网络攻击检测和缓解

2015 IEEE International Conference on Self-Adaptive and Self-Organizing Systems Workshops Pub Date : 2015-09-21 DOI:10.1109/SASOW.2015.33

Sangita Roy, A. Sairam

{"title":"网络攻击检测和缓解","authors":"Sangita Roy, A. Sairam","doi":"10.1109/SASOW.2015.33","DOIUrl":null,"url":null,"abstract":"Resource exhaustion attacks or denial of service attacks (DoS) have emerged as a major way to compromise the availability of servers and interrupt legitimate online services. IP trace back refers to the problem of identifying the source of such attacks. Packet marking is a general technique to trace back attackers. The main idea in packet marking is to insert some trace back data in each packet. The general technique used is to encode the IP address of the edge router into each incoming packet and store it in the 16-bit ID field of the IP packet header. Since information of a 32-bit field is converted to a 16-bit field, irrespective of the hash function used, collisions occur. This means there will be false positives (that is incorrectly identifying a legitimate user as attacker) and the problem will escalate as the size of the network increase. To avoid such collisions, we propose to explore the feasibility of using packet marks that is not directly dependant on the IP address of the packet.","PeriodicalId":384469,"journal":{"name":"2015 IEEE International Conference on Self-Adaptive and Self-Organizing Systems Workshops","volume":"126 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-09-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Network Attack Detection and Mitigation\",\"authors\":\"Sangita Roy, A. Sairam\",\"doi\":\"10.1109/SASOW.2015.33\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Resource exhaustion attacks or denial of service attacks (DoS) have emerged as a major way to compromise the availability of servers and interrupt legitimate online services. IP trace back refers to the problem of identifying the source of such attacks. Packet marking is a general technique to trace back attackers. The main idea in packet marking is to insert some trace back data in each packet. The general technique used is to encode the IP address of the edge router into each incoming packet and store it in the 16-bit ID field of the IP packet header. Since information of a 32-bit field is converted to a 16-bit field, irrespective of the hash function used, collisions occur. This means there will be false positives (that is incorrectly identifying a legitimate user as attacker) and the problem will escalate as the size of the network increase. To avoid such collisions, we propose to explore the feasibility of using packet marks that is not directly dependant on the IP address of the packet.\",\"PeriodicalId\":384469,\"journal\":{\"name\":\"2015 IEEE International Conference on Self-Adaptive and Self-Organizing Systems Workshops\",\"volume\":\"126 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-09-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 IEEE International Conference on Self-Adaptive and Self-Organizing Systems Workshops\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SASOW.2015.33\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE International Conference on Self-Adaptive and Self-Organizing Systems Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SASOW.2015.33","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

资源耗尽攻击或拒绝服务攻击(DoS)已经成为危害服务器可用性和中断合法在线服务的主要方式。IP溯源是指识别攻击源的问题。包标记是一种追踪攻击者的通用技术。数据包标记的主要思想是在每个数据包中插入一些回溯数据。一般使用的技术是将边缘路由器的IP地址编码到每个传入数据包中，并将其存储在IP数据包头的16位ID字段中。由于32位字段的信息被转换为16位字段，无论使用何种散列函数，都会发生冲突。这意味着会出现误报(即错误地将合法用户识别为攻击者)，并且问题会随着网络规模的增加而升级。为了避免这种冲突，我们建议探索使用不直接依赖于数据包IP地址的数据包标记的可行性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Network Attack Detection and Mitigation

Resource exhaustion attacks or denial of service attacks (DoS) have emerged as a major way to compromise the availability of servers and interrupt legitimate online services. IP trace back refers to the problem of identifying the source of such attacks. Packet marking is a general technique to trace back attackers. The main idea in packet marking is to insert some trace back data in each packet. The general technique used is to encode the IP address of the edge router into each incoming packet and store it in the 16-bit ID field of the IP packet header. Since information of a 32-bit field is converted to a 16-bit field, irrespective of the hash function used, collisions occur. This means there will be false positives (that is incorrectly identifying a legitimate user as attacker) and the problem will escalate as the size of the network increase. To avoid such collisions, we propose to explore the feasibility of using packet marks that is not directly dependant on the IP address of the packet.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2015 IEEE International Conference on Self-Adaptive and Self-Organizing Systems Workshops

自引率

0.00%

发文量