基于推回的网络带宽攻击检测与预防研究

Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI:10.1109/IAW.2004.1437847

Ningning Wu, Jing Zhang

{"title":"基于推回的网络带宽攻击检测与预防研究","authors":"Ningning Wu, Jing Zhang","doi":"10.1109/IAW.2004.1437847","DOIUrl":null,"url":null,"abstract":"Pushback approach has been applied for the detection and prevention against DDoS attacks by identifying the destination IP addresses in the dropped packets when congestion happens. The identified destination IP addresses are used to guide the subsequent packet dropping at both local router and upstream routers so that the total bandwidth can be controlled within a desired range. This paper investigates an application of pushback approach for the detection and prevention of more general network bandwidth attacks based on the profiles of destination port distribution instead of destination IP addresses. The new approach can be used to detect and prevent against the attacks like Internet worms. The investigation applies the long trace dataset of NLANR - CESCA-I and an Internet Worm Propagation simulator to simulate the generation of profiles and the detection of the Internet CodeRed worm. The dataset statistics and simulation results demonstrate the effectiveness of the new approach in the detection and prevention of Internet worms.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Investigation of pushback based detection and prevention of network bandwidth attacks\",\"authors\":\"Ningning Wu, Jing Zhang\",\"doi\":\"10.1109/IAW.2004.1437847\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Pushback approach has been applied for the detection and prevention against DDoS attacks by identifying the destination IP addresses in the dropped packets when congestion happens. The identified destination IP addresses are used to guide the subsequent packet dropping at both local router and upstream routers so that the total bandwidth can be controlled within a desired range. This paper investigates an application of pushback approach for the detection and prevention of more general network bandwidth attacks based on the profiles of destination port distribution instead of destination IP addresses. The new approach can be used to detect and prevent against the attacks like Internet worms. The investigation applies the long trace dataset of NLANR - CESCA-I and an Internet Worm Propagation simulator to simulate the generation of profiles and the detection of the Internet CodeRed worm. The dataset statistics and simulation results demonstrate the effectiveness of the new approach in the detection and prevention of Internet worms.\",\"PeriodicalId\":141403,\"journal\":{\"name\":\"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.\",\"volume\":\"5 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2004-06-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IAW.2004.1437847\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IAW.2004.1437847","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

当发生拥塞时，通过在丢弃的报文中识别目的IP地址，采用回推方法检测和防范DDoS攻击。识别出的目的IP地址用于指导后续在本地路由器和上行路由器上的丢包，从而将总带宽控制在理想的范围内。本文研究了一种基于目的端口分布而不是目的IP地址的推回方法在检测和预防更一般的网络带宽攻击中的应用。该方法可用于检测和防范网络蠕虫等攻击。本研究采用NLANR - CESCA-I的长跟踪数据集和互联网蠕虫传播模拟器来模拟配置文件的生成和互联网编码蠕虫的检测。数据集统计和仿真结果验证了该方法在检测和预防网络蠕虫方面的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Investigation of pushback based detection and prevention of network bandwidth attacks

Pushback approach has been applied for the detection and prevention against DDoS attacks by identifying the destination IP addresses in the dropped packets when congestion happens. The identified destination IP addresses are used to guide the subsequent packet dropping at both local router and upstream routers so that the total bandwidth can be controlled within a desired range. This paper investigates an application of pushback approach for the detection and prevention of more general network bandwidth attacks based on the profiles of destination port distribution instead of destination IP addresses. The new approach can be used to detect and prevent against the attacks like Internet worms. The investigation applies the long trace dataset of NLANR - CESCA-I and an Internet Worm Propagation simulator to simulate the generation of profiles and the detection of the Internet CodeRed worm. The dataset statistics and simulation results demonstrate the effectiveness of the new approach in the detection and prevention of Internet worms.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.

自引率

0.00%

发文量