计算机工程 ›› 2009, Vol. 35 ›› Issue (11): 161-162,.doi: 10.3969/j.issn.1000-3428.2009.11.055

• 安全技术 • 上一篇    下一篇

基于自治域边界反馈的分布式DDoS防御方法

毕小明   

  1. (温州科技职业学院计算机系,温州 325006)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2009-06-05 发布日期:2009-06-05

Distributed DDoS Defense Method Based on Autonomous System Edge Feedback

BI Xiao-ming   

  1. (Department of Computer, Wenzhou Vocational College of Science and Technology, Wenzhou 325006)
  • Received:1900-01-01 Revised:1900-01-01 Online:2009-06-05 Published:2009-06-05

摘要: 给出一种基于自治域边界反馈的DDoS防御方法,实现在自治域边界接近攻击源端阻挡入侵流量。在攻击时,通过在被攻击端测量攻击流量并向边界路由器提供反馈,使得自治域边界处能有效地过滤恶意流量。实验表明,该方法可有效保证合法流量的存活率,保护被攻击机不被DDoS攻击干扰。

关键词: 分布式拒绝服务, 自治域, 边界路由器, 防御

Abstract: This paper proposes a Distributed Denial of Service(DDoS) defense method based on Autonomous System(AS) edge feedback. It can thwart attack traffic in boundary of AS, which is close to attacking sources. In attack, the victim measures its ingress traffic rate and sends feedback to the edge routers. As a result, malicious traffic is effectively filtered in AS boundary. The experiments show that the method can effectively guarantee the survival rate of legitimate flows and protect victim from DDoS.

Key words: Distributed Denial of Service(DDoS), Autonomous System(AS), edge router, defense

中图分类号: