TCP DDoS攻击流的源端网络可检测性分析

J4 ›› 2012, Vol. 47 ›› Issue (11): 50-53.

TCP DDoS攻击流的源端网络可检测性分析

于明,王东菊

大连理工大学信息与通信工程学院, 辽宁大连116024

收稿日期:2012-07-03 出版日期:2012-11-20 发布日期:2012-11-26
作者简介:于明(1975- ),男,讲师,博士,现从事网络安全与信息安全研究. Email: yu-ming1111@dlut.edu.cn
基金资助:
辽宁省博士科研启动基金资助项目(20111022)

Detectability of TCP-based DDoS attacks at their sourceend networks

YU Ming, WANG Dong-ju

School of Information and Communication Engineering, Dalian University of Technology, Dalian 116024, Liaoning, China

Received:2012-07-03 Online:2012-11-20 Published:2012-11-26

摘要/Abstract

摘要：

基于源端网络的DDoS防御是一种检测和阻断DDoS攻击源的主动防御策略。以TCP报文的收发比为衡量指标,通过模拟仿真对比研究了匀速发送和组群式发送下DDoS攻击流在其源端网络中的可检测性。基于NS2的模拟检测结果表明：(1)匀速发送下DDoS攻击流无法兼顾强破坏性和弱可检测性,降低攻击源发送速率并非是增强匀速攻击流隐蔽性的一种理想选择;(2) 组群式发送下,DDoS攻击流可以在保持攻击破坏性的同时,通过灵活的组群配置来降低攻击流的可检测性,其中,增加攻击组数目并同时增加攻击源总数是增强攻击流隐蔽性的一种较为有效的方式。

关键词: DDoS; 源端网络防御; 攻击流发送方式; 攻击流检测

Abstract:

Defense of DDoS attacks at their sourceend networks is a kind of proactive defense to detect and block DDoS traffic. A comparative study was made on the detectability of constant rate DDoS attacks and grouped DDoS attacks based on the discrepancy in the number of packets sent to and received from a specific destination. Simulation results show that (1) there is a tradeoff between detectability of constant rate attacks and their destruction, and decreasing attack rate is not an ideal solution to enhance concealment of the attacks; (2) detectability of grouped attacks can be reduced by flexible group configurations with no loss of the attack destruction, among which increasing attack groups and attack sources is an effective solution.

Key words: DDoS; source-end defense; traffic sending mode; attack detection

于明,王东菊. TCP DDoS攻击流的源端网络可检测性分析[J]. J4, 2012, 47(11): 50-53.

YU Ming, WANG Dong-ju. Detectability of TCP-based DDoS attacks at their sourceend networks[J]. J4, 2012, 47(11): 50-53.

参考文献

多维度评价

Viewed

Full text

Abstract

Cited

Shared

Discussed