节点文献
DDoS攻击对策及源追踪方案研究
Research on Countermeasures to Denial of Service Attack and IP Traceback Scheme
【作者】 王科军;
【导师】 杜学东;
【作者基本信息】 山东科技大学 , 计算机应用技术, 2009, 硕士
【摘要】 拒绝服务攻击是网络安全的一大威胁,在拒绝服务攻击的各种防御技术中,源追踪问题的研究一直是近年来的一个研究热点。若能够快速准确找到攻击者的位置,在适当位置部署防御措施,就能够最大限度的限制攻击者的行为,更好的维护网络的安全。因此,本文将防范拒绝服务攻击研究的重点集中在攻击源的追踪问题上。本文首先对分布式拒绝服务DDoS(Distributed Denial of Service,DDoS)攻击的攻击机制、原理做了分类论述。随后对DDoS攻击的检测和防御对策进行了剖析,客观的分析和总结了各技术的优缺点。重点对攻击源追踪技术的几种概率包标记方案进行了深入的研究,对基本概率包标记方案PPM(Probabilistic Packet Marking,PPM)和高级包标记方案AMS(Advanced Marking scheme,AMS)做了详细分析。同时对固定概率标记数据包所可能导致的问题,进行了阐述。在以上研究的基础上,提出了本文的区间概率包标记方案PPPM(Partition Probabilistic Packet Marking,PPPM),并对本文方案的性能与高级包方案进行了对比分析。本文在对概率的优化选择、防覆盖标记和防伪造标记方面研究的基础上,提出了一种区间概率包标记方案PPPM,该方案大大减少了路径重构所需的数据包数目,缩短了对分布式拒绝服务攻击DDoS的响应时间,提高了源追踪的回溯效率,限制了攻击者的伪造能力。
【Abstract】 Distributed Denial-of-Service(DDOS)attack is a big threat of network security. Among every defense countermeasures of DDoS attack, IP traceback is a hot spot pursued by researchers in recent years. If the location of the attacker can be found quickly and accurately and the defensive measures can be deployed at appropriate location, then attacker’s behaviors will be restricted to the highest extent and network security will be maintained better. Therefore, the study of DDoS attack denfense was focused on the tracking of attack source this dissertationThe mechanicals of DDoS attack were firstly classified and discussed in this paper; then the detect and defense countermeasures of DDoS attack were analysed, as well as their advantages and disadvantages. Several Probabilistic Packet Marking cases of tracing attack sources were mainly studied, and the Probabilistic Packet Marking and Advanced Marking scheme were analysed in detail. Meanwhile, the fixed probable problems resulted by probabilistic marking packet were illustrated. Based on the study mentioned above, the Partition Probabilistic Packet Marking was put forward ,and its property was compared with that of AMS.In this paper, probability optimization, defend coverage marking and defend forge marking have been studied and a new partition probability packet marking scheme has been presented based on the analysis of the PPM scheme and the AMS scheme.This new scheme greatly reduces the number of packets needed for attack path reconstruction and convergence time, improves the efficiency of IP traceback and effectively restrains the attacker’s spoofing.
【Key words】 network security; Distributed Denial-of-Service; IP traceback; Partition Probabilistic Packet Marking;