本文選題：網(wǎng)絡安全 + 混合拒絕服務攻擊　； 參考：《軟件學報》2017年10期

【摘要】：混合拒絕服務攻擊是當前互聯(lián)網(wǎng)面臨的主要威脅之一,針對它的單包溯源技術已成為網(wǎng)絡安全領域研究的重點和熱點.鑒于已有的單包溯源研究存在處理開銷大、溯源精度低等問題,提出一種高精度、低開銷的基于標簽交換的單包溯源方法,簡稱S3T.該方法的基本思想是借鑒MPLS網(wǎng)絡的交換路徑生成原理,在溯源路由器上建立面向反向路由的追蹤痕跡,降低溯源存儲開銷.然后,通過并行化建立追蹤痕跡、靈活配置溯源路由器存儲容量和自適應調整追蹤痕跡存儲時間等手段加快溯源路由器處理IP包速率,同時提高溯源精度.通過理論分析和基于大規(guī)模真實互聯(lián)網(wǎng)拓撲的仿真實驗,其結果表明,相比以往方案,S3T在溯源開銷和溯源精度方面確實有了很大的改善.
[Abstract]:Hybrid denial-of-service attack is one of the main threats facing the Internet. The single-packet traceability technology for it has become the focus and hotspot in the field of network security.In view of the problems of high processing overhead and low traceability in existing single-package traceability research, a high-precision and low-overhead single-package traceability method based on label switching (S3T) is proposed.The basic idea of this method is to draw lessons from the principle of switch path generation in MPLS network and to establish tracing traces for reverse routing on traceability routers so as to reduce the traceability storage overhead.Then, the traceability can be set up by parallelization, the storage capacity of traceability router can be configured flexibly, and the storage time of traceability can be adjusted adaptively to speed up the processing of IP packet by traceability router, and at the same time, improve the traceability accuracy.Through theoretical analysis and simulation experiments based on large-scale real Internet topology, the results show that the traceability overhead and traceability accuracy of S3T are greatly improved compared with previous schemes.
【作者單位】： 東北大學信息科學與工程學院;網(wǎng)絡與交換技術國家重點實驗室(北京郵電大學);
【基金】：國家自然科學基金(61601107,61402094,61472074) 河北省自然科學基金(F2015501122) 遼寧省科研博士啟動基金(F201501143)~~
【分類號】：TP393.08
，

本文編號：1739698