oalib
Search Results: 1 - 10 of 100 matches for " "
All listed articles are free for downloading (OA Articles)
Page 1 /100
Display every page Item
Research on ant colony optimization in defending DDoS attacks of P2P network
蚁群优化在P2P网络防范DDoS攻击中的应用研究*
LI Jun-qing,PAN Quan-ke,WANG Wen-hong,ZUO Feng-chao,LI Yuan-zhen,XIE Sheng-xian,
李俊青,潘全科,王文宏,左凤朝,李元振,谢圣献
计算机应用研究 , 2009,
Abstract: This paper discussed the DDoS attack process in P2P network.With introduction of ant colony idea,created a pheromone table for every peer in P2P network named resource-similarity pheromone table. Based on this pheromone table,created a new defending DDoS attacks model named AntDA,discussed three polices used in AntDA model.The new AntDA model is simulated on the QueryCycleSimulator platform, and its performance is excellent.
An Adaptive Approach for Defending against DDoS Attacks
Muhai Li,Ming Li
Mathematical Problems in Engineering , 2010, DOI: 10.1155/2010/570940
Abstract: In various network attacks, the Distributed Denial-of-Service (DDoS) attack is a severe threat. In order to deal with this kind of attack in time, it is necessary to establish a special type of defense system to change strategy dynamically against attacks. In this paper, we introduce an adaptive approach, which is used for defending against DDoS attacks, based on normal traffic analysis. The approach can check DDoS attacks and adaptively adjust its configurations according to the network condition and attack severity. In order to insure the common users to visit the victim server that is being attacked, we provide a nonlinear traffic control formula for the system. Our simulation test indicates that the nonlinear control approach can prevent the malicious attack packets effectively while making legitimate traffic flows arrive at the victim.
Defending Against DDoS Attacks in Bloom Filter based Multicasting  [PDF]
Xiaohua Tian,Wei Liu,Yu Cheng
Computer Science , 2015,
Abstract: Bloom filter (BF) based forwarding is an effective approach to implement scalable multicasting in distributed systems. The forwarding BF carried by each packet can encode either multicast tree or destination IP addresses, which are termed as tree oriented approach (TOA) and destination oriented approach (DOA), respectively. Recent studies have indicated that TOA based protocols have serious vulnerabilities under some distributed denial-of-service (DDoS) attacks, and raised doubt about deployability of BF based multicasting. However, security analysis for DOA based protocols is still unavailable. In this paper, we present a systematic analysis of security performance of BF based multicasting. Important DDoS attacks and the corresponding defending mechanisms are studied in the context of DOA. We have positive findings that DOA, with convenient enhancement, has a robust performance in resisting a variety of DDoS attacks that can deny service of TOA based protocols. Moreover, we reveal that TOA based protocols are prone to flow duplication attack when applied in the data center network (DCN). We propose a dynamic-sized BF mechanism to defend against flow duplication attack for TOA based protocols in the DCN. Simulation results are presented to validate our theoretical analysis.
A Model for Defending against DDoS Attacks based on Mobile-agent
基于Mobile-Agent的DDoS攻击防御模型
YE Qian,ZHANG Ji-wen,
叶茜,张基温
计算机应用 , 2006,
Abstract: A model for defending against DDoS(Distributed Denial of Service) attacks based on mobile agent was proposed,using the technique of packet marking and mobile agent.This model can minimize the damage of the DDoS attacks in the ISP domain.The model has a good anti-attack character by mobile agent's tolerant ability and the components can resist the DDoS attack.Finally,the implementation of the model was discussed.
DDOS Attack Detecting and Defending Model
DDOS攻击检测和防御模型
SUN Zhi-Xin,JIANG Ju-Liang,JIAO Lin,
孙知信,姜举良,焦琳
软件学报 , 2007,
Abstract: This paper presents the APA-ANTI-DDoS(aggregate-based protocol analysis anti-DDoS)model to detect and defend the DDoS attack.APA-ANTI-DDoS model contains the abnormal traffic aggregate module,the protocol analysis module and the traffic processing module.The abnormal traffic aggregate module classifies the network traffic into normal traffic and the abnormal traffic;the protocol analysis module analyzes the potential features of DDoS attack traffic in the abnormal traffic;the traffic processing module filters the abnormal traffic according to the current features of DDoS attack,and resumes the non-attack traffic with the help of testing the congestion control feature of the traffic.The paper then implements the APA-ANTI-DDoS system.The experimental results show that APA-ANTI-DDoS model can primely detect and defend DDoS attack and resume the non-attack traffic at the time of miscarriage of justice to guarantee the legal communication traffic.
Method of defending against DDoS attacks based on real time consideration in IPv6 network
一种IPv6环境下实时DDoS防御方法
WU Tao,XIE Dong-qing,
吴涛,谢冬青
计算机应用研究 , 2008,
Abstract: The majority of existing DDoS defense methods are based on IPv4, and their real-time characteristic of thwarting DDoS attacks needs to be improved. The paper proposed a novel method of defending against DDoS attacks on a real-time basis in IPv6 network under these circumstances. At a word, its working process was composed of three steps.In the first step, created decision-making criterion trees in the autonomic systems in which victim servers were. The next step was to inspect the trees for DDoS attacks continually, according to Decision-making Criterion 1 and 2. Once DDoS attacks were detected, filtering messages would be sent. Finally, after receiving the messages, the involved entities started blocking attack traffic near victims and attackers in order to protect victim servers. It is proved by experiment that the method can distinguish attack traffic from normal traffic in a second and then filter illegitimate packets. It also can defend against multiple attack sources effectively. Besides, it can distinguish between attack traffic and heavy legitimate traffic accurately, and determine the attack-originating autonomic systems(even subnets) without reconstructing attack paths.
Study on defense of unstructured and uncentralized P2P network DDoS attacks
非结构去中心化的P2P网络DDoS攻击的防御研究
XU Xiao-dong,LI Gang,YANG Yan,
许晓东,李 刚,杨 燕
计算机应用研究 , 2012,
Abstract: As unstructrured and uncentralized P2P network might be the engine of DDoS attacks, this paper proposed a theory of using AIS to isolate the malicious node from the P2P network. With AIS in a node and the nature relationship between antigens and antibodies and the continue evolution of antibodies, the node could detect malicious node by calculating the appetency of request result cycle queue of the node that returned resource information and the node'detector in real time in the unstructured and uncentralized P2P network. It did the experiment on the NS2 simulation platform by modifying the GnuSim plugin with AIS in the node of unstructured and uncentralized P2P network, and verified the model's feasibility. And the experiment indicates that the method can effectively reduce the degree of DDoS caused by malicious node in the unstructured and uncentralized P2P network.
Research on P2P-based DDoS attacks and their defense mechanism
基于P2P系统的DDoS攻击及其防御技术研究综述*
LIU Min-xi,YU Jie,LI Qiang,CHEN Zhi-xin,
刘敏霞,余杰,李强,陈志新
计算机应用研究 , 2011,
Abstract: P2P systems have been one of the most popular and successful network applications. For such systems that significantly involved so many users, the robustness and security must be evaluated carefully. In this paper, we first introduce the principle of exploiting P2P systems to perform DDoS attacks, and then classify existing researches as two types: active attacks and passive attacks. We summarize the defense solutions and describe them from four aspects: validation-based method, membership-based method, reputation-based method and victim method. Finally, we discuss the further directions of P2P-based attacks and their defense mechanism from the view of promoting the safety of P2P network and Internet.
Defending DDos Attacks Based on the Source and Destination IP Address Database
基于源目的IP地址对数据库的防范DDos攻击策略
SUN Zhi-Xin,LI Qing-Dong,
孙知信,李清东
软件学报 , 2007,
Abstract: This paper proposes a scheme to defend distributed denial of service attacks (DDos) based on the source and destination IP address database. The scheme establishes the source and destination IP address database (SDIAD) by observing the normal traffic and storages SDIAD in a three dimension Bloom Filter table. Then this paper cumulates and analyses the new pair of source and destination IP address based on the slide non-parametric cumulative sum (CUSUM) algorithm to detect the DDos attacks quickly and accurately. The secheme updates SDIAD by using a delayed update policy to keep SDIAD timely,accurate and robust. This secheme is mainly applied in the edge router and it can detect the DDos attacks efficiently either the edge router or the last-mile router is the first-mile router. The simulation results display that the secheme do a good performance in detecting DDos attacks.
Research of policy defending against P2P worm based on benign worm
基于良性蠕虫对抗P2P蠕虫的策略研究
LUO Wei-min,LIU Jing-bo,FAN Cheng-yu,
罗卫敏,刘井波,范成瑜
计算机应用研究 , 2009,
Abstract: Through P2P software's popularization P2P worm has been one of the greatest threats to P2P network security. P2P worm attacking neighbor nodes based on hit-list has some characteristics such as good concealment and high infection. This paper presented a new defense policy based on hybrid benign worm named automatic prior tend to high quality nodes(APTHQN). The APTHQN policy not only made use of the topology advantage of high quality nodes but also effectively adapted dynamic of P2P network. The simulation results show that benign worm using APTHQN policy can effectively defend propagation of P2P worm while consuming less network resources.
Page 1 /100
Display every page Item


Home
Copyright © 2008-2017 Open Access Library. All rights reserved.