Marginal probability packet marking method based on digital signature technology of combined public key

A technology of digital signature and edge probability, applied in digital transmission system, public key of secure communication, data exchange network, etc. Robustness and other issues to achieve security assurance, fast positioning speed, and reduce system overhead

Active Publication Date: 2009-06-03
NO 54 INST OF CHINA ELECTRONICS SCI & TECH GRP
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Source tracing requires a large number of marked attack packets, and the calculation is complex
[0006] 2. Not robust against multiple attacks
It is difficult to defend against multi-source DDoS attacks. When the number of attack sources exceeds 20, the calculation intensity required to reconstruct the attack path and the false reconstruction rate are very high.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Marginal probability packet marking method based on digital signature technology of combined public key
  • Marginal probability packet marking method based on digital signature technology of combined public key

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] refer to figure 1 , figure 2 . figure 1 It is a principle block diagram of an embodiment of marginal probability packet marking based on combined public key signature technology in the present invention. It includes an ingress filter module 1, a probability sampling module 2, a marked data packet module 3, a random number generation module 4, a marked signature module 5, an intrusion detection module 6, and a signature verification module 7. Examples of figure 1 Connection lines shown. The present invention comprises steps:

[0025] ①When the data packet sent by the user terminal enters the edge router, the edge router filters the tag field of the data packet. If a forged tag field is found, the tag field is corrected to the initial default value of all '0', otherwise the '0' is not cleared. 'processing, embodiment step ① by figure 1 The ingress filtering module in 1 is complete. The ingress filtering module 1 completes the filtering function of the tag field of ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a marginal probability packet marking method based on digital signature technology of combined public key, relating to the technology of locating an attack source by adding marks in a data packet in the filed of communication network security. A data packet from a local area network is sampled with a set probability, the sampled data packet is marked by ID information of a brink router, and digital signature based on the combined public key is carried out to guarantee the creditability of the marks. The location of the brink router is implemented by fetching the ID information of the brink router from the attack data packet having credible marks. The method has the advantages of simple implementation, compatibility with the existing protocol, quick tracking speed, postmortem analysis permission, no increase of extra network load, application to DDoS attack location, high security and the like, and is particularly applied to real-time or non-real-time tracking location of each attack source when low-speed or high-speed network suffers from flood attacks.

Description

technical field [0001] The invention relates to an edge probability packet marking method based on combined public key digital signature technology in the field of communication network security, and is especially suitable for real-time or non-real-time tracking and positioning of attack sources when low-speed / high-speed networks are attacked by DoS / DDoS. Background technique [0002] The basic idea of ​​the probabilistic packet marking (abbreviated as PPM) method proposed by Savage et al. in 2000 is that the intermediate router will mark the data packet with probability every time it receives a data packet, and the information content of the marking is the IP address information of the router. Victims can locate the ingress edge router at the attack end by collecting a large number of marked attack packets. Later, some improved algorithms of PPM reduced the number of marked attack packets required for positioning to a certain extent through certain measures, but the overall...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/30H04L9/32H04L12/56H04L12/26H04L29/06
Inventor 刘存才吴巍赵丽霞王俊芳杨国瑞妥艳君邓炜李丹镝李艳
Owner NO 54 INST OF CHINA ELECTRONICS SCI & TECH GRP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap