计算机应用

• 信息安全 • 上一篇    下一篇

一种基于分片包标记的改进方案

袁志勇 周肆清   

  1. 中南大学信息科学与工程学院 中南大学信息科学与工程学院
  • 收稿日期:2008-09-01 修回日期:2008-10-16 发布日期:2009-04-22 出版日期:2009-02-01
  • 通讯作者: 袁志勇

An improved scheme based on fragment marking scheme

<a href="http://www.joca.cn/EN/article/advancedSearchResult.do?searchSQL=((([Author]) AND 1[Journal]) AND year[Order])" target="_blank"></a> <a href="http://www.joca.cn/EN/article/advancedSearchResult.do?searchSQL=((([Author]) AND 1[Journal]) AND year[Order])" target="_blank"></a>   

  • Received:2008-09-01 Revised:2008-10-16 Online:2009-04-22 Published:2009-02-01

摘要: 分布式拒绝服务(DDoS)攻击已经对Internet安全构成巨大威胁。由于TCP/IP协议本身的缺陷以及Internet的无状态性,使受害者对攻击源的确定变得十分困难。在深入研究分片包标记方案的基础上,扩展了标记空间,设立了一个分组域来区分数据包来自于哪一分组的路由器。这样,在重构攻击路径时只需要少量的分片组合就可以验证一条边是否在实际的攻击路径中,从而缩短了收敛时间,并减少了误报数。

关键词: 拒绝服务攻击, 分布式拒绝服务攻击, IP追踪, 分片包标记

Abstract: Distributed denial-of-service(DDoS) attacks pose a grave threat to the security of Internet today. Since TCP/IP is a stateless protocol and it also has defect in design, it is quite difficult to determine the actual source of the attack. Based on the research of Fragment Marking Scheme, an improved scheme was presented, which extended the marking field. By adding a new group-ID field, a packet can be distinguished from different router groups. Fewer fragment combinations were required to verify if an edge was in the true attack graph; therefore, the convergence time reduces and the amount of false positive decreases.

Key words: DoS, DDoS, IP traceback, Fragment Marking Scheme (FMS)