%0 Journal Article
%T Stateless Filtering Based on Enhanced Capabilities<br>基于增强权证的无状态过滤机制
%A Jin Guang~
%A <br>金光
%A 杨建刚
%A 魏蔚
%A 董亚波
%J 电子与信息学报
%D 2008
%I 
%X Major defensive mechanisms against DoS attacks in the Internet are reviewed. Especially the most recent capabilities techniques, such as basic concepts, stateless flow filtering and the Traffic Validation Architecture (TVA), are analyzed deeply. The related discussions about the shortcomings of current capabilities techniques, such as potential Denial-of-Capability (DoC) attacks, decrement of transmission efficiency, are given in detail. Some improvement methods are provided. They include protecting capabilities requests with notifications, bi-level capabilities, flexible and dynamical capabilities assignment, etc. These methods enhance the robustness and efficiency of capabilities. Theoretical evaluations and simulations show that the improvements outperform original schemes and are more practical in the Internet.
%K Network security
%K DoS attacks
%K Stateless filtering
%K Capabilities<br>网络安全
%K 拒绝服务攻击
%K 无状态过滤
%K 权证
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=1319827C0C74AAE8D654BEA21B7F54D3&jid=EFC0377B03BD8D0EF4BBB548AC5F739A&aid=48355EF60E64A5FC0D985A03319C68D0&yid=67289AFF6305E306&vid=340AC2BF8E7AB4FD&iid=F3090AE9B60B7ED1&sid=991A1B87C8CBBB34&eid=8A7870C868F44860&journal_id=1009-5896&journal_name=电子与信息学报&referenced_num=1&reference_num=13