%0 Journal Article
%T Method of defending against DDoS attacks based on real time consideration in IPv6 network<br>一种IPv6环境下实时DDoS防御方法
%A WU Tao
%A XIE Dong-qing
%A <br>吴涛
%A 谢冬青
%J 计算机应用研究
%D 2008
%I 
%X The majority of existing DDoS defense methods are based on IPv4, and their real-time characteristic of thwarting DDoS attacks needs to be improved. The paper proposed a novel method of defending against DDoS attacks on a real-time basis in IPv6 network under these circumstances. At a word, its working process was composed of three steps.In the first step, created decision-making criterion trees in the autonomic systems in which victim servers were. The next step was to inspect the trees for DDoS attacks continually, according to Decision-making Criterion 1 and 2. Once DDoS attacks were detected, filtering messages would be sent. Finally, after receiving the messages, the involved entities started blocking attack traffic near victims and attackers in order to protect victim servers. It is proved by experiment that the method can distinguish attack traffic from normal traffic in a second and then filter illegitimate packets. It also can defend against multiple attack sources effectively. Besides, it can distinguish between attack traffic and heavy legitimate traffic accurately, and determine the attack-originating autonomic systems(even subnets) without reconstructing attack paths.
%K network security
%K DDoS attacks
%K defense techniques
%K IPv4
%K IPv6<br>网络安全
%K 分布式拒绝服务攻击
%K 防御技术
%K IPv4
%K IPv6
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=8240383F08CE46C8B05036380D75B607&jid=A9D9BE08CDC44144BE8B5685705D3AED&aid=065AB8DD45EB9EA1B34091338476CEF6&yid=67289AFF6305E306&vid=C5154311167311FE&iid=B31275AF3241DB2D&sid=A84288F223082930&eid=C04B8FC2EE0A3178&journal_id=1001-3695&journal_name=计算机应用研究&referenced_num=0&reference_num=7