一种高精度、低开销的单包溯源方法

发布时间：2018-04-12 12:11

  本文选题：网络安全 + 混合拒绝服务攻击　； 参考：《软件学报》2017年10期

【摘要】：混合拒绝服务攻击是当前互联网面临的主要威胁之一,针对它的单包溯源技术已成为网络安全领域研究的重点和热点.鉴于已有的单包溯源研究存在处理开销大、溯源精度低等问题,提出一种高精度、低开销的基于标签交换的单包溯源方法,简称S3T.该方法的基本思想是借鉴MPLS网络的交换路径生成原理,在溯源路由器上建立面向反向路由的追踪痕迹,降低溯源存储开销.然后,通过并行化建立追踪痕迹、灵活配置溯源路由器存储容量和自适应调整追踪痕迹存储时间等手段加快溯源路由器处理IP包速率,同时提高溯源精度.通过理论分析和基于大规模真实互联网拓扑的仿真实验,其结果表明,相比以往方案,S3T在溯源开销和溯源精度方面确实有了很大的改善.
[Abstract]:Hybrid denial-of-service attack is one of the main threats facing the Internet. The single-packet traceability technology for it has become the focus and hotspot in the field of network security.In view of the problems of high processing overhead and low traceability in existing single-package traceability research, a high-precision and low-overhead single-package traceability method based on label switching (S3T) is proposed.The basic idea of this method is to draw lessons from the principle of switch path generation in MPLS network and to establish tracing traces for reverse routing on traceability routers so as to reduce the traceability storage overhead.Then, the traceability can be set up by parallelization, the storage capacity of traceability router can be configured flexibly, and the storage time of traceability can be adjusted adaptively to speed up the processing of IP packet by traceability router, and at the same time, improve the traceability accuracy.Through theoretical analysis and simulation experiments based on large-scale real Internet topology, the results show that the traceability overhead and traceability accuracy of S3T are greatly improved compared with previous schemes.
【作者单位】： 东北大学信息科学与工程学院;网络与交换技术国家重点实验室(北京邮电大学);
【基金】：国家自然科学基金(61601107,61402094,61472074) 河北省自然科学基金(F2015501122) 辽宁省科研博士启动基金(F201501143)~~
【分类号】：TP393.08
，

本文编号：1739698