基于增强权证的无状态过滤机制

doi:10.3724/SP.J.1146.2007.00460

摘要
图/表
参考文献
相关文章 (15)

全文: PDF (245 KB)
输出: BibTeX | EndNote (RIS)

摘要该文针对拒绝服务攻击的防御技术，着重分析了新涌现的权证技术，包括基本思想、无状态过滤和通信量验证体系。探讨了权证能否引发新的攻击和对网络传输性能的影响，针对已有方案的一些技术缺陷提出了改进对策，包括：用通知保护权证请求，多级别权证，动态的权证分配。理论估算和仿真试验表明，这些方法能更好地兼顾安全性和效率性，性能明显优于原方案，提高了权证技术的可行性。

	服务

	把本文推荐给朋友
	加入我的书架
	加入引用管理器
	E-mail Alert
	RSS
	作者相关文章
	金光
	杨建刚
	魏蔚
	董亚波

关键词 ：网络安全, 拒绝服务攻击, 无状态过滤, 权证

Abstract：Major defensive mechanisms against DoS attacks in the Internet are reviewed. Especially the most recent capabilities techniques, such as basic concepts, stateless flow filtering and the Traffic Validation Architecture (TVA), are analyzed deeply. The related discussions about the shortcomings of current capabilities techniques, such as potential Denial-of-Capability (DoC) attacks, decrement of transmission efficiency, are given in detail. Some improvement methods are provided. They include protecting capabilities requests with notifications, bi-level capabilities, flexible and dynamical capabilities assignment, etc. These methods enhance the robustness and efficiency of capabilities. Theoretical evaluations and simulations show that the improvements outperform original schemes and are more practical in the Internet.

Key words： Network security DoS attacks Stateless filtering Capabilities

收稿日期: 2007-03-28

PACS:

TP393.08

基金资助:

浙江省自然科学基金(Y106023)和宁波市自然科学基金(2006A610014)资助课题

通讯作者: 金光

引用本文:

金光, 杨建刚, 魏蔚, 董亚波. 基于增强权证的无状态过滤机制[J]. 电子与信息学报, 2008, 30(10): 2490-2493 . Jin Guang, Yang Jian-Gang, Wei Wei, Dong Ya-Bo. Stateless Filtering Based on Enhanced Capabilities. , 2008, 30(10): 2490-2493 .

链接本文:

http://jeit.ie.ac.cn/CN/10.3724/SP.J.1146.2007.00460 或 http://jeit.ie.ac.cn/CN/Y2008/V30/I10/2490