DDoS攻击对策及源追踪方案研究
|
摘要
拒绝服务攻击是网络安全的一大威胁,在拒绝服务攻击的各种防御技术中,源追踪问题的研究一直是近年来的一个研究热点。若能够快速准确找到攻击者的位置,在适当位置部署防御措施,就能够最大限度的限制攻击者的行为,更好的维护网络的安全。因此,本文将防范拒绝服务攻击研究的重点集中在攻击源的追踪问题上。
本文首先对分布式拒绝服务DDoS(Distributed Denial of Service,DDoS)攻击的攻击机制、原理做了分类论述。随后对DDoS攻击的检测和防御对策进行了剖析,客观的分析和总结了各技术的优缺点。重点对攻击源追踪技术的几种概率包标记方案进行了深入的研究,对基本概率包标记方案PPM(Probabilistic Packet Marking,PPM)和高级包标记方案AMS(Advanced Marking scheme,AMS)做了详细分析。同时对固定概率标记数据包所可能导致的问题,进行了阐述。在以上研究的基础上,提出了本文的区间概率包标记方案PPPM(Partition Probabilistic Packet Marking,PPPM),并对本文方案的性能与高级包方案进行了对比分析。
本文在对概率的优化选择、防覆盖标记和防伪造标记方面研究的基础上,提出了一种区间概率包标记方案PPPM,该方案大大减少了路径重构所需的数据包数目,缩短了对分布式拒绝服务攻击DDoS的响应时间,提高了源追踪的回溯效率,限制了攻击者的伪造能力。
Distributed Denial-of-Service(DDOS)attack is a big threat of network security. Among every defense countermeasures of DDoS attack, IP traceback is a hot spot pursued by researchers in recent years. If the location of the attacker can be found quickly and accurately and the defensive measures can be deployed at appropriate location, then attacker's behaviors will be restricted to the highest extent and network security will be maintained better. Therefore, the study of DDoS attack denfense was focused on the tracking of attack source this dissertation
The mechanicals of DDoS attack were firstly classified and discussed in this paper; then the detect and defense countermeasures of DDoS attack were analysed, as well as their advantages and disadvantages. Several Probabilistic Packet Marking cases of tracing attack sources were mainly studied, and the Probabilistic Packet Marking and Advanced Marking scheme were analysed in detail. Meanwhile, the fixed probable problems resulted by probabilistic marking packet were illustrated. Based on the study mentioned above, the Partition Probabilistic Packet Marking was put forward ,and its property was compared with that of AMS.
In this paper, probability optimization, defend coverage marking and defend forge marking have been studied and a new partition probability packet marking scheme has been presented based on the analysis of the PPM scheme and the AMS scheme.This new scheme greatly reduces the number of packets needed for attack path reconstruction and convergence time, improves the efficiency of IP traceback and effectively restrains the attacker's spoofing.
本文首先对分布式拒绝服务DDoS(Distributed Denial of Service,DDoS)攻击的攻击机制、原理做了分类论述。随后对DDoS攻击的检测和防御对策进行了剖析,客观的分析和总结了各技术的优缺点。重点对攻击源追踪技术的几种概率包标记方案进行了深入的研究,对基本概率包标记方案PPM(Probabilistic Packet Marking,PPM)和高级包标记方案AMS(Advanced Marking scheme,AMS)做了详细分析。同时对固定概率标记数据包所可能导致的问题,进行了阐述。在以上研究的基础上,提出了本文的区间概率包标记方案PPPM(Partition Probabilistic Packet Marking,PPPM),并对本文方案的性能与高级包方案进行了对比分析。
本文在对概率的优化选择、防覆盖标记和防伪造标记方面研究的基础上,提出了一种区间概率包标记方案PPPM,该方案大大减少了路径重构所需的数据包数目,缩短了对分布式拒绝服务攻击DDoS的响应时间,提高了源追踪的回溯效率,限制了攻击者的伪造能力。
Distributed Denial-of-Service(DDOS)attack is a big threat of network security. Among every defense countermeasures of DDoS attack, IP traceback is a hot spot pursued by researchers in recent years. If the location of the attacker can be found quickly and accurately and the defensive measures can be deployed at appropriate location, then attacker's behaviors will be restricted to the highest extent and network security will be maintained better. Therefore, the study of DDoS attack denfense was focused on the tracking of attack source this dissertation
The mechanicals of DDoS attack were firstly classified and discussed in this paper; then the detect and defense countermeasures of DDoS attack were analysed, as well as their advantages and disadvantages. Several Probabilistic Packet Marking cases of tracing attack sources were mainly studied, and the Probabilistic Packet Marking and Advanced Marking scheme were analysed in detail. Meanwhile, the fixed probable problems resulted by probabilistic marking packet were illustrated. Based on the study mentioned above, the Partition Probabilistic Packet Marking was put forward ,and its property was compared with that of AMS.
In this paper, probability optimization, defend coverage marking and defend forge marking have been studied and a new partition probability packet marking scheme has been presented based on the analysis of the PPM scheme and the AMS scheme.This new scheme greatly reduces the number of packets needed for attack path reconstruction and convergence time, improves the efficiency of IP traceback and effectively restrains the attacker's spoofing.
引文
1.A Boneh,M Hofri.The coupon collect problem revisited[J].Commun Statist Stochastic Models,1997,13(1):39-66
2.A D Keromytis,V Misra,and D Rubenstein."OS Secure overlay services[R]."in ACMSIGCOMM Communication Review Proceedings of the 2002 conference on Applications,technologies,architectures,and protocols for computer communi cations (Pittsburgh,PA).vo132,August 2002,pp 61-72
3.A Hussain,J Heidemarm,and C Papadopoulos."Denial-of-service A framework for classifying denial of service attaeks[R]."in Proceedings of the 2003 conference on Apphcations,technologies,architectures,and protocols for computer cornmnnications(S IGCOMM),Karlsruhe,Germany,2003,pp 99-110
4.AJIFRI H,SMETS M,PONS A.IP Traceback using header compression[J].computer &security,2003,22(2):136-151.
5.A Snoeren,C Partridge,L Sanchez,et al.Hashed-based IP tracebaek[R].ACM,SIGCOMM.Aug.2001.
6.A Stavrou,A D Keromytis,J Nieh,V Misra,and D Rubenstein."MOVE An End-to-End solution to network denial of serviee[R]."in Proceedings of the 12th Symposi um on Network and Distributed System Secudty(NDSS),February 2005
7.C Barros.A proposal for ICMP traceback messages[EB/OL].Http://www.research.at.com/lists/ietf-itrace/2000/09/Msg00044.htm],2003-07-25.
8.C.Schuba,I.Krsul,M.Kuhn,GSpafford,A.Sundaram,and D.Zamboni.Analysis of a denial of service attack on TCP[R].In Proceedings of the 1997 IEEE Symposium on Security and Privacy,May 1999.
9.Christos Siaterlis,Vasilis Maglaris.Detecting incoming and outgoing DDoS attack at the edge using a single set of network characteristics[J].The 10th IEEE symposium on computers and communications,Cartagena 2005.IEEE,2005:2-4
10.CERT Coordination Center DoS using name servers.http://www.eert.org/incident_not es/IN-2000-04.html.
11.Chen Z,Lee M.An IP traceback technique against denial-of-service attacks[R].In:Proc.of the 19th Annual Computer Security Applications Conf.(ACSAC 2003).2003.96-104.
12.D.Dittrieh,The "staeheldraht" distributed denial of service attack tool,http://staff.Washington.edu/dittrich/mise/stacheldraht.analysis,txt,1999.
13.D.Dittrieh.The DoS Project's trinoo distributed denial of service attack tool.http://staff.washington.edu/dittrich/misc/trinoo.analysis,1999.
14.David Moore,Geoffry M.Voelker and Stefen Savage.Inferring interact denial-of-service activity[J].Dan S.Wallach.The 10th USENIX security symposium,Washington,DC,2001.ACM,2006,24(2):115-139.
15.D Song,A Perrig.Advanced and authenticated marking schemes for IP tracebaek[R].In:Proc.IEEE INFOCOM,Apr.2001.295-306;
16.Gong C,Sarac K.IP traceback based on packet marking and logging[R].In:Proc.of the IEEE Int'l Conf.on Communications 2005.1043-1047.
17.Hal Butch and Bill Cheswick.Tracing anonymous packets to their approximate source[R].In Proe.Usenix LISA'00,December,2000,Pages:319-327.
18.H Wang and K Shm."Transport-aware IP routers A built-m protection mechanism to touter DDoS attacks[J]."IEEE Transactions on Parallel and Distributed Systems.2003,14(9):873-874.
19.H Wang,D Z.hang,and K G Shm."Detecting SYN flooding attaeks[R]."in Proceedings of Annual Jount Conference of the IEEE Computer and Communcations Soeretres(INFOCOM).VOL 3,June 23-27 2002,pp 1530-1539.
20.J.Barlow,W.Thrower.TFN2K-An Analysis[J],AXENT Security Team February 10,2000
21.Jin C,Wang H.N,Shin K.G.Hip-count filtering:An effective defense against spooled DDoS traffic[R].In:Proceeding of the 10th ACM on Computer and Communication Security(CCS).Washington,DC,USA,2003,30-41.
22.J Ioannidis and S M Bellovin."Implementing pushback Routerbased defense against DDoS attacks[R]."in Proceedings of Network and Disterbuted System Security Symposium(NDSS).Catamaran Resort Hotel San Diego,California The Internet Society,February 2002
23.J Lemon."Resisting SYN flood DoS attacks with a SYN eaehe[R]."in proceedings of the BSDC on 2002 Conference.11-14 Feb 2002,pp 89-97
24.Jun Li,Constantine Manikopoulos.Early statistical anomaly intrusiondetection of DOS attacks using MIB traffc parameters[J].Information assurance workshop,New York,2003.IEEE,2003:54-57
25.Jun L,Sung M,Xu J,Li L.Large-Scale IP traceback in high-speed Internet:Practical techniques and theoretical foundation[R].In:Proc.of the IEEE Syrup.on Security and Privacy 2004.IEEE,2004:115-129.
26.John-Paul,Robert Frvckman.Internet defenses against distributed denial of service attacks:the thesis for the degree Master of Seience[J].Universty of California.SAND IEGO,2003
27.Kevin J Houleetal.Trends in Denial of Service Attack Teehnology.CERT(r) Coordination Center[EB/OL].http://www.eert.org/arehive/pdf/DoS-trends.pdf.2000.
28.K Park,H Lee.On the effectiveness of probabilistic paeketmarking for IP traceback under denial of service attack[R].IEEE IN-FOCOM'01,Anchorage,Alaska,2001
29.K Park,H Lee.On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets[R].SIGCOMM'01,San Diego,California,August 27-31,2001,
30.Lanra Feinstein,Dan Schnackenberg.Statistical approaches to DDoS attack detection and response[J].The DARPA Information Survivability and Exposition,Washington,DC,2003.IEEE,2003:1-10
31.L Garter.Denial-of-Service Attacks Rip the Internet[J].Computer,Apr.2000,vol.33(4):12-17.
32.MkR,XiaoFeng Wang."Mitigating bandwidth-exhaustion attacks using Congestion puzzles[R]."in Proceedings of the llth ACM conference on Computer and communications secufity(CCS'04),Washington DC,USA,Oetober 2004,pp 257-267.
33.Mirkovic J,Prier G.Attacking DDoS at the source[R].In:Proceeding of the 10th IEEE International Conference on Network Protocols,Pads,France,2002:312-321.
34.Norros L.IEEE Journal of Selected Area in Communications [J],Aug.1995,13(6):953-962
35.P.Ferguson and D.Senie.Network Ingress Filtering:Defeating Denial of Service Attacks which Employ IP Source Address Spoofmg[J]."RFC 2827,May 2000
36.Peng Ning.A Little Background on Trace Back[EB/OL]:htt'p://discovery.csc.ncsu.edu/Courses/csc774-S03/on-trace-back.pdf,2003.
37.Ratul Mahajan,Steven M,Bellovin,Sally Floyd,John Ioannidis,Vem Paxson,and Scott Shenker.Controlling High Bandwidth Aggregates in the Network[J],ACM SIGCOMM Computer Communication Review,2002,32(3):62-73.
38.R Talpade,G Kim,and S Khurana."Nomad Traffic-based network monitoring framework for anomaly detection[J]." In the Fourth IEEE Symposium on Computers and Communications,1999:442-451.
39.Staff.AGC,ARPA.There for kids at Sunshine Acres.Association across the Southwest honor their outstanding members and two Arizona Associations step to aid children[J].Southwest Contractor,2004,66(2):53-56.
40.S Branigan,H Burch,B Cheswick,and F Wojcik."What can you do with Traceroute Internet Computing[J]."IEEE,2001,5(5):96-100.
41.S Savage,D Wetherall,A Karlin,et al.Network support for IP traceback[J].IEEE/ACM Transaction on Networking,2001,19(3):226-237.
42.Savage S,Wetherall D,Karlin A,Anderson T.Practical network support for IP traceback[R].In:Proc.of the 2000 ACM SIGCOMM Conf.2000.295-306.
43.T.Aura,P.Nikander,and J.Leiwo.DOS-Resistant Authentication with Client Puzzles[J],Lecture Notes in Computer Science,2001,2133(3):170-177.
44.Yen-Hung Hu,Hongsik Choi,Hyeong-Ah Choi.Packet filtering to defend flooding-based DDoS attacks[J].Advances in Wired and Wireless Communication,April,2004,26(27):39-42.
45.蔡弘,陈惠民,李衍达.一种新型的通信网络突发业务建模方法-自相似业务[J].通信学报,1997,18(11):55-59.
46.陈波,于洽.DDoS攻击原理与对策的进一步研究[J].计算机工程与应用.2001.10.
47.陈伟.针对TCP协议的分布式拒绝服务攻击的防范方法研究[D],湖北省武汉:武汉大学,博士学位论文,2005,10。
48.樊康新.DDoS攻击的技术分析及防范策略研究[J],南通大学学报(自然科学 版),2005,4(3):51-53.
49.高永强,郭世铎.网络安全技术与应用大典[M].北京:清华大学出版社,2003:207-231.
50.顾晓清.DDoS攻击及其追踪方案的研究[D].江苏省无锡市:江南大学硕士论文,2006.
51.刘传斌,骆旭林.基于历史过滤的DDoS防御模型[J],商业IT,2005,19:76-77.
52.李德全,徐一丁,苏璞睿,冯登国.II)追踪中的自适应包标记[J],电子学报,2004,32(8):1335-1337.
53.刘峰,范松波,周斌.DDoS攻击报文过滤器在Linux防火墙中的应用[J].长沙通信职业技术学院学报,2005,4(3):30-35.
54.李旺,吴礼发等.分布式网络入侵检测系统NetNumen的设计与实现[J].软件学报,2002,13(8):1723-1728.
55.任建国.拒绝服务攻击的研究[D].上海:复旦大学硕士学位论文,2001
56.王凌云.分布式拒绝服务攻击DDoS及其防范[J].计算机辅助工程,2004,Mar:74-80.
57.魏军,连一峰,戴英侠,李闻,鲍旭华.基于路由器矢量边采样的IP追踪技术研究[J].软件学报,2007,18(11):2530-2840.
58.夏春和,王海泉,吴震,王继伟.攻击源定位问题的研究[J].计算机研究与发展,2003,40(7):1021-1027.
59.徐烙,徐明伟,吴建平.分布式拒绝服务攻击研究综述[M]小型微型计算机系统.2004.25(3):337-346.
60.徐一丁.'DDoS攻击原理及防范”,天极网.2003.
61.姚淑萍,胡昌震.基于负载预测的分布式拒绝服务攻击检测方法研究[J].科技导报,2005,23(9):11-13.
62.杨余旺,孙亚民.分布式拒绝服务攻击的实现机理及其防御研究[J].计算机工程与设计,2004,25(5):657-660.
63.钟金,窦万峰,朱恩霞.基于源的DDoS攻击的检测与防御技术[J].计算机应用与软件,2005,22(10):26-27.
64.庄肖斌,芦康俊,王理,卢建芝,李鸥.一种基于流量统计的攻击检测方法[J].计算机工程,2004,30(22):127-128.
2.A D Keromytis,V Misra,and D Rubenstein."OS Secure overlay services[R]."in ACMSIGCOMM Communication Review Proceedings of the 2002 conference on Applications,technologies,architectures,and protocols for computer communi cations (Pittsburgh,PA).vo132,August 2002,pp 61-72
3.A Hussain,J Heidemarm,and C Papadopoulos."Denial-of-service A framework for classifying denial of service attaeks[R]."in Proceedings of the 2003 conference on Apphcations,technologies,architectures,and protocols for computer cornmnnications(S IGCOMM),Karlsruhe,Germany,2003,pp 99-110
4.AJIFRI H,SMETS M,PONS A.IP Traceback using header compression[J].computer &security,2003,22(2):136-151.
5.A Snoeren,C Partridge,L Sanchez,et al.Hashed-based IP tracebaek[R].ACM,SIGCOMM.Aug.2001.
6.A Stavrou,A D Keromytis,J Nieh,V Misra,and D Rubenstein."MOVE An End-to-End solution to network denial of serviee[R]."in Proceedings of the 12th Symposi um on Network and Distributed System Secudty(NDSS),February 2005
7.C Barros.A proposal for ICMP traceback messages[EB/OL].Http://www.research.at.com/lists/ietf-itrace/2000/09/Msg00044.htm],2003-07-25.
8.C.Schuba,I.Krsul,M.Kuhn,GSpafford,A.Sundaram,and D.Zamboni.Analysis of a denial of service attack on TCP[R].In Proceedings of the 1997 IEEE Symposium on Security and Privacy,May 1999.
9.Christos Siaterlis,Vasilis Maglaris.Detecting incoming and outgoing DDoS attack at the edge using a single set of network characteristics[J].The 10th IEEE symposium on computers and communications,Cartagena 2005.IEEE,2005:2-4
10.CERT Coordination Center DoS using name servers.http://www.eert.org/incident_not es/IN-2000-04.html.
11.Chen Z,Lee M.An IP traceback technique against denial-of-service attacks[R].In:Proc.of the 19th Annual Computer Security Applications Conf.(ACSAC 2003).2003.96-104.
12.D.Dittrieh,The "staeheldraht" distributed denial of service attack tool,http://staff.Washington.edu/dittrich/mise/stacheldraht.analysis,txt,1999.
13.D.Dittrieh.The DoS Project's trinoo distributed denial of service attack tool.http://staff.washington.edu/dittrich/misc/trinoo.analysis,1999.
14.David Moore,Geoffry M.Voelker and Stefen Savage.Inferring interact denial-of-service activity[J].Dan S.Wallach.The 10th USENIX security symposium,Washington,DC,2001.ACM,2006,24(2):115-139.
15.D Song,A Perrig.Advanced and authenticated marking schemes for IP tracebaek[R].In:Proc.IEEE INFOCOM,Apr.2001.295-306;
16.Gong C,Sarac K.IP traceback based on packet marking and logging[R].In:Proc.of the IEEE Int'l Conf.on Communications 2005.1043-1047.
17.Hal Butch and Bill Cheswick.Tracing anonymous packets to their approximate source[R].In Proe.Usenix LISA'00,December,2000,Pages:319-327.
18.H Wang and K Shm."Transport-aware IP routers A built-m protection mechanism to touter DDoS attacks[J]."IEEE Transactions on Parallel and Distributed Systems.2003,14(9):873-874.
19.H Wang,D Z.hang,and K G Shm."Detecting SYN flooding attaeks[R]."in Proceedings of Annual Jount Conference of the IEEE Computer and Communcations Soeretres(INFOCOM).VOL 3,June 23-27 2002,pp 1530-1539.
20.J.Barlow,W.Thrower.TFN2K-An Analysis[J],AXENT Security Team February 10,2000
21.Jin C,Wang H.N,Shin K.G.Hip-count filtering:An effective defense against spooled DDoS traffic[R].In:Proceeding of the 10th ACM on Computer and Communication Security(CCS).Washington,DC,USA,2003,30-41.
22.J Ioannidis and S M Bellovin."Implementing pushback Routerbased defense against DDoS attacks[R]."in Proceedings of Network and Disterbuted System Security Symposium(NDSS).Catamaran Resort Hotel San Diego,California The Internet Society,February 2002
23.J Lemon."Resisting SYN flood DoS attacks with a SYN eaehe[R]."in proceedings of the BSDC on 2002 Conference.11-14 Feb 2002,pp 89-97
24.Jun Li,Constantine Manikopoulos.Early statistical anomaly intrusiondetection of DOS attacks using MIB traffc parameters[J].Information assurance workshop,New York,2003.IEEE,2003:54-57
25.Jun L,Sung M,Xu J,Li L.Large-Scale IP traceback in high-speed Internet:Practical techniques and theoretical foundation[R].In:Proc.of the IEEE Syrup.on Security and Privacy 2004.IEEE,2004:115-129.
26.John-Paul,Robert Frvckman.Internet defenses against distributed denial of service attacks:the thesis for the degree Master of Seience[J].Universty of California.SAND IEGO,2003
27.Kevin J Houleetal.Trends in Denial of Service Attack Teehnology.CERT(r) Coordination Center[EB/OL].http://www.eert.org/arehive/pdf/DoS-trends.pdf.2000.
28.K Park,H Lee.On the effectiveness of probabilistic paeketmarking for IP traceback under denial of service attack[R].IEEE IN-FOCOM'01,Anchorage,Alaska,2001
29.K Park,H Lee.On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets[R].SIGCOMM'01,San Diego,California,August 27-31,2001,
30.Lanra Feinstein,Dan Schnackenberg.Statistical approaches to DDoS attack detection and response[J].The DARPA Information Survivability and Exposition,Washington,DC,2003.IEEE,2003:1-10
31.L Garter.Denial-of-Service Attacks Rip the Internet[J].Computer,Apr.2000,vol.33(4):12-17.
32.MkR,XiaoFeng Wang."Mitigating bandwidth-exhaustion attacks using Congestion puzzles[R]."in Proceedings of the llth ACM conference on Computer and communications secufity(CCS'04),Washington DC,USA,Oetober 2004,pp 257-267.
33.Mirkovic J,Prier G.Attacking DDoS at the source[R].In:Proceeding of the 10th IEEE International Conference on Network Protocols,Pads,France,2002:312-321.
34.Norros L.IEEE Journal of Selected Area in Communications [J],Aug.1995,13(6):953-962
35.P.Ferguson and D.Senie.Network Ingress Filtering:Defeating Denial of Service Attacks which Employ IP Source Address Spoofmg[J]."RFC 2827,May 2000
36.Peng Ning.A Little Background on Trace Back[EB/OL]:htt'p://discovery.csc.ncsu.edu/Courses/csc774-S03/on-trace-back.pdf,2003.
37.Ratul Mahajan,Steven M,Bellovin,Sally Floyd,John Ioannidis,Vem Paxson,and Scott Shenker.Controlling High Bandwidth Aggregates in the Network[J],ACM SIGCOMM Computer Communication Review,2002,32(3):62-73.
38.R Talpade,G Kim,and S Khurana."Nomad Traffic-based network monitoring framework for anomaly detection[J]." In the Fourth IEEE Symposium on Computers and Communications,1999:442-451.
39.Staff.AGC,ARPA.There for kids at Sunshine Acres.Association across the Southwest honor their outstanding members and two Arizona Associations step to aid children[J].Southwest Contractor,2004,66(2):53-56.
40.S Branigan,H Burch,B Cheswick,and F Wojcik."What can you do with Traceroute Internet Computing[J]."IEEE,2001,5(5):96-100.
41.S Savage,D Wetherall,A Karlin,et al.Network support for IP traceback[J].IEEE/ACM Transaction on Networking,2001,19(3):226-237.
42.Savage S,Wetherall D,Karlin A,Anderson T.Practical network support for IP traceback[R].In:Proc.of the 2000 ACM SIGCOMM Conf.2000.295-306.
43.T.Aura,P.Nikander,and J.Leiwo.DOS-Resistant Authentication with Client Puzzles[J],Lecture Notes in Computer Science,2001,2133(3):170-177.
44.Yen-Hung Hu,Hongsik Choi,Hyeong-Ah Choi.Packet filtering to defend flooding-based DDoS attacks[J].Advances in Wired and Wireless Communication,April,2004,26(27):39-42.
45.蔡弘,陈惠民,李衍达.一种新型的通信网络突发业务建模方法-自相似业务[J].通信学报,1997,18(11):55-59.
46.陈波,于洽.DDoS攻击原理与对策的进一步研究[J].计算机工程与应用.2001.10.
47.陈伟.针对TCP协议的分布式拒绝服务攻击的防范方法研究[D],湖北省武汉:武汉大学,博士学位论文,2005,10。
48.樊康新.DDoS攻击的技术分析及防范策略研究[J],南通大学学报(自然科学 版),2005,4(3):51-53.
49.高永强,郭世铎.网络安全技术与应用大典[M].北京:清华大学出版社,2003:207-231.
50.顾晓清.DDoS攻击及其追踪方案的研究[D].江苏省无锡市:江南大学硕士论文,2006.
51.刘传斌,骆旭林.基于历史过滤的DDoS防御模型[J],商业IT,2005,19:76-77.
52.李德全,徐一丁,苏璞睿,冯登国.II)追踪中的自适应包标记[J],电子学报,2004,32(8):1335-1337.
53.刘峰,范松波,周斌.DDoS攻击报文过滤器在Linux防火墙中的应用[J].长沙通信职业技术学院学报,2005,4(3):30-35.
54.李旺,吴礼发等.分布式网络入侵检测系统NetNumen的设计与实现[J].软件学报,2002,13(8):1723-1728.
55.任建国.拒绝服务攻击的研究[D].上海:复旦大学硕士学位论文,2001
56.王凌云.分布式拒绝服务攻击DDoS及其防范[J].计算机辅助工程,2004,Mar:74-80.
57.魏军,连一峰,戴英侠,李闻,鲍旭华.基于路由器矢量边采样的IP追踪技术研究[J].软件学报,2007,18(11):2530-2840.
58.夏春和,王海泉,吴震,王继伟.攻击源定位问题的研究[J].计算机研究与发展,2003,40(7):1021-1027.
59.徐烙,徐明伟,吴建平.分布式拒绝服务攻击研究综述[M]小型微型计算机系统.2004.25(3):337-346.
60.徐一丁.'DDoS攻击原理及防范”,天极网.2003.
61.姚淑萍,胡昌震.基于负载预测的分布式拒绝服务攻击检测方法研究[J].科技导报,2005,23(9):11-13.
62.杨余旺,孙亚民.分布式拒绝服务攻击的实现机理及其防御研究[J].计算机工程与设计,2004,25(5):657-660.
63.钟金,窦万峰,朱恩霞.基于源的DDoS攻击的检测与防御技术[J].计算机应用与软件,2005,22(10):26-27.
64.庄肖斌,芦康俊,王理,卢建芝,李鸥.一种基于流量统计的攻击检测方法[J].计算机工程,2004,30(22):127-128.