[1] PRINCE M.The DDoS that knocked spamhaus offline(and how we mitigated it)[EB/OL].[2018-10-15].https://blog.cloudflare.com/the-ddos-that-knocked-spamhaus-offline-and-ho/. [2] NETSCOUT's 14th annual worldwide infrastructure security report[EB/OL].[2018-10-15].https://www.netscout.com/report/. [3] DING Wei,WANG Li,SU Qi.UDP reflection attacks interception based on ACL[J].Journal of Huazhong University of Science and Technology(Nature Science Edition),2016,44(11):21-25.(in Chinese)丁伟,王力,苏琪.基于ACL的UDP反射攻击拦截[J].华中科技大学学报(自然科学版),2016,44(11):21-25. [4] THOMAS D R,CLAYTON R,BERESFORD A R.1000 days of UDP amplification DDoS attacks[C]//Proceedings of 2017 APWG Symposium on Electronic Crime Research.Washington D.C.,USA:IEEE Press,2017:79-84. [5] LI Gang.Research of scanning and DRDoS attack detection based on netflow[D].Nanjing:Southeast University,2016.(in Chinese)李刚.基于流记录的扫描和反射攻击行为主机检测[D].南京:东南大学,2016. [6] ZHANG Weiwei,GONG Jian,DING Wei.NBOS:a fine network management system based on flow technology[C]//Proceedings of the 19th Annual Conference of CERNET.Jinan:Management Committee of CERNET,2012:41-46.(in Chinese)张维维,龚俭,丁伟,等.NBOS:一个基于流技术的精细化网管系统[C]//中国教育和科研计算机网CERNET第十九届学术年会论文集.济南:中国教育和科研计算机网CERNET管理委员会,2012:41-46. [7] TAO Naiyong.The principle and protection methods of DDoS amplification attack[J].Telecommunication Network Technology,2017(10):89-93.(in Chinese)陶乃勇.DDoS放大攻击原理及防护方法[J].电信网技术,2017(10):89-93. [8] JOHNSON D,DEERING S.Reserved IPv6 subnet anycast addresses:RFC2526[S].IETF,1999:1-3. [9] JARRAYA Y,MADI T,DEBBABI M.A survey and a layered taxonomy of software-defined networking[J].Communications Surveys and Tutorials,2014,4(4):1955-1980. [10] MCKEOWN N,ANDERSON T,BALAKRISHNAN H,et al.OpenFlow:enabling innovation in campus networks[J].ACM SIGCOMM Computer Communication Review,2008,38(2):69-74. [11] LI Hefei,HUANG Xinli,ZHENG Zhengqi.Detection method of DDoS attack based on software defined network and its application[J].Computer Engineering,2016,42(2):118-123.(in Chinese)李鹤飞,黄新力,郑正奇.基于软件定义网络的DDoS攻击检测方法及其应用[J].计算机工程,2016,42(2):118-123. [12] CHEN C C,CHEN Y R,LU W C,et al.Detecting amplification attacks with software defined networking[C]//Proceedings of IEEE Conference on Dependable and Secure Computing.Washington D.C.,USA:IEEE Press,2017:7-10. [13] RIJSWIJK-DEIJ R V,SPEROTTO A,PRAS A.DNSSEC and its potential for DDoS attacks:a comprehensive measurement study[C]//Proceedings of Conference on Internet Measurement.New York,USA:ACM Press,2014:449-460. [14] US-CERT.DNS amplification attacks[EB/OL].[2018-10-15].https://www.us-cert.gov/ncas/alerts/TA13-088A. [15] MAREK M,OLAFUR G.Deprecating the DNS ANY meta-query type[EB/OL].[2018-10-15].https://blog.cloudflare.com/deprecating-dns-any-meta-query-type/. [16] FINCH T.The qmail ANY query bugs[EB/OL].[2018-10-15].https://fanf.livejournal.com/122220.html. [17] ANDREWS M.Extension Mechanisms for DNS(EDNS) EXPIRE option:RFC 7314[S].Internet Systems Consortium,2014:1-4. [18] DAGON D,ANTONAKAKIS M,VIXIE P,et al.Increased DNS forgery resistance through 0x20-bit encoding:security via leet queries[C]//Proceedings of ACM Conference on Computer and Communications Security.Alexandria,USA:[s.n.],2008:211-222. [19] BERTI-EQUILLE L,ZHAUNIAROVICH Y.Profiling DRDoS attacks with data analytics pipeline[C]//Proceedings of 2017 ACM Conference on Information and Knowledge Management.New York,USA:ACM Press,2017:1983-1986. [20] PAXSON V.An analysis of using reflectors for distributed denial-of-service attacks[J].ACM SIGCOMM Computer Communication Review,2001,31(3):38-47. |