节点文献

Packet track and traceback mechanism against denial of service attacks

  • 推荐 CAJ下载
  • PDF下载
  • 不支持迅雷等下载工具,请取消加速工具后下载。

【Author】 LI Li, SHEN Su-bin Institute of Information Network Technology, Nanjing University of Posts and Telecommunications, Nanjing 210003, China

【摘要】 The denial of service attack is a main type of threat on the Internet today. On the basis of path identification (Pi) and Internet control message protocol (ICMP) traceback (iTrace) methods, a packet track and traceback mechanism is proposed, which features rapid response and high accuracy. In this scheme, routers apply packet marking scheme and send traceback messages, which enables the victim to design the path tree in peace time. During attack times the victim can trace attackers back within the path tree and perform rapid packet filtering using the marking in each packet. Traceback messages overcome Pi’s limitation, wherein too much path information is lost in path identifiers; whereas path identifiers can be used to expedite the design of the path-tree, which reduces the high overhead in iTrace. Therefore, our scheme not only synthesizes the advantages but also compromises the disadvantages of the above two methods. Simulation results with NS-2 show the validity of our scheme.

【Abstract】 The denial of service attack is a main type of threat on the Internet today. On the basis of path identification (Pi) and Internet control message protocol (ICMP) traceback (iTrace) methods, a packet track and traceback mechanism is proposed, which features rapid response and high accuracy. In this scheme, routers apply packet marking scheme and send traceback messages, which enables the victim to design the path tree in peace time. During attack times the victim can trace attackers back within the path tree and perform rapid packet filtering using the marking in each packet. Traceback messages overcome Pi’s limitation, wherein too much path information is lost in path identifiers; whereas path identifiers can be used to expedite the design of the path-tree, which reduces the high overhead in iTrace. Therefore, our scheme not only synthesizes the advantages but also compromises the disadvantages of the above two methods. Simulation results with NS-2 show the validity of our scheme.

【关键词】 denial of service (DoS) attacktracebackpacket markingPi
【Key words】 denial of service (DoS) attacktracebackpacket markingPi
【基金】 the National Natural Science Foundation of China (60273091);Blue Project in Nanjing University of Posts and Telecommunications (NY207118)
  • 【文献出处】 The Journal of China Universities of Posts and Telecommunications ,中国邮电高校学报(英文版) , 编辑部邮箱 ,2008年03期
  • 【分类号】TP393.08
  • 【被引频次】2
  • 【下载频次】28
知网节下载
节点文献中: 

本文链接的文献网络图示:

本文的引文网络
二级参考文献(0)
参考文献(0)
共引文献(0)
节点文献
同被引文献(0)
引证文献(0)
二级引证文献(0)