[1]闫巧.基于Bloom 滤波器的IP源地址假冒过滤[J].深圳大学学报理工版,2009,26(2):132-136.
 YAN Qiao.IPsourceaddressspoofingfilteringbasedonBloomfilter[J].Journal of Shenzhen University Science and Engineering,2009,26(2):132-136.
点击复制

基于Bloom 滤波器的IP源地址假冒过滤()
分享到:

《深圳大学学报理工版》[ISSN:1000-2618/CN:44-1401/N]

卷:
第26卷
期数:
2009年2期
页码:
132-136
栏目:
电子与信息工程
出版日期:
2009-04-30

文章信息/Info

Title:
IPsourceaddressspoofingfilteringbasedonBloomfilter
文章编号:
1000-2618(2009)01-0132-05
作者:
闫巧
深圳大学计算机与软件学院,深圳 518060
Author(s):
YAN Qiao
College of Computer Science and Software Engineering,Shenzhen University,Shenzhen 518060,P. R. China
关键词:
Bloom 滤波器 IP源地址假冒分布式拒绝服务攻击网络安全攻击源定位
Keywords:
Bloom filterIP source address spoofing filterdistribution denial of sarvice(DDoS)network securitytracing attack
分类号:
TP 393.08
文献标志码:
A
摘要:
提出将Bloom 滤波器结构应用到IP源地址假冒过滤技术中.利用Bloom 滤波器存储的紧凑性,提高过滤效率,减少过滤成本.给出其伪代码,通过采集深圳大学城网络中心数据进行实验验证.实验结果表明,该方法简捷有效,且易于推广.
Abstract:
The structure of Bloom filter was applied to IP source address spoofing filter technique, which needs to maintain a profile database. The efficiency of filter was determined by the size of the profile database. Due to the compactness in storage and rapidness in lookup, Bloom filter was introduced to reduce the storage and detection time of the profile database. The implementation and pseudo code of Bloom filer over IP source address spoofing were presented. The experiment results have demonstrated that this proposed filter is effective and feasible in comparison with the traditional methods.

参考文献/References:

[1]Ferguson P,Senie D. RFC 2267. 网络入口过滤:战胜利用IP地址假冒的拒绝服务攻击[R]纽约:互联网协会,2000(英文版).
[2]Anat Bremler-Barr,Hanoch Levy. 假冒阻止方法[C]//INFOCOMM 2005,第24届计算机通信年会会议论文集. 迈阿密:IEEE,2005(1):536-547(英文版).
[3]Park K,Lee H. 在符合幂率的因特网上基于路由器的包过滤方法对于分布拒绝攻击的效果[J].ACM SIGCOMM计算机通信评论,2001,31(4):15-26(英文版).
[4]LI Jun,Mirkovic Jelena,WANG Meng-qiu,等. SAVE:源地址验证执行协议[C]//IEEE INFOCOMM 2002,第21届计算机通信年会会议论文集.纽约:IEEE,2002(3):1557-1566(英文版).
[5]WANG Hai-ning,Cheng Jin,Kang G Shin. 使用跳数过滤防止IP源地址假冒[J]. IEEE/ACM 网络汇刊,2007,15(1): 40-53(英文版).
[6]Yaar A,Perrig A,Song D. Pi:战胜分布拒绝服务攻击的路径识别机制[C]//2003年IEEE 安全和隐私研讨会会议论文集.华盛顿:IEEE计算机学会,2003:93-107(英文版).
[7]Abraham Yaar,Adrian Perrig,Dawn Song.SIFF:减少分布拒绝服务攻击的无状态因特网流过滤[C]// 2004年IEEE安全和隐私研讨会会议论文集.华盛顿:IEEE计算机学会,2004:130-144(英文版).
[8]Abraham Yaar,Adrian Perrig, Dawn Song. FIT:快速因特网追踪[C]//IEEE INFOCOM,第24届计算机通信年会会议论文集,纽约:IEEE,2005(2):1395-1406(英文版).
[9]Abraham Yaar,Adrian Perrig,Dawn Song. StackPi:新的用于分布拒绝服务攻击和IP假冒防御的包标记和过滤机制[J]. IEEE通信精选汇刊,2006,24(10):1853-1863(英文版).
[10]Burton H Bloom. 在允许误差范围内的时间和空间折衷的哈希编码[J]. ACM通信,1970,13(7):422-426(英文版).
[11]Matei Ripeanu,Adriana Iamnitchi. Bloom 滤波器简明教程[EB/OL].[2007-09-01]. http://people.cs.uchicago.edu/~matei/PAPERS/bf.doc (英文版).
[12]肖明忠,代亚非,李晓明. 拆分型Bloom 滤波器[J]. 电子学报,2004,32(2) :241-245.
[13]Andrei Broder,Michael Mitzenmacher. Bloom 滤波器的网络应用:综述[J]. 国际数学,2005,1(4):485-509 (英文版).
[14]Ying Jin,Steven Wallace. SNORT的预处理插件: IP假冒检测器.[2007-09-17]. http://www.anml.iu.edu/PDF/Automatic_Spoof_Detector.pdf(英文版).


[1]Ferguson P,Senie D. Network ingress filtering:defeating denial of service attacks which employ IP source address spoofing[R].RFC 2827,NY: The Internet Society,2000.
[2]Anat Bremler-Barr,Hanoch Levy. Spoofing prevention method[C]// INFOCOMM 2005,24th Annual Joint Conference of the IEEE Computer and Communications Societies,Miami:IEEE,2005(1):536-547.
[3]Park K,Lee H. On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets[J]. ACM SIGCOMM Computer Communication Review,2001,31(4):15-26.
[4]LI Jun,Mirkovic Jelena,WANG Meng-qiu,et al. SAVE:source address valididty enforcement protocol[C]//INFOCOMM 2002,21th Annual Joint Conference of the IEEE Computer and Communications Societies,NY:IEEE,2002(3):1557-1566.
[5]WANG Hai-ning,Cheng Jin,Kang G Shin. Defense against spoofed IP traffic using hop-count filtering[J]. IEEE/ACM Transactions on Networking,2007,15(1):40-53.
[6]Yaar A,Perrig A,Song D. Pi:a path identification mechanism to defend against DDoS attacks[C]// Proceedings of the 2003 IEEE Symposium on Security and Privacy. Washington D C:IEEE Computer Society,2003:93-107.
[7]Abraham Yaar,Adrian Perrig,Dawn Song. SIFF:a stateless Internet flow filter to mitigate DDoS flooding attacks[C]//IEEE Symposium on Security and Privacy,Washtngton DC:IEEE Computer Society,2004:130-144
[8]Abraham Yaar,Adrian Perrig,Dawn Song. FIT:fast internet traceback[C]//INFOCOM 2005,24th Annual Joint Conference of the IEEE Computer and Communications Societies,NY:IEEE,2005(2):1395-1406.
[9]Abraham Yaar,Adrian Perrig,Dawn Song. StackPi:new packet marking and filtering mechanism for DDoS and IP spoofing defense[J]. IEEE Journal on Selected Areas in Communications,2006,24(10) :1853-1863.
[10]Burton H Bloom. Space/time tradeoffs in hash coding with allowable errors[J]. Communications of the ACM,1970,13(7):422-426.
[11]Matei Ripeanu,Adriana Iamnitchi. Bloom filters:short tutorial.[EB/OL].[2007-09-01]. http://people.cs.uchicago.edu/~matei/PAPERS/bf.doc.
[12]XIAO Ming-zhong,DAI Ya-fei,LI Xiao-ming. Split Bloom filter[J]. Acta Electronica Sinica,2004,32(2) :241-245(in Chinese).
[13]Andrei Broder,Michael Mitzenmacher. Network application of Bloom fiters:a survey[J]. Internet Mathematics,2005,1(4):485-509.
[14]Ying Jin,Steven Wallace. A preprocessor plugin for SNORT: IP spoof detector.[2007-09-17]http://www.anml.iu.edu/PDF/Automatic_Spoof_Detector.pdf

备注/Memo

备注/Memo:
收稿日期:2007-09-17;修回日期:2008-07-02
基金项目:国家重点基础研究发展计划资助项目(2003CB314805);国家自然基金委-广东省人民政府联合基金资助项目(U0675001)
作者简介:闫巧(1972-),女(汉族),广西壮族自治区资源县人,深圳大学副研究员、博士.E-mail:yanq@szu.edu.cn
更新日期/Last Update: 2009-05-15