作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2009, Vol. 35 ›› Issue (10): 115-117. doi: 10.3969/j.issn.1000-3428.2009.10.038

• 安全技术 • 上一篇    下一篇

复合包标记IP追踪算法研究

高大鹏1,於时才2,闫文芝2   

  1. (1. 兰州理工大学电子与信息工程学院,兰州 730050;2. 兰州理工大学计算机与通信学院,兰州 730050)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2009-05-20 发布日期:2009-05-20

Research on Composed Packet Marking for IP Traceback Algorithm

GAO Da-peng1, YU Shi-cai2, YAN Wen-zhi2   

  1. (1. Department of Electronic and Information Engineering, Lanzhou University of Technology, Lanzhou 730050;2. Department of Computer and Communication, Lanzhou University of Technology, Lanzhou 730050)
  • Received:1900-01-01 Revised:1900-01-01 Online:2009-05-20 Published:2009-05-20

摘要: 在压缩边分段采样算法研究改进基础上,分析攻击路径距离、路由器节点流量统计对标记概率的影响,提出一种复合包标记方法。该方法可以优化算法收敛性,降低运算复杂度和重构路径的差错率,使受害者在最短时间内推测出主要攻击路径,能够很好地应用于多个分布式拒绝服务攻击的攻击源追踪中。

关键词: 拒绝服务攻击, IP追踪, 压缩边分段采样算法

Abstract: Based on the current research on improving the Compressed Edge Fragment Sampling(CEFS) algorithm of Savage, the relations among the distance of the attacking path, the statistics on the traffic of routers, marking probability are analyzed. A new approach of composed packet marking method is proposed. In the new proposal the convergence of mathematic is optimized, computational complexity and the false positive alarm for the victim to reconstruct the attack graph is reduced, a victim can construct major attacking path in minimum time. The method can be used in tracking DDoS attacks of multi-source by establishing a simulated test environment and experiment analysis.

Key words: Denial of Service(DoS) attack, IP traceback, Compressed Edge Fragment Sampling(CEFS)

中图分类号: