【摘要】 针对分布式拒绝服务攻击的特点和目前防火墙采用的包过滤技术在攻击响应时的不足,提出了一种基于数据包综合信任度的防火墙包过滤模型.该模型中,对发往受保护主机的TCP和UDP数据包进行过滤时,不仅要考虑该数据包的特性以及记录的状态,还要考虑计算的综合信任度和由此得到的信任级别,从而通过为不同级别的数据包提供不同的服务质量来减轻拒绝服务攻击.更多还原

【Abstract】 By analyzing features of DDoS attack and disadvantages of traditional firewall packet filtering schemes in attack response, this paper presented a model of firewall packet filtering based on the integrated reputation. In this model, the filtering of a TCP or UDP packet to protect hosts involved the packet′s features and state, and its integrated reputation and reputation level. Denial of service attacks through differential quality of services provided to packets of differential reputation levels was mitigated.更多还原