Filter location selection method for bandwidth consumption attacks

A technology for filtering location and bandwidth consumption, applied in transmission systems, electrical components, etc., can solve problems such as network performance impact and large economic losses, and achieve the effect of minimizing bandwidth resources, improving efficiency, and reducing state space

Active Publication Date: 2019-12-06
NORTHEASTERN UNIV LIAONING
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] There is still a problem in the defense process: after the attack, the longer it takes to restore normal services, the greater the economic loss caused. In the current packet filtering mechanism, packet filtering and IP traceability are carried out simultaneously, which can Rapid response to attack, enhanced defense effect (such as "K.Argyraki and Cheriton.RD.Scalable network-layer defense against internetbandwidth-flooding attacks[J].IEEE / ACM Transactionson Networking,2009,17:1284-1297.", "D .Seo,H.Lee and A.Perig.PFS: probability filter scheduling against distributeddenial-of-service attacks[J].inProc.ofLocal Computer Networks,2011:9-17. "M.S Fallah and N.Kahani, TDPF: atraceback-based distributed packet filter to mitigate spoofed DDoS attacks[J], Security and Communication Networks, 2014. "M.Sung.and J.Xu, IP traceback-based intelligent packet filtering: a noveltech-nique for defending against Internet DDoS attack[J], IEEE / ACM Transaction on Paralell and Distributed Systems, 2003, 14:861-872.")
However, if the scale of the bot attack network continues to increase, exceeding Moore's Law, the number of filtering routes that need to be opened will also increase, which will have a great impact on network performance.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Filter location selection method for bandwidth consumption attacks
  • Filter location selection method for bandwidth consumption attacks
  • Filter location selection method for bandwidth consumption attacks

Examples

Experimental program
Comparison scheme
Effect test

experiment example

[0077] Experimental example: figure 1 is a given attack network (which can be constructed using the traceability method), figure 2 is the corresponding defense model. After an in-depth analysis of the attack behavior, the bandwidth-exhausting attack network can be defined as a multi-source and single-sink graph, denoted as G S ={V S , L S ,S S ,D S , R S ,F S ,C S , T S}, where, G S Indicates attack network, V S Indicates the attack network G S The set of nodes in L s Indicates the attack network G S The set of links in S s Indicates the attack network G S The set of attack sources in D s Indicates the attack network G S The root node in R S Indicates the attack network G S The set of attack flow rates in F S Represents the relationship set of nodes and attack paths in the attack network, C S Indicates the attack network G S The bandwidth utilization rate of the medium link, T s Indicates the actual flow set of each link.

[0078] Among them, the set ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a filtering position selection method against bandwidth consumption-type attacks. The method comprises the following steps: a link congestion complete dependency set CDSset for routing nodes in an attack tree is built; according to an upstream and downstream dependency relation for the link in the link congestion complete dependency set CDSset, a corresponding link congestion dependency tree is built; all link congestion dependency trees form a link congestion dependency forest; and leaf routing nodes in each link congestion dependency tree in the link congestion dependency forest are the optimal filtering positions of the routing nodes in the attack tree against bandwidth consumption-type attacks. Through adopting the filtering position selection method of the invention, the existing filtering strategy can be used for 25% filtering the routing nodes to clear all congestion links, the two are balanced, and network delay caused by router filtering can be greatly reduced.

Description

technical field [0001] The invention relates to a method for defending against bandwidth consumption attacks, in particular to a filtering location selection method for bandwidth consumption attacks. Background technique [0002] The rapid development of the Internet has greatly facilitated people's lives and promoted the progress of many aspects of society, but the security problems that accompanies the development of the Internet should not be underestimated. We know that in the IP protocol, the host only has the identification information of the IP address, so when the sender changes his IP address to send information to the receiver, the receiver must accept the information and then make a decision because he cannot distinguish its authenticity. Denial of Service attack (Denial of Service attack, DoS attack) is exactly to utilize such protocol loophole (being " Lee.J.Scalable multicast based filtering and tracing framework for defeating distributed DoS attacks [J].Int.J....

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1458H04L63/205
Inventor 鲁宁崔锴倩
Owner NORTHEASTERN UNIV LIAONING
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products