造标记信息,干扰受害者进行追踪的缺点,我们提出了一个自适应的标记策略并给出了一个较好的标记概率。采用我们提出的自适应标记策略,既可显著减少路径重构时对数据包的需求量,从而使得受害者可以更快捷地追踪到攻击源,为受害者尽快响应攻击,减少攻击带来的损失创造了条件,又使得攻击者的伪造信息难以传送到受害者,这使得攻击者难以陷害他人、难以增大追踪的不确定性,同时,攻击者之间也难以相互掩护。我们的自适应策略既可以用来增强已有的标记方案,也可以作为新的标记方案的组成部分。针对现有方法标记正地址或相关信息导致重构攻击路径需要过多的数据包并产生过多误报的缺点,本文提出了对路由器重新编码的方案,与护地址能够全球定位相反,该方案只在网络的局部对系统进行定位,这使得以较小的数据空间标识网络中的系统(特别是路由器)成为可能。我们在此基础上提出了一个基于路由器编码的自适应包标一记方案,该方案无论在路径追踪的运算量上、在追踪的误报率上,还是在追踪所需的数据包的数量上(这与在攻击中进行追踪所需的时间紧密相关,从而直接影响到对攻击响应的快慢)等多个方面都比同类的方法优越。
英文摘要: With the development of network technology and application, network security becomes increasingly more important. Denial of service attack is among the hardest security problems to address because it is easy to launch, difficult to defend and trace. So, doing research on DoS attack and its countermeasures is not only challenging but also very important. In this paper, the mechanism, methods of and countermeasures to denial of services attacks are discussed. After that, several packet marking schemes for traceback are reviewed and some improvements to the basic packet marking scheme are given, which reduce the workload and false positive rate in the attack tree reconstruction. Knowing that in existing packet marking schemes, router marks packets with fixed probability, which results in that many packets are required in path reconstruction and that attacker could encumber path reconstruction via spoofed marking information. We developed an adaptive packet marking scheme. With our adaptive marking scheme being adopted, it takes fewer packets to reconstruct the attack path, thus the victim could respond to attack more promptly and reduce attack damage. Furthermore, with adaptive marking scheme in use, there is less room available for attackers to spoof marking information, thus, it's more difficult for them to frame legitimate users and to cover each other. The adaptive marking scheme could be used to enhance existing schemes and be used as a component of new schemes. In existing packet marking schemes, routers' IP address or their hashes are embedded into packets, which results in that too many packets are needed and too many false positives occure in path reconstruction. Several router numbering schemes are given in this paper, which, on the contrary to which IP address could be used to locate hosts worldwidely, could only spot hosts locally. The benefit is that the size of the number to represent a host could be smaller. We further developed an adaptive packet marking scheme based on one of our router numbering schemes. The marking scheme is better than others in that there is less workload, fewer false positives and fewer packets are required in path reconstruction. The last also reduces the time delay before responding to DoS attacks.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/6960
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
LW013927.pdf(2611KB)----限制开放-- 联系获取全文

Recommended Citation:
李德全. 拒绝服务攻击对策及网络追踪的研究[D]. 中国科学院软件研究所. 中国科学院软件研究所. 2004-01-01.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[李德全]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[李德全]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace