首页 | 本学科首页   官方微博 | 高级检索  
     

多管理域合作检测DDoS攻击的一个方法
引用本文:苏衡,鞠九滨. 多管理域合作检测DDoS攻击的一个方法[J]. 北京航空航天大学学报, 2004, 30(11): 1106-1110
作者姓名:苏衡  鞠九滨
作者单位:吉林大学 计算机科学与技术学院 长春 130012
基金项目:国家自然科学基金,吉林省自然科学基金
摘    要:为有效地防御分布式拒绝服务 DDoS(Distributed Denial of Service) 的 攻击,提出了基于多域间入侵检测系统 IDSs(Intrusion Detection Systems) 合作的攻击检测模型.围绕重要网络资源,构建了以〈路由器,IDS〉对为基础的闭合的IDS 合作环,通过环上节点间信息共享和合作组内的警报关联分析,能够在DDoS攻击数据包汇聚成致命攻击流之前捕获攻击特征并采取相关措施.提出了合作环组织方式、共享信息交换方式、警报关联算法以及各节点系统逻辑结构.利用原型多域合作入侵检测 MDCI(Multiple Domains Cooperative Intrusion-detection)系统实施了DDoS攻击实验,针对实验数据分析可以看出,合作环模型有效地提高了IDS系统对DDoS攻击的预警速度. 

关 键 词:入侵检测系统   分布式拒绝服务攻击   合作检测   闭合环
文章编号:1001-5965(2004)11-1106-05
收稿时间:2004-06-25
修稿时间:2004-06-25

Method of cooperative detecting DDoS attacks across multiple domains
Su Heng,Ju Jiubin. Method of cooperative detecting DDoS attacks across multiple domains[J]. Journal of Beijing University of Aeronautics and Astronautics, 2004, 30(11): 1106-1110
Authors:Su Heng  Ju Jiubin
Affiliation:School of Computer Science and Technology, Jilin University, Changchun 130054, China
Abstract:To prevent the DDoS(distributed denial of service) attacks effectivel y, a cooperative detection model was proposed based on the cooperation among the IDSs(intrusion detection systems) distributed in multiple administrative domai ns. Surrounding some valuable network assets, the enclosed defense ring was set up that consists of 〈IDS, Router〉 pairs with the IDS monitoring specific route r traffic. The IDSs reside in the ring were allotted to a cooperation group. With the information exchanging and alert correlating within the group, the signature s of DDoS attacks aimed at the network assets could be captured timely before th e overwhelming attack flooding aggregates. The construction method of cooperatio n rings, the information exchange mode, alerts correlation method and infrastruc ture of cooperative IDS entity were proposed. Some experiments were conducted wi th the MDCI(multiple domains cooperative intrusion-detection) system, a protot ype system. Results show that the prototype improves detection performance effec tively.
Keywords:intrusion detection system  distributed denial of service attack  cooperative detection  enclosed defense ring
本文献已被 CNKI 维普 万方数据 等数据库收录!
点击此处可从《北京航空航天大学学报》浏览原始摘要信息
点击此处可从《北京航空航天大学学报》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号