IP网络中基于数据包标记的溯源方法研究
|
摘要
拒绝服务攻击(包括DDoS、DRDoS、DRDoS攻击)是目前互联网面临的主要威胁。由于互联网在社会经济生活中的重要地位,因而防御拒绝服务攻击具有重要的社会意义和经济意义。近年来,研究者们设计并实现了多种类型的防御技术方案。在这些方案中,IP溯源技术占据着重要位置:因为对攻击数据包的所走路径以及来源进行追踪,不仅有利于指导受害者部署防御措施,也有利于对攻击者进行制裁,使潜在攻击者不敢轻易尝试实施攻击,从而有力地维护网络安全。
围绕拒绝服务攻击的溯源问题,本文首先探讨了拒绝服务攻击的对策,明晰溯源措施在防御体系中所处位置,然后定义了攻击源追踪的研究范围,并对各种溯源方法进行深入研究,分析了它们各自的优缺点。其中,本文重点介绍了基于数据包标记的溯源方法,并提出一些评估数据包标记法的性能指标。接着,本文分别针对(D)DoS攻击、DRDoS攻击研究对应的溯源方法,这些方法在溯源速度、准确度、可用性方面均达到或超过了其他一些方案的水平。本文的主要工作和贡献可归纳为以下几个方面:
(1)提出基于路径信息弹性分片的(D)DoS攻击跨域溯源方法。针对现有跨域溯源方法实用性差、对受害者要求高、重构路径速度慢的缺点,本文提出基于BGP协议的AS-PATH属性所提供的路径信息,对数据包所经过的AS对应编号进行弹性分片,降低重构攻击路径时所需要的数据包数量。同时,本文巧妙地利用数据包标记空间中尚未被使用的空间存储认证信息,使得所提出的溯源方法可识别伪造的标记信息,提高了溯源的准确度。理论分析和实验结果证明,本文所提方法对网络性能影响较小,重构攻击路径时的误报数与已有方法相差不大,而且还具有以下优势:不需要受害者掌握网络拓扑结构;路径重构过程简单;可抵御伪造的标记信息。
(2)提出基于动态标记概率的(D)DoS攻击域内快速溯源方法。在此方法中,把溯源过程分为“构造网络拓扑”和“识别入侵路径”两个阶段。由于每个阶段完成的任务不同,因而本方法令两个阶段分别采用不同的标记方案。针对采用固定标记概率导致溯源速度慢、攻击者可伪造标记信息干扰溯源的缺点,本方法在溯源过程的两阶段中均采用了最优标记概率,令路由器动态地调整数据包标记概率。为了避免泄露域内拓扑,本方法对于从域内发往域外的数据包,令边界路由器保存这些数据包的标记信息,然后清空数据包标记空间中所携带的域内信息;同时为降低存储标记信息所需要的空间,本方法提出让边界路由器基于“流”保存标记信息。实验结果表明,与已有方法相比,本方法不仅收敛时间短、误报数和漏报数小,而且没有给网络添加更多的负担。
(3)提出基于数据包标记和路由器日志记录的DRDoS攻击溯源方法。针对现有方法实用性差、溯源精度低的缺点,本文融合数据包标记和路由器摘要存储的优点,提出令请求包经过的第一个路由器对该请求包进行标记,而请求包经过的最后一个路由器保存请求包中的标记信息,从而避免了标记信息丢失,使跨过反射机追踪攻击源成为可能。理论分析和实验结果表明,本方法所需存储空间较小,具有较高的实用性,而且相比其他方法,本方法在收敛数目、收敛时间、增量部署、误报数、对网络性能影响方面均有明显优势。
At present, denial of service attacks (including DoS, DDoS, DRDoS attack) are the main threat to the Internet. Because the Internet plays a vitally important role in the social and economic life, defense against denial of service attacks has important social meaning and economic significance.
In recent years, researchers have designed and implemented various types of defence technology strategy. In these proposed strategies, the IP traceback technology occupies a crucial position:tracing the paths and sources of attack packets is not only advantageous to guide the victims to deploy defence equipments, but also conducive to punish the true attacker, which makes the potential aggressor will not dare easily to implement attacks, thus effectively maintaining the network security.
Around the problem of tracing denial of service attacks, this dissertation first studies the countermeasures to the attacks and clears the position of traceback measures in defensive system, then presents the research range of IP traceback, conducts deep study on different types of IP traceback methods and analyzes the methods'advantages and disadvantages. This dissertation especially introduces the IP traceback methods that are based on packet marking and proposes some performance index for assessing the packet marking schemes. After that, this dissertation studies the packet marking based traceback methods for (D)DoS and DRDoS attack respectively. The methods proposed in this paper achieve or exceed the level of other similar traceback schemes in traceback speed, accuracy, usability and so on. The main work and contributions are as follows:
(1) Propose a cross-AS traceback method based on flexible fragmentation of path information for tracing (D)DoS attack. In view of the existing cross-AS traceback methods' bad usability, high ability requirements to victim and low traceback speed, based on the routing information provided by BGP AS-PATH attribute, we propose to fragment the corresponding number of ASs that a packet passes through in a flexible way, so as to reduce the number of packets needed for reconstructing attack path. Meanwhile, we fill the authentication information in the idle room that has not been used by mark information, which makes the proposed method be able to identify forging mark information, thus improving the traceback accuracy. The theoretical analysis and simulation results demonstrate that our method:impact on network performance is small; performance on false positive number is not inferior to existing method. And our method has the following advantages:simple in path reconstruction; low ability requirements to victim; be able to resist forging mark information.
(2) Propose a fast intra-domain IP traceback method based on dynamic probabilistic marking for tracing (D)DoS attack. In this method, we divide the traceback process into two stages:"constructing network map" and "identifying intrusion paths". Because the tasks of these two stages are distinct, we make them use different marking methods respectively. Aiming at the problems, such as low traceback speed, attacker could forge mark information to disturb traceback, that caused by marking packets with fixed probability, we adopt optimal marking probability in the two stages, which makes the routers adjust their packet marking probability dynamically. In order to avoid disclosing the intra-domain topology, when a packet is leaving an AS domain, we let the border gateway preserve the mark information of that packet and empty the packet's marking space which may carry the information of intra-domain topology. Meanwhile, to reducing the storage space needed for saving mark information, we let the border gateways save the information based on the "flow" strategy. The experimental results show that compared with existing method, our method not only possesses shorter convergence time, smaller false positive number and negative number, but also has not added more burden to the network.
(3) Propose a traceback method for tracing DRDoS attack based on packet marking and router logging. In view of the existing methods'bad practicality, low traceback precision, we integrate the advantages of packet marking and hash-based router logging and propose a traceback method named ADPM. In ADPM, we let the first router that a request packet qw passes through marks qw and the last router qw passes through saves qw's characteristics and mark information, thus avoiding losing the mark information and make the victim can locate the attack source that hides behind the reflector. The analysis and simulation results show that ADPM requires small memory to saving the mark information and has high availability. And compared with other method, ADPM has obvious superiority in convergence number, convergence time, incremental deployment, false positive number and impact on network performance.
围绕拒绝服务攻击的溯源问题,本文首先探讨了拒绝服务攻击的对策,明晰溯源措施在防御体系中所处位置,然后定义了攻击源追踪的研究范围,并对各种溯源方法进行深入研究,分析了它们各自的优缺点。其中,本文重点介绍了基于数据包标记的溯源方法,并提出一些评估数据包标记法的性能指标。接着,本文分别针对(D)DoS攻击、DRDoS攻击研究对应的溯源方法,这些方法在溯源速度、准确度、可用性方面均达到或超过了其他一些方案的水平。本文的主要工作和贡献可归纳为以下几个方面:
(1)提出基于路径信息弹性分片的(D)DoS攻击跨域溯源方法。针对现有跨域溯源方法实用性差、对受害者要求高、重构路径速度慢的缺点,本文提出基于BGP协议的AS-PATH属性所提供的路径信息,对数据包所经过的AS对应编号进行弹性分片,降低重构攻击路径时所需要的数据包数量。同时,本文巧妙地利用数据包标记空间中尚未被使用的空间存储认证信息,使得所提出的溯源方法可识别伪造的标记信息,提高了溯源的准确度。理论分析和实验结果证明,本文所提方法对网络性能影响较小,重构攻击路径时的误报数与已有方法相差不大,而且还具有以下优势:不需要受害者掌握网络拓扑结构;路径重构过程简单;可抵御伪造的标记信息。
(2)提出基于动态标记概率的(D)DoS攻击域内快速溯源方法。在此方法中,把溯源过程分为“构造网络拓扑”和“识别入侵路径”两个阶段。由于每个阶段完成的任务不同,因而本方法令两个阶段分别采用不同的标记方案。针对采用固定标记概率导致溯源速度慢、攻击者可伪造标记信息干扰溯源的缺点,本方法在溯源过程的两阶段中均采用了最优标记概率,令路由器动态地调整数据包标记概率。为了避免泄露域内拓扑,本方法对于从域内发往域外的数据包,令边界路由器保存这些数据包的标记信息,然后清空数据包标记空间中所携带的域内信息;同时为降低存储标记信息所需要的空间,本方法提出让边界路由器基于“流”保存标记信息。实验结果表明,与已有方法相比,本方法不仅收敛时间短、误报数和漏报数小,而且没有给网络添加更多的负担。
(3)提出基于数据包标记和路由器日志记录的DRDoS攻击溯源方法。针对现有方法实用性差、溯源精度低的缺点,本文融合数据包标记和路由器摘要存储的优点,提出令请求包经过的第一个路由器对该请求包进行标记,而请求包经过的最后一个路由器保存请求包中的标记信息,从而避免了标记信息丢失,使跨过反射机追踪攻击源成为可能。理论分析和实验结果表明,本方法所需存储空间较小,具有较高的实用性,而且相比其他方法,本方法在收敛数目、收敛时间、增量部署、误报数、对网络性能影响方面均有明显优势。
At present, denial of service attacks (including DoS, DDoS, DRDoS attack) are the main threat to the Internet. Because the Internet plays a vitally important role in the social and economic life, defense against denial of service attacks has important social meaning and economic significance.
In recent years, researchers have designed and implemented various types of defence technology strategy. In these proposed strategies, the IP traceback technology occupies a crucial position:tracing the paths and sources of attack packets is not only advantageous to guide the victims to deploy defence equipments, but also conducive to punish the true attacker, which makes the potential aggressor will not dare easily to implement attacks, thus effectively maintaining the network security.
Around the problem of tracing denial of service attacks, this dissertation first studies the countermeasures to the attacks and clears the position of traceback measures in defensive system, then presents the research range of IP traceback, conducts deep study on different types of IP traceback methods and analyzes the methods'advantages and disadvantages. This dissertation especially introduces the IP traceback methods that are based on packet marking and proposes some performance index for assessing the packet marking schemes. After that, this dissertation studies the packet marking based traceback methods for (D)DoS and DRDoS attack respectively. The methods proposed in this paper achieve or exceed the level of other similar traceback schemes in traceback speed, accuracy, usability and so on. The main work and contributions are as follows:
(1) Propose a cross-AS traceback method based on flexible fragmentation of path information for tracing (D)DoS attack. In view of the existing cross-AS traceback methods' bad usability, high ability requirements to victim and low traceback speed, based on the routing information provided by BGP AS-PATH attribute, we propose to fragment the corresponding number of ASs that a packet passes through in a flexible way, so as to reduce the number of packets needed for reconstructing attack path. Meanwhile, we fill the authentication information in the idle room that has not been used by mark information, which makes the proposed method be able to identify forging mark information, thus improving the traceback accuracy. The theoretical analysis and simulation results demonstrate that our method:impact on network performance is small; performance on false positive number is not inferior to existing method. And our method has the following advantages:simple in path reconstruction; low ability requirements to victim; be able to resist forging mark information.
(2) Propose a fast intra-domain IP traceback method based on dynamic probabilistic marking for tracing (D)DoS attack. In this method, we divide the traceback process into two stages:"constructing network map" and "identifying intrusion paths". Because the tasks of these two stages are distinct, we make them use different marking methods respectively. Aiming at the problems, such as low traceback speed, attacker could forge mark information to disturb traceback, that caused by marking packets with fixed probability, we adopt optimal marking probability in the two stages, which makes the routers adjust their packet marking probability dynamically. In order to avoid disclosing the intra-domain topology, when a packet is leaving an AS domain, we let the border gateway preserve the mark information of that packet and empty the packet's marking space which may carry the information of intra-domain topology. Meanwhile, to reducing the storage space needed for saving mark information, we let the border gateways save the information based on the "flow" strategy. The experimental results show that compared with existing method, our method not only possesses shorter convergence time, smaller false positive number and negative number, but also has not added more burden to the network.
(3) Propose a traceback method for tracing DRDoS attack based on packet marking and router logging. In view of the existing methods'bad practicality, low traceback precision, we integrate the advantages of packet marking and hash-based router logging and propose a traceback method named ADPM. In ADPM, we let the first router that a request packet qw passes through marks qw and the last router qw passes through saves qw's characteristics and mark information, thus avoiding losing the mark information and make the victim can locate the attack source that hides behind the reflector. The analysis and simulation results show that ADPM requires small memory to saving the mark information and has high availability. And compared with other method, ADPM has obvious superiority in convergence number, convergence time, incremental deployment, false positive number and impact on network performance.
引文
[1]张宏科,张思东,苏伟,路由器原理与技术北京:国防工业出版社,2005.
[2]荆一楠,”分布式拒绝服务攻击中攻击源追踪的研究,”[博士学位论文],信息科学与工程学院,复旦大学,上海,2006.
[3]黄昌来,”基于自治系统的DDoS攻击追踪研究,”[博士学位论文],计算机科学技术学院,复旦大学,上海,2009.
[4]Kihong Park and Heejo Lee, "On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law Internets," in ACM SIGCOMM 2001-Applications, Technologies, Architectures, and Protocols for Computers Communications-, August 27,2001-August 31,2001, San Diego, CA, United states, 2001, pp.15-26.
[5]Jun Li, Jelena Mirkovic, Mengqiu Wang et al., "SAVE:Source address validity enforcement protocol," in IEEE INFOCOM 2002, June 23,2002-June 27,2002, New York, NY, United states,2002, pp.1557-1566.
[6]P. Ferguson and D. Senie, "RFC2267:Network Ingress Filtering:Defeating Denial of Service Attacks which employ IP Source Address Spoofing," RFC Editor United States, 1998.
[7]J. Mirkovic, G Prier, and P. Reiher, "Attacking DDoS at the source," in Proceedings of 10th IEEE International Conference on Network Protocols,2002, pp.312-321.
[8]P.G. Neumann and D.B. Parker, "A summary of computer misuse techniques," 1989, pp.396-407.
[9]Stefan Savage, David Wetherall, Anna Karlin, et al., "Practical network support for IP traceback," Computer Communication Review, vol.30(4),2000, pp.295-306.
[10]H. Hazeyama, M. Oe, and Y. Kadobayashi, "A layer-2 extension to hash-based IP traceback," IEICE Transactions on Information and Systems, vol. E86D(11), Nov 2003, pp.2325-2333.
[11]Michael Snow and Jung-Min Park, "Link-layer traceback in Ethernet networks," in LANMAN 2007-200715th IEEE Workshop on Local and Metropolitan Area Networks, June 10,2007-June 13,2007, Princeton, NJ, United states,2007, pp.182-187.
[12]Hassan Aljifri, "IP traceback:A new denial-of-service deterrent?," IEEE Security and Privacy, vol.1(3),2003, pp.24-31.
[13]金光,”基于数据包标记的拒绝服务攻击防御技术研究,”[博士学位论文],计算机科学与技术学院,浙江大学,杭州,2008.
[14]H. Y. Chang, R. Narayan, S. F. Wu, et al., "DECIDUOUS:decentralized source identification for network-based intrusions," in Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Network Management,1999, pp.701-714.
[15]Robert Stone, "Centertrack:an IP overlay network for tracking DoS floods," in Proceedings of the 9th conference on USENIX Security Symposium, Berkeley,2000, pp. 199-212.
[16]H. Burch and B. Cheswick, "Tracing anonymous packets to their approximate source," in Proceedings of the 14th USENIX conference on System administration, Berkeley,2000, pp.319-328.
[17]Hyung Woo Kang, Soon Jwa Hong, and Dong Hoon Lee, "Matching connection pairs," in 5th International Conference, PDCAT 2004, December 8,2004-December 10, 2004, Singapore,2004, pp.642-649.
[18]B. H. Bloom, "SPACE/TIME TRADE-OFFS IN HASH CODING WITH ALLOWABLE ERRORS," Communications of the ACM, vol.13(Compendex),1970, pp.422-426.
[19]A. C. Snoeren, C. Partridge, L. A. Sanchez, et al., "Single-packet IP traceback," in ACM SIGCOMM 2001 Conference, San Diego, California,2001, pp.721-734.
[20]Egon Hilgenstieler, Elias P. Duarte Jr, Glenn Mansfield-Keeni, et al., "Extensions to the source path isolation engine for precise and efficient log-based IP traceback," Computers & Security, vol.29(Compendex),2010, pp.383-392.
[21]Luo Wen, Wu Jianping, and Xu Ke, "Overlay Logging:An IP traceback scheme in MPLS network," in Networking-ICN 2005, April 17,2005-April 21,2005, Reunion Island, France,2005, pp.75-82.
[22]Steven M. Bellovin and Marcus D. Leech.2000, ICMP traceback messages. Available:http://tools.ietf.org/html/draft-ietf-itrace-00.
[23]V. Kuznetsov, H. Sandstrom, and A. Simkin, "An evaluation of different IP traceback approaches," in 4th International Conference on Information and Communications Security (ICICS 2002), Singapore, Singapore,2002, pp.37-48.
[24]Steve Bellovin, Marcus Leech, and Tom Taylor.2003, ICMP traceback messages. Available:http://tools.ietf.org/html/draft-ietf-itrace-04.
[25]H. W. Lee, S. H. Yun, T. Kwon, et al., "Reflector attack traceback system with pushback based iTrace mechanism," in 6th International Conference on Information and Communications Security, Malaga, SPAIN,2004, pp.236-248.
[26]H. W. Lee, T. Kwon, and H. J. Kim, "NS-2 based IP traceback simulation against reflector based DDoS attack," in 13th International Conference on Artificial Intelligence, Simulation and Planning in High Autonomy Systems (AIS 2004), Cheju Isl, SOUTH KOREA,2004, pp.90-99.
[27]TW Doeppner, PN Klein, and A Koyfman, "Using router stamping to identify the source of IP packets," in Proceedings of the Seventh ACM Conference on Computer and Communications Security Athens,2000, pp.184-189.
[28]Stefan Savage, David Wetherall, Anna Karlin, et al., "Practical network support for IP traceback," in A CM SIGCOMM Conference on Applications, Technologies Architectures and Protocols for Computer Communication, ed. Stockholm, Sweden: Assoc Computing Machinery,2000, pp.295-306.
[29]A. Durresi, V. Paruchuri, and L. Barolli, "Fast autonomous system traceback," Journal of Network and Computer Applications, vol.32(2), Mar 2009, pp.448-454.
[30]Dong Wei and Nirwan Ansari, "Implementing IP Traceback in the Internet—An ISP Perspective," in Proceedings of 3rd Annual IEEE Workshop on Information Assurance, United States Military Academy, West Point, NY,2002, pp.326-32.
[31]Vamsi Paruchuri, Arjan Durresi, Rajgopal Kannan, et al., "Authenticated autonomous system traceback," in Proceedings-18th International Conference on Advanced Information Networking and Applications, AINA 2004, March 29,2004 March 31,2004, Fukuoka, Japan,2004, pp.406-413.
[32]Zhiqiang Gao and Nirwan Ansari, "A practical and robust inter-domain marking scheme for IP traceback," Computer Networks, vol.51(3),2007, pp.732-750.
[33]Chao Gong and Kamil Sarac, "Toward a more practical marking scheme for IP traceback," in 2006 3rd International Conference on Broadband Communications, Networks and Systems, BROADNETS 2006, October 1,2006-October 5,2006, San Jose, CA, United states,2006.
[34]Andre Castelucio, Artur Ziviani, and Ronaldo M. Salles, "An AS-Level Overlay Network for IP Traceback," IEEE Network, vol.23(1), Jan-Feb 2009, pp.36-41.
[35]Rafael P. Laufer, Pedro B. Velloso, Daniel O. De Cunha, et al., "Towards stateless single-packet IP traceback," in 32nd IEEE Conference on Local Computer Networks, LCN 2007, October 15,2007-October 18,2007, Dublin, Ireland,2007, pp.548-555.
[36]Shaoh-Chen Ke and Yen-Wen Chen, "An edge router-based fast internet traceback," in IEEE Region 10 Conference, TENCON 2007, October 30,2007-November 2,2007, Taipei, Taiwan,2007.
[37]Huang Changlai, Li Ming, and Gao Chuanshan, "Autonomous system-based marking scheme for internet traceback," in 2009 WRI World Congress on Computer Science and Information Engineering, CSIE 2009, March 31,2009-April 2,2009, Los Angeles, CA, United states,2009, pp.81-85.
[38]C Gong and K Sarac, "Toward a practical packet marking approach for IP traceback," International Journal of Network Security (IJNS, vol.8(3),2009, pp. 271-281.
[39]T. W. Doeppner, P. N. Klein, and A. Koyfman, "Using router stamping to identify the source of IP packets," in 7th ACM Conference on Computer Communications Security, November 1,2000-November 4,2000, Athens, Greece,2000, pp.184-189.
[40]D. X. Song and A. Perrig, "Advanced and authenticated marking schemes for IP traceback," in 20th Annual Joint Conference of the IEEE Computer and Communications Societies, April 24,2001-April 26,2001, Anchorage, AK, United states,2001, pp.878-886.
[41]D Dean, M Franklin, and A Stubblefield, "An algebraic approach to IP traceback," ACM Transactions on Information and System Security, vol.5(2),2002, pp.119-137.
[42]Rafael P. Laufer, Pedro B. Velloso, and Otto Carlos M. B. Duarte, "Generalized Bloom Filters," 2005.
[43]李德全,徐一丁,苏璞睿等,"IP追踪中的自适应包标记,”电子学报,vol.32(8),2004,pp.1334-1337.
[44]徐永红,杨云,刘凤玉等,”基于权重包标记策略的IP跟踪技术研究,”计算机学报,vol.26(11),2003,pp.1598-1603.
[45]李金明,王汝传,"DDoS攻击源追踪的一种新包标记方案研究,"通信学报,vol.26(11),2005,pp.18-23.
[46]曲海鹏,冯登国,苏璞睿,”基于有序标记的IP包追踪方案,”电子学报,vol.34(1),2006,pp.173-176.
[47]Michael T. Goodrich, "Probabilistic packet marking for large-scale IP traceback," IEEE/ACM Transactions on Networking, vol.16(1),2008, pp.15-24.
[48]Abraham Yaar, Adrian Perrig, and Dawn Song, "FIT:Fast Internet traceback," in IEEE INFOCOM 2005, March 13,2005-March 17,2005, Miami, FL, United states, 2005, pp.1395-1406.
[49]Andrey Belenky and Nirwan Ansari, "IP traceback with deterministic packet marking," IEEE Communications Letters, vol.7(4), Apr 2003, pp.162-164.
[50]Andrey Belenky and Nirwan Ansari, "Tracing Multiple Attackers with Deterministic Packet Marking (DPM)," in 2003 IEEE Pacific Rim Conference on Communications Computers and Signal Processing (PACRIM 2003), August 28,2003-August 30,2003, Victoria, B.C., Canada,2003, pp.49-52.
[51]A. Belenky and N. Ansari, "On deterministic packet marking," Computer Networks, vol.51(10), Jul 2007, pp.2677-2700.
[52]金光,赵杰煜,赵一鸣等,”自治系统的攻击入口追溯技术研究,”电子与信息学报,vol.27(3),2005,pp.346-350.
[53]荆一楠,屠鹏,王雪平等,”一种基于反向确认的DDos攻击源追踪模型,”计算机工程,vol.33(2),2007,pp.127-129.
[54]Yang Xiang, Wanlei Zhou, and Minyi Guo, "Flexible Deterministic Packet Marking: An IP Traceback System to Find the Real Source of Attacks," IEEE Transactions on Parallel and Distributed Systems, vol.20(4), Apr 2009, pp.567-580.
[55]Reza Shokri, Ali Varshovi, Hossein Mohammadi, et al., "DDPM:Dynamic deterministic packet marking for IP traceback," in 2006 IEEE International Conference on Networks, ICON 2006-Networking-Challenges and Frontiers, September 13,2006-September 15,2006, Singapore, Singapore,2006, pp.312-317.
[56]Z Chen and MC Lee, "An IP traceback technique against denial-of-service attacks," in 19th Annual Computer Security Applications conference (ACSAC 2003),2003, pp. 96-104.
[57]张健,陈松乔,”一种可认证DDoS攻击源追踪方案研究,"计算机应用研究,vol.24(010),2007,pp.131-134.
[58]Z. Q. Gao and N. Ansari, "Tracing cyber attacks from the practical perspective," IEEE Communications Magazine, vol.43(5), May 2005, pp.123-131.
[59]A. Belenky and N. Ansari, "On IP traceback," IEEE Communications Magazine, vol. 41(7), Jul 2003, pp.142-153.
[60]Lakshmi Santhanam, Anup Kumar, and Dharma P. Agrawal, "Taxnomy of ip traceback," Journal of Information Assurance and Security,1,2006, pp.79-94.
[61]Andras Varga. (2010,1, March).OMNeT++. Available:http://www.omnetpp.org/.
[62]INET Framework. Available:http://inet.omnetpp.org/index.php?n=Main.HomePa ge.
[63]A. Boneh and M. Hofri, "The Coupon Collector Problem Revisited Commun," Statist-Stochastic Models, vol.13(1),1997, pp.39-66.
[64]Thomas Gamer and Christoph P. Mayer. (2010,2, May). ReaSE. Available: https://i72projekte.tm.uka.de/trac/ReaSE
[65]ReaseGUI. Available:https://i72projekte.tm.uka.de/trac/ReaSE/downloads?order= version&desc=.
[66]Miao Ma, "Tabu marking scheme to speedup IP traceback," Computer Networks, vol.50(18),2006, pp.3536-3549.
[67]H. Tsunoda, K. Ohta, A. Yamamoto, et al., "Detecting DRDoS attacks by a simple response packet confirmation mechanism," Computer Communications, vol.31(14), Sep 2008, pp.3299-3306.
[68]V. Kuznetsov, H. Sandstrom, and A. Simkin, "An evaluation of different IP traceback approaches," in 4th International Conference on Information and Communications Security (ICICS 2002), Singapore, Singapore,2002, pp.37-48.
[69]Stefan Savage, David Wetherall, Anna Karlin, et al, "Network support for IP traceback," IEEE-Acm Transactions on Networking, vol.9(3), Jun 2001, pp.226-237.
[70]Dawn Xiaodong Song and Adrian Perrig, "Advanced and authenticated marking schemes for IP traceback," in Proceedings-IEEE INFOCOM,2001, pp.878-886.
[71]Rafael P. Laufer, Pedro B. Velloso, Daniel de O. Cunha, et al., "Towards Stateless Single-Packet IP Traceback," in 32nd IEEE Conference on Local Computer Networks, Washington,2007, pp.548-555.
[72]LA Sanchez, WC Milliken, AC Snoeren, et al., "Hardware support for a hash-based IP traceback," in DARPA Information Survivability Conference & Exposition Ⅱ,2001, pp.146-152.
[73]H. Tsunoda, K. Ohta, A. Yamamoto, et al., "Detecting DRDoS attacks by a simple response packet confirmation mechanism," Computer Communications, vol.31(14), Sep 2008, pp.3299-3306.
[74]B. Al-Duwairi and G. Manimaran, "Distributed packet pairing for reflector based DDoS attack mitigation," Computer Communications, vol.29(12), Aug 2006, pp. 2269-2280.
[75]S Shakkottai, R Srikant, N Brownlee, et al., "The RTT distribution of TCP flows in the Internet and its impact on TCP-based flow control," Technical report, Cooperative Association for Internet Data Analysis (CAIDA)2004.
[76]赫南,李德毅,淦文燕等,“复杂网络中重要性节点发掘综述,”计算机科学,vol.34(12),2007,pp.1-5,17.
[77]Linton C. Freeman, "A set of measures of centrality based upon betweenness," Sociometry, vol.40,1977, pp.35-41.
[78]Ulrik Brandes, "A faster algorithm for betweenness centrality," Journal of Mathematical Sociology,2001.
[79]MG Everett and SP Borgatti, "The centrality of groups and classes," Journal of Mathematical Sociology, vol.23,1999, pp.181-202.
[80]R. Puzis, Y. Elovici, and S. Dolev, "Finding the most prominent group in complex networks,"Ai Communications, vol.20(4),2007, pp.287-296.
[81]SP Borgatti, "Identifying sets of key players in a social network," Computational & Mathematical Organization Theory, vol.12(1),2006, pp.21-34.
[82]X. Jin, Y. X. Zhang, Y. Pan, et al., "ZSBT:A novel algorithm for tracing DoS attackers in MANETs," Eurasip Journal on Wireless Communications and Networking, 2006.
[83]B. C. Cheng, H. Chen, Y. J. Li, et al., "A packet marking with fair probability distribution function for minimizing the convergence time in wireless sensor networks," Computer Communications, vol.31(18), Dec 2008, pp.4352-4359.
[84]B. C. Cheng, H. Chen, and G. T. Liao, "FBT:an efficient traceback scheme in hierarchical wireless sensor network," Security and Communication Networks, vol.2(2), Mar-Apr 2009, pp.133-144.
[85]Y. Kim and A. Helmy, "CATCH:A protocol framework for cross-layer attacker traceback in mobile multi-hop networks," Ad Hoc Networks, vol.8(2), Mar 2010, pp. 193-213.
[86]W. Timothy Strayer, Christine E. Jones, Fabrice Tchakountio, et al., "SPIE-IPv6: Single IPv6 packet traceback," in Proceedings-29th Annual IEEE International Conference on Local Computer Networks, LCN 2004, November 16,2004-November 18,2004, Tampa, FL, United states,2004, pp.118-125.
[87]Emil Albright and Xuan-Hien Dang, "An implementation of IP traceback in IPv6 using probabilistic packet marking," in 2005 International Conference on Internet Computing, ICOMP'05, June 27,2005-June 30,2005, Athens, GA, United states,2005, pp.416-421.
[88]Syed Obaid Amin and Choong Seon Hong, "On IPv6 traceback," in 8th International Conference Advanced Communication Technology, ICACT 2006, Febrary 20,2006-Febrary 22,2006, Phoenix Park, Korea, Republic of,2006, pp.2139-2143.
[89]Syed Obaid Amin, Myung Soo Kang, and Choong Seon Hong, "A lightweight IP traceback mechanism on IPv6," in EUC 2006:Embedded and Ubiquitous Computing Workshops, August 1,2006-August 4,2006, Seoul, Korea, Republic of,2006, pp. 671-680.
[90]X. H. Dang, E. Albright, and A. A. Abonamah, "Performance analysis of probabilistic packet marking in IPv6," Computer Communications, vol.30(16), Nov 2007, pp.3193-3202.
[91]Yi Shi, Yong Qi, and BinXia Yang, "Deterministic link signature based IP traceback algorithm under IPv6," in 2008 10th International Conference on Advanced Communication Technology, Febrary 17,2008-Febrary 20,2008, Phoenix Park, Korea, Republic of,2008, pp.1010-1014.
[1]刘远生,计算机网络安全:清华大学出版社,2007.
[2]黄昌来,"基于自治系统的DDoS攻击追踪研究,”[博士学位论文],计算机科学技术学院,复旦大学,上海,2009.
[3]H. Tsunoda, K. Ohta, A. Yamamoto, et al., "Detecting DRDoS attacks by a si mple response packet confirmation mechanism," Computer Communications, vol. 31(14), Sep 2008, pp.3299-3306.
[4]R. Vaughn and G. Evron, "DNS amplification attacks," Go online to http://ww w.isotf.org/news/DNS-Amplification-Attacks.pdf,2006.
[2]荆一楠,”分布式拒绝服务攻击中攻击源追踪的研究,”[博士学位论文],信息科学与工程学院,复旦大学,上海,2006.
[3]黄昌来,”基于自治系统的DDoS攻击追踪研究,”[博士学位论文],计算机科学技术学院,复旦大学,上海,2009.
[4]Kihong Park and Heejo Lee, "On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law Internets," in ACM SIGCOMM 2001-Applications, Technologies, Architectures, and Protocols for Computers Communications-, August 27,2001-August 31,2001, San Diego, CA, United states, 2001, pp.15-26.
[5]Jun Li, Jelena Mirkovic, Mengqiu Wang et al., "SAVE:Source address validity enforcement protocol," in IEEE INFOCOM 2002, June 23,2002-June 27,2002, New York, NY, United states,2002, pp.1557-1566.
[6]P. Ferguson and D. Senie, "RFC2267:Network Ingress Filtering:Defeating Denial of Service Attacks which employ IP Source Address Spoofing," RFC Editor United States, 1998.
[7]J. Mirkovic, G Prier, and P. Reiher, "Attacking DDoS at the source," in Proceedings of 10th IEEE International Conference on Network Protocols,2002, pp.312-321.
[8]P.G. Neumann and D.B. Parker, "A summary of computer misuse techniques," 1989, pp.396-407.
[9]Stefan Savage, David Wetherall, Anna Karlin, et al., "Practical network support for IP traceback," Computer Communication Review, vol.30(4),2000, pp.295-306.
[10]H. Hazeyama, M. Oe, and Y. Kadobayashi, "A layer-2 extension to hash-based IP traceback," IEICE Transactions on Information and Systems, vol. E86D(11), Nov 2003, pp.2325-2333.
[11]Michael Snow and Jung-Min Park, "Link-layer traceback in Ethernet networks," in LANMAN 2007-200715th IEEE Workshop on Local and Metropolitan Area Networks, June 10,2007-June 13,2007, Princeton, NJ, United states,2007, pp.182-187.
[12]Hassan Aljifri, "IP traceback:A new denial-of-service deterrent?," IEEE Security and Privacy, vol.1(3),2003, pp.24-31.
[13]金光,”基于数据包标记的拒绝服务攻击防御技术研究,”[博士学位论文],计算机科学与技术学院,浙江大学,杭州,2008.
[14]H. Y. Chang, R. Narayan, S. F. Wu, et al., "DECIDUOUS:decentralized source identification for network-based intrusions," in Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Network Management,1999, pp.701-714.
[15]Robert Stone, "Centertrack:an IP overlay network for tracking DoS floods," in Proceedings of the 9th conference on USENIX Security Symposium, Berkeley,2000, pp. 199-212.
[16]H. Burch and B. Cheswick, "Tracing anonymous packets to their approximate source," in Proceedings of the 14th USENIX conference on System administration, Berkeley,2000, pp.319-328.
[17]Hyung Woo Kang, Soon Jwa Hong, and Dong Hoon Lee, "Matching connection pairs," in 5th International Conference, PDCAT 2004, December 8,2004-December 10, 2004, Singapore,2004, pp.642-649.
[18]B. H. Bloom, "SPACE/TIME TRADE-OFFS IN HASH CODING WITH ALLOWABLE ERRORS," Communications of the ACM, vol.13(Compendex),1970, pp.422-426.
[19]A. C. Snoeren, C. Partridge, L. A. Sanchez, et al., "Single-packet IP traceback," in ACM SIGCOMM 2001 Conference, San Diego, California,2001, pp.721-734.
[20]Egon Hilgenstieler, Elias P. Duarte Jr, Glenn Mansfield-Keeni, et al., "Extensions to the source path isolation engine for precise and efficient log-based IP traceback," Computers & Security, vol.29(Compendex),2010, pp.383-392.
[21]Luo Wen, Wu Jianping, and Xu Ke, "Overlay Logging:An IP traceback scheme in MPLS network," in Networking-ICN 2005, April 17,2005-April 21,2005, Reunion Island, France,2005, pp.75-82.
[22]Steven M. Bellovin and Marcus D. Leech.2000, ICMP traceback messages. Available:http://tools.ietf.org/html/draft-ietf-itrace-00.
[23]V. Kuznetsov, H. Sandstrom, and A. Simkin, "An evaluation of different IP traceback approaches," in 4th International Conference on Information and Communications Security (ICICS 2002), Singapore, Singapore,2002, pp.37-48.
[24]Steve Bellovin, Marcus Leech, and Tom Taylor.2003, ICMP traceback messages. Available:http://tools.ietf.org/html/draft-ietf-itrace-04.
[25]H. W. Lee, S. H. Yun, T. Kwon, et al., "Reflector attack traceback system with pushback based iTrace mechanism," in 6th International Conference on Information and Communications Security, Malaga, SPAIN,2004, pp.236-248.
[26]H. W. Lee, T. Kwon, and H. J. Kim, "NS-2 based IP traceback simulation against reflector based DDoS attack," in 13th International Conference on Artificial Intelligence, Simulation and Planning in High Autonomy Systems (AIS 2004), Cheju Isl, SOUTH KOREA,2004, pp.90-99.
[27]TW Doeppner, PN Klein, and A Koyfman, "Using router stamping to identify the source of IP packets," in Proceedings of the Seventh ACM Conference on Computer and Communications Security Athens,2000, pp.184-189.
[28]Stefan Savage, David Wetherall, Anna Karlin, et al., "Practical network support for IP traceback," in A CM SIGCOMM Conference on Applications, Technologies Architectures and Protocols for Computer Communication, ed. Stockholm, Sweden: Assoc Computing Machinery,2000, pp.295-306.
[29]A. Durresi, V. Paruchuri, and L. Barolli, "Fast autonomous system traceback," Journal of Network and Computer Applications, vol.32(2), Mar 2009, pp.448-454.
[30]Dong Wei and Nirwan Ansari, "Implementing IP Traceback in the Internet—An ISP Perspective," in Proceedings of 3rd Annual IEEE Workshop on Information Assurance, United States Military Academy, West Point, NY,2002, pp.326-32.
[31]Vamsi Paruchuri, Arjan Durresi, Rajgopal Kannan, et al., "Authenticated autonomous system traceback," in Proceedings-18th International Conference on Advanced Information Networking and Applications, AINA 2004, March 29,2004 March 31,2004, Fukuoka, Japan,2004, pp.406-413.
[32]Zhiqiang Gao and Nirwan Ansari, "A practical and robust inter-domain marking scheme for IP traceback," Computer Networks, vol.51(3),2007, pp.732-750.
[33]Chao Gong and Kamil Sarac, "Toward a more practical marking scheme for IP traceback," in 2006 3rd International Conference on Broadband Communications, Networks and Systems, BROADNETS 2006, October 1,2006-October 5,2006, San Jose, CA, United states,2006.
[34]Andre Castelucio, Artur Ziviani, and Ronaldo M. Salles, "An AS-Level Overlay Network for IP Traceback," IEEE Network, vol.23(1), Jan-Feb 2009, pp.36-41.
[35]Rafael P. Laufer, Pedro B. Velloso, Daniel O. De Cunha, et al., "Towards stateless single-packet IP traceback," in 32nd IEEE Conference on Local Computer Networks, LCN 2007, October 15,2007-October 18,2007, Dublin, Ireland,2007, pp.548-555.
[36]Shaoh-Chen Ke and Yen-Wen Chen, "An edge router-based fast internet traceback," in IEEE Region 10 Conference, TENCON 2007, October 30,2007-November 2,2007, Taipei, Taiwan,2007.
[37]Huang Changlai, Li Ming, and Gao Chuanshan, "Autonomous system-based marking scheme for internet traceback," in 2009 WRI World Congress on Computer Science and Information Engineering, CSIE 2009, March 31,2009-April 2,2009, Los Angeles, CA, United states,2009, pp.81-85.
[38]C Gong and K Sarac, "Toward a practical packet marking approach for IP traceback," International Journal of Network Security (IJNS, vol.8(3),2009, pp. 271-281.
[39]T. W. Doeppner, P. N. Klein, and A. Koyfman, "Using router stamping to identify the source of IP packets," in 7th ACM Conference on Computer Communications Security, November 1,2000-November 4,2000, Athens, Greece,2000, pp.184-189.
[40]D. X. Song and A. Perrig, "Advanced and authenticated marking schemes for IP traceback," in 20th Annual Joint Conference of the IEEE Computer and Communications Societies, April 24,2001-April 26,2001, Anchorage, AK, United states,2001, pp.878-886.
[41]D Dean, M Franklin, and A Stubblefield, "An algebraic approach to IP traceback," ACM Transactions on Information and System Security, vol.5(2),2002, pp.119-137.
[42]Rafael P. Laufer, Pedro B. Velloso, and Otto Carlos M. B. Duarte, "Generalized Bloom Filters," 2005.
[43]李德全,徐一丁,苏璞睿等,"IP追踪中的自适应包标记,”电子学报,vol.32(8),2004,pp.1334-1337.
[44]徐永红,杨云,刘凤玉等,”基于权重包标记策略的IP跟踪技术研究,”计算机学报,vol.26(11),2003,pp.1598-1603.
[45]李金明,王汝传,"DDoS攻击源追踪的一种新包标记方案研究,"通信学报,vol.26(11),2005,pp.18-23.
[46]曲海鹏,冯登国,苏璞睿,”基于有序标记的IP包追踪方案,”电子学报,vol.34(1),2006,pp.173-176.
[47]Michael T. Goodrich, "Probabilistic packet marking for large-scale IP traceback," IEEE/ACM Transactions on Networking, vol.16(1),2008, pp.15-24.
[48]Abraham Yaar, Adrian Perrig, and Dawn Song, "FIT:Fast Internet traceback," in IEEE INFOCOM 2005, March 13,2005-March 17,2005, Miami, FL, United states, 2005, pp.1395-1406.
[49]Andrey Belenky and Nirwan Ansari, "IP traceback with deterministic packet marking," IEEE Communications Letters, vol.7(4), Apr 2003, pp.162-164.
[50]Andrey Belenky and Nirwan Ansari, "Tracing Multiple Attackers with Deterministic Packet Marking (DPM)," in 2003 IEEE Pacific Rim Conference on Communications Computers and Signal Processing (PACRIM 2003), August 28,2003-August 30,2003, Victoria, B.C., Canada,2003, pp.49-52.
[51]A. Belenky and N. Ansari, "On deterministic packet marking," Computer Networks, vol.51(10), Jul 2007, pp.2677-2700.
[52]金光,赵杰煜,赵一鸣等,”自治系统的攻击入口追溯技术研究,”电子与信息学报,vol.27(3),2005,pp.346-350.
[53]荆一楠,屠鹏,王雪平等,”一种基于反向确认的DDos攻击源追踪模型,”计算机工程,vol.33(2),2007,pp.127-129.
[54]Yang Xiang, Wanlei Zhou, and Minyi Guo, "Flexible Deterministic Packet Marking: An IP Traceback System to Find the Real Source of Attacks," IEEE Transactions on Parallel and Distributed Systems, vol.20(4), Apr 2009, pp.567-580.
[55]Reza Shokri, Ali Varshovi, Hossein Mohammadi, et al., "DDPM:Dynamic deterministic packet marking for IP traceback," in 2006 IEEE International Conference on Networks, ICON 2006-Networking-Challenges and Frontiers, September 13,2006-September 15,2006, Singapore, Singapore,2006, pp.312-317.
[56]Z Chen and MC Lee, "An IP traceback technique against denial-of-service attacks," in 19th Annual Computer Security Applications conference (ACSAC 2003),2003, pp. 96-104.
[57]张健,陈松乔,”一种可认证DDoS攻击源追踪方案研究,"计算机应用研究,vol.24(010),2007,pp.131-134.
[58]Z. Q. Gao and N. Ansari, "Tracing cyber attacks from the practical perspective," IEEE Communications Magazine, vol.43(5), May 2005, pp.123-131.
[59]A. Belenky and N. Ansari, "On IP traceback," IEEE Communications Magazine, vol. 41(7), Jul 2003, pp.142-153.
[60]Lakshmi Santhanam, Anup Kumar, and Dharma P. Agrawal, "Taxnomy of ip traceback," Journal of Information Assurance and Security,1,2006, pp.79-94.
[61]Andras Varga. (2010,1, March).OMNeT++. Available:http://www.omnetpp.org/.
[62]INET Framework. Available:http://inet.omnetpp.org/index.php?n=Main.HomePa ge.
[63]A. Boneh and M. Hofri, "The Coupon Collector Problem Revisited Commun," Statist-Stochastic Models, vol.13(1),1997, pp.39-66.
[64]Thomas Gamer and Christoph P. Mayer. (2010,2, May). ReaSE. Available: https://i72projekte.tm.uka.de/trac/ReaSE
[65]ReaseGUI. Available:https://i72projekte.tm.uka.de/trac/ReaSE/downloads?order= version&desc=.
[66]Miao Ma, "Tabu marking scheme to speedup IP traceback," Computer Networks, vol.50(18),2006, pp.3536-3549.
[67]H. Tsunoda, K. Ohta, A. Yamamoto, et al., "Detecting DRDoS attacks by a simple response packet confirmation mechanism," Computer Communications, vol.31(14), Sep 2008, pp.3299-3306.
[68]V. Kuznetsov, H. Sandstrom, and A. Simkin, "An evaluation of different IP traceback approaches," in 4th International Conference on Information and Communications Security (ICICS 2002), Singapore, Singapore,2002, pp.37-48.
[69]Stefan Savage, David Wetherall, Anna Karlin, et al, "Network support for IP traceback," IEEE-Acm Transactions on Networking, vol.9(3), Jun 2001, pp.226-237.
[70]Dawn Xiaodong Song and Adrian Perrig, "Advanced and authenticated marking schemes for IP traceback," in Proceedings-IEEE INFOCOM,2001, pp.878-886.
[71]Rafael P. Laufer, Pedro B. Velloso, Daniel de O. Cunha, et al., "Towards Stateless Single-Packet IP Traceback," in 32nd IEEE Conference on Local Computer Networks, Washington,2007, pp.548-555.
[72]LA Sanchez, WC Milliken, AC Snoeren, et al., "Hardware support for a hash-based IP traceback," in DARPA Information Survivability Conference & Exposition Ⅱ,2001, pp.146-152.
[73]H. Tsunoda, K. Ohta, A. Yamamoto, et al., "Detecting DRDoS attacks by a simple response packet confirmation mechanism," Computer Communications, vol.31(14), Sep 2008, pp.3299-3306.
[74]B. Al-Duwairi and G. Manimaran, "Distributed packet pairing for reflector based DDoS attack mitigation," Computer Communications, vol.29(12), Aug 2006, pp. 2269-2280.
[75]S Shakkottai, R Srikant, N Brownlee, et al., "The RTT distribution of TCP flows in the Internet and its impact on TCP-based flow control," Technical report, Cooperative Association for Internet Data Analysis (CAIDA)2004.
[76]赫南,李德毅,淦文燕等,“复杂网络中重要性节点发掘综述,”计算机科学,vol.34(12),2007,pp.1-5,17.
[77]Linton C. Freeman, "A set of measures of centrality based upon betweenness," Sociometry, vol.40,1977, pp.35-41.
[78]Ulrik Brandes, "A faster algorithm for betweenness centrality," Journal of Mathematical Sociology,2001.
[79]MG Everett and SP Borgatti, "The centrality of groups and classes," Journal of Mathematical Sociology, vol.23,1999, pp.181-202.
[80]R. Puzis, Y. Elovici, and S. Dolev, "Finding the most prominent group in complex networks,"Ai Communications, vol.20(4),2007, pp.287-296.
[81]SP Borgatti, "Identifying sets of key players in a social network," Computational & Mathematical Organization Theory, vol.12(1),2006, pp.21-34.
[82]X. Jin, Y. X. Zhang, Y. Pan, et al., "ZSBT:A novel algorithm for tracing DoS attackers in MANETs," Eurasip Journal on Wireless Communications and Networking, 2006.
[83]B. C. Cheng, H. Chen, Y. J. Li, et al., "A packet marking with fair probability distribution function for minimizing the convergence time in wireless sensor networks," Computer Communications, vol.31(18), Dec 2008, pp.4352-4359.
[84]B. C. Cheng, H. Chen, and G. T. Liao, "FBT:an efficient traceback scheme in hierarchical wireless sensor network," Security and Communication Networks, vol.2(2), Mar-Apr 2009, pp.133-144.
[85]Y. Kim and A. Helmy, "CATCH:A protocol framework for cross-layer attacker traceback in mobile multi-hop networks," Ad Hoc Networks, vol.8(2), Mar 2010, pp. 193-213.
[86]W. Timothy Strayer, Christine E. Jones, Fabrice Tchakountio, et al., "SPIE-IPv6: Single IPv6 packet traceback," in Proceedings-29th Annual IEEE International Conference on Local Computer Networks, LCN 2004, November 16,2004-November 18,2004, Tampa, FL, United states,2004, pp.118-125.
[87]Emil Albright and Xuan-Hien Dang, "An implementation of IP traceback in IPv6 using probabilistic packet marking," in 2005 International Conference on Internet Computing, ICOMP'05, June 27,2005-June 30,2005, Athens, GA, United states,2005, pp.416-421.
[88]Syed Obaid Amin and Choong Seon Hong, "On IPv6 traceback," in 8th International Conference Advanced Communication Technology, ICACT 2006, Febrary 20,2006-Febrary 22,2006, Phoenix Park, Korea, Republic of,2006, pp.2139-2143.
[89]Syed Obaid Amin, Myung Soo Kang, and Choong Seon Hong, "A lightweight IP traceback mechanism on IPv6," in EUC 2006:Embedded and Ubiquitous Computing Workshops, August 1,2006-August 4,2006, Seoul, Korea, Republic of,2006, pp. 671-680.
[90]X. H. Dang, E. Albright, and A. A. Abonamah, "Performance analysis of probabilistic packet marking in IPv6," Computer Communications, vol.30(16), Nov 2007, pp.3193-3202.
[91]Yi Shi, Yong Qi, and BinXia Yang, "Deterministic link signature based IP traceback algorithm under IPv6," in 2008 10th International Conference on Advanced Communication Technology, Febrary 17,2008-Febrary 20,2008, Phoenix Park, Korea, Republic of,2008, pp.1010-1014.
[1]刘远生,计算机网络安全:清华大学出版社,2007.
[2]黄昌来,"基于自治系统的DDoS攻击追踪研究,”[博士学位论文],计算机科学技术学院,复旦大学,上海,2009.
[3]H. Tsunoda, K. Ohta, A. Yamamoto, et al., "Detecting DRDoS attacks by a si mple response packet confirmation mechanism," Computer Communications, vol. 31(14), Sep 2008, pp.3299-3306.
[4]R. Vaughn and G. Evron, "DNS amplification attacks," Go online to http://ww w.isotf.org/news/DNS-Amplification-Attacks.pdf,2006.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |