基于源地址伪造的Web服务DoS攻击防御方法
|
摘要
为缓解Web服务面临的DoS攻击,对Web服务安全标准(WSS)的核心内容进行研究,基于WSS中的安全令牌,设计并提出一种防范基于源地址伪造DoS攻击的安全令牌,并采用RSA算法对该令牌进行加密。实验结果表明,该安全令牌能够有效缓解基于源地址伪造的Web服务DoS攻击,提高Web服务的安全性。
To relieve Web service DoS attacks,the core content of the WSS(Web service security)was researched,and a security token to prevent DoS attacks based on the source address forgery was designed and proposed,and the RSA algorithm was adopted to encrypt the token.The given experimental results show that the proposed security token can effectively alleviate DoS attacks based on the source address forgery in Web service,resulting in improving the Web service security.
To relieve Web service DoS attacks,the core content of the WSS(Web service security)was researched,and a security token to prevent DoS attacks based on the source address forgery was designed and proposed,and the RSA algorithm was adopted to encrypt the token.The given experimental results show that the proposed security token can effectively alleviate DoS attacks based on the source address forgery in Web service,resulting in improving the Web service security.
引文
[1]Nordbotten NA.XML and Web services security standards[J].IEEE Communications Surveys&Tutorials,2009,11(3):4-22.
[2]Bidou R.Attacks on Web services[R].China:The OWASP Foundation,2009:1-22.
[3]Peng D,Li C,Huo H.An extended Username token-based approach for REST-style Web service security authentication[C]//In the 2nd IEEE International Conference on Computer Science and Information Technology.IEEE,2009:582-586.
[4]Kwon T.Privacy preservation with X.509standard certificates[J].Information Sciences,2011,181(13):2906-2921.
[5]Bertino E,Martino L,Paci F,et al.Security for Web services and service-oriented architectures[M].Heidelberg:Springer,2010:1-226.
[6]Jensen M,Schwenk J,Gruschka N,et al.On technical security issues in cloud computing[C]//IEEE International Conference on Cloud Computing.IEEE,2009:109-116.
[7]Bashir K,Khan M.Modification in Kerberos assisted authentication in mobile Ad-Hoc networks to prevent ticket replay attacks[J].IACSIT International Journal of Engineering and Technology,2012,4(3):307-310.
[8]Cheong CP,Chatwin C,Young R.A new secure token for enhancing Web service security[C]//IEEE International Conference on Computer Science and Automation Engineering.IEEE,2011:45-48.
[9]XIAO Jun,YUN Xiaochun,ZHANG Yongzheng.Randomly forging source address DoS attacks filtering[J].Journal of Software,2011,22(10):2425-2437(in Chinese).[肖军,云晓春,张永铮.随机伪造源地址分布式拒绝服务攻击过滤[J].软件学报,2011,22(10):2425-2437.]
[10]Suriadi S,Stebila D,Clark A,et al.Defending Web services against denial of service attacks using client puzzles[C]//IEEE International Conference on Web Services.IEEE,2011:25-32.
[11]Chao-yang Z.DoS attack analysis and study of new measures to prevent[C]//International Conference on Intelligence Science and Information Engineering.IEEE,2011:426-429.
[12]Barna C,Shtern M,Smit M,et al.Model-based adaptive DoS attack mitigation[C]//ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems.IEEE,2012:119-128.
[13]LIU Yue,LI Qiang,LI Zhoujun.P2Pnetwork security and defense technology research[J].Computer Science,2013,40(4):9-13(in Chinese).[刘悦,李强,李舟军.P2P网络安全及防御技术研究综述[J].计算机科学,2013,40(4):9-13.]
[14]YE Jing,LI Lingqiang.DoS attack and defense based on the protection of flow MANET network MAC layer[J].Computer Science,2011,38(4):118-121(in Chinese).[叶进,李伶强.基于保护流的MANET网MAC层DoS攻击及防御[J].计算机科学,2011,38(4):118-121.]
[15]HUANG Kangyu,HE Zhengqiu,LAI Haiguang,et al.Web service attack technology research[J].Computer Application Research,2010,27(1):17-22(in Chinese).[黄康宇,贺正求,赖海光,等.Web服务攻击技术研究综述[J].计算机应用研究,2010,27(1):17-22.]
[16]Mehra M,Agarwal M,Pawar R,et al.Mitigating denial of service attack using CAPTCHA mechanism[C]//Proceedings of the International Conference&Workshop on Emerging Trends in Technology.ACM,2011:284-287.
[2]Bidou R.Attacks on Web services[R].China:The OWASP Foundation,2009:1-22.
[3]Peng D,Li C,Huo H.An extended Username token-based approach for REST-style Web service security authentication[C]//In the 2nd IEEE International Conference on Computer Science and Information Technology.IEEE,2009:582-586.
[4]Kwon T.Privacy preservation with X.509standard certificates[J].Information Sciences,2011,181(13):2906-2921.
[5]Bertino E,Martino L,Paci F,et al.Security for Web services and service-oriented architectures[M].Heidelberg:Springer,2010:1-226.
[6]Jensen M,Schwenk J,Gruschka N,et al.On technical security issues in cloud computing[C]//IEEE International Conference on Cloud Computing.IEEE,2009:109-116.
[7]Bashir K,Khan M.Modification in Kerberos assisted authentication in mobile Ad-Hoc networks to prevent ticket replay attacks[J].IACSIT International Journal of Engineering and Technology,2012,4(3):307-310.
[8]Cheong CP,Chatwin C,Young R.A new secure token for enhancing Web service security[C]//IEEE International Conference on Computer Science and Automation Engineering.IEEE,2011:45-48.
[9]XIAO Jun,YUN Xiaochun,ZHANG Yongzheng.Randomly forging source address DoS attacks filtering[J].Journal of Software,2011,22(10):2425-2437(in Chinese).[肖军,云晓春,张永铮.随机伪造源地址分布式拒绝服务攻击过滤[J].软件学报,2011,22(10):2425-2437.]
[10]Suriadi S,Stebila D,Clark A,et al.Defending Web services against denial of service attacks using client puzzles[C]//IEEE International Conference on Web Services.IEEE,2011:25-32.
[11]Chao-yang Z.DoS attack analysis and study of new measures to prevent[C]//International Conference on Intelligence Science and Information Engineering.IEEE,2011:426-429.
[12]Barna C,Shtern M,Smit M,et al.Model-based adaptive DoS attack mitigation[C]//ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems.IEEE,2012:119-128.
[13]LIU Yue,LI Qiang,LI Zhoujun.P2Pnetwork security and defense technology research[J].Computer Science,2013,40(4):9-13(in Chinese).[刘悦,李强,李舟军.P2P网络安全及防御技术研究综述[J].计算机科学,2013,40(4):9-13.]
[14]YE Jing,LI Lingqiang.DoS attack and defense based on the protection of flow MANET network MAC layer[J].Computer Science,2011,38(4):118-121(in Chinese).[叶进,李伶强.基于保护流的MANET网MAC层DoS攻击及防御[J].计算机科学,2011,38(4):118-121.]
[15]HUANG Kangyu,HE Zhengqiu,LAI Haiguang,et al.Web service attack technology research[J].Computer Application Research,2010,27(1):17-22(in Chinese).[黄康宇,贺正求,赖海光,等.Web服务攻击技术研究综述[J].计算机应用研究,2010,27(1):17-22.]
[16]Mehra M,Agarwal M,Pawar R,et al.Mitigating denial of service attack using CAPTCHA mechanism[C]//Proceedings of the International Conference&Workshop on Emerging Trends in Technology.ACM,2011:284-287.