邢光林,陈璟,余俊乐,侯睿.命名数据网络中基于包标记的Interest泛洪攻击缓解研究[J].中南民族大学学报自然科学版,2021,40(2):204-209
命名数据网络中基于包标记的Interest泛洪攻击缓解研究
Research on Interest Flooding Attack mitigation based on packet marking in NDN
  
DOI:10.12130/znmdzk.20210215
中文关键词: 命名数据网络  Interest泛洪攻击  包标记  攻击溯源
英文关键词: Named Data Networking  Interest Flooding Attack  packet marking  attack source traceback
基金项目:国家自然科学基金资助项目(61972424);中央高校基本科研业务费专项资金资助项目(CZT20025);
作者单位
邢光林 中南民族大学 计算机科学学院武汉 430074 
陈璟 中南民族大学 计算机科学学院武汉 430074 
余俊乐 中南民族大学 计算机科学学院武汉 430074 
侯睿 中南民族大学 计算机科学学院武汉 430074 
摘要点击次数: 96
全文下载次数: 41
中文摘要:
      命名数据网络因其关注请求对象本身而非地址并具有网间缓存等特点,得到了学术界的肯定. 但在Interest泛洪攻击中,攻击者恶意占用PIT表等资源,导致其拒绝对合法用户服务,从而使网络遭受严重危害. 针对基于熵的Interest泛洪攻击防御方案在定位攻击源、网络开销方面存在的不足,提出一种基于包标记的缓解方法.该方法通过让Interest包携带边缘路由器信息,在检测到攻击并找出恶意前缀后对攻击源进行定位,然后向下游路由器发送溯源数据包,从而对攻击者采取限制措施. 仿真结果表明:本文方法可以更加精确地定位攻击源并有效地降低网络中的开销
英文摘要:
      Named Data Networking(NDN) has been recognized by academic circles because it pays attention to the request object itself rather than the address and has the characteristics of inter-network cache. However, in Interest Flooding Attack(IFA), the attacker maliciously occupies resources such as the pending interest table(PIT) and causes it refusing to serve legitimate users, thus brings serious harm to the network. Aiming at the deficiency of entropy-based IFA defense scheme in locating attack source and network overhead, a mitigation method based on packet marking is proposed. This method locates the attack source after detecting the attack and finding the malicious prefix by attaching the information of the edge router to the Interest packets, and then sends traceable packets to the downstream routers to take restrictive measures against the attacker. Simulation results show that this method can locate the attack source more accurately and effectively reduce the overhead in the network.
查看全文   查看/发表评论  下载PDF阅读器
关闭