一种基于排队论的DoS攻防绩效评估方法

doi:10.7523/j.issn.2095-6134.2010.1.014

中国科学院大学学报 ›› 2010, Vol. 27 ›› Issue (1): 107-116.DOI: 10.7523/j.issn.2095-6134.2010.1.014

一种基于排队论的DoS攻防绩效评估方法

王必达¹, 连一峰^2,3

1. 中国科学院研究生院信息安全国家重点实验室,北京 100049;;
2. 中国科学院软件研究所,北京 100190;
3. 信息安全共性技术国家工程研究中心,北京 100080

收稿日期:2009-05-15 修回日期:2009-07-28 发布日期:2010-01-15
通讯作者: 王必达
基金资助:
国家自然科学基金项目(60970028)和国家863基金项目(2007AA01Z475,2007AA01Z465,2007AA01A414)资助 

An efficiency evaluation methodology of DoS attack and defense mechanisms based on queueing theory

WANG Bi-Da¹, LIAN Yi-Feng^2,3

1. State Key Laboratory of Information Security, Graduate University of the Chinese Academy of Sciences,Beijing 100049,China;
2. Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;
3. National Engineering Research Center of Information Security(NERCIS), Beijing 100080, China

Received:2009-05-15 Revised:2009-07-28 Published:2010-01-15

摘要/Abstract

摘要：

提出了一种新的基于排队论的DoS攻防绩效评估方法. 针对不同种类DoS攻防手段建立了统一的指标体系和绩效计算方法,基于排队论方法分别建立评估模型,对UDP Flood和SYN Flood攻击的绩效进行不包含主观因素的定量评估,分析不同攻击手段和强度的有效性. 针对典型DoS攻防场景,利用网络仿真工具进行模拟,通过实验与模型推导结果对比验证了排队论模型的合理性,并阐述了此方法在不同类型DoS攻防手段中的应用.

关键词: 排队论, DoS攻防手段, 指标体系, 绩效评估

Abstract:

This paper presents a new efficiency evaluation methodology of DoS attack and defense mechanisms based on queueing theory. The unified index system and evaluation algorithm were proposed for various types of DoS attack and prevention. We also built queueing models to do the quantitative assessment and analyze objectively the efficiency of UDP Flood and SYN Flood. Network simulation tools were used in typical DoS attack scenarios. The rationality of the queueing models is verified through comparison of the experimental data with the results derived by the models. In addition, the utilization of this evaluation method in efficiency comparison of different types of DoS attack and defense mechanisms is illuminated through examples.

Key words: queueing theory, DoS attack and defense mechanisms, index system, efficiency evaluation

中图分类号:

TP309

王必达, 连一峰. 一种基于排队论的DoS攻防绩效评估方法[J]. 中国科学院大学学报, 2010, 27(1): 107-116.

WANG Bi-Da, LIAN Yi-Feng. An efficiency evaluation methodology of DoS attack and defense mechanisms based on queueing theory[J]. , 2010, 27(1): 107-116.

参考文献

[1] Mirkovic J, Hussain A, Wilson B, et al. A user-centric metric for denial-of-service measurement //Experimental Computer Science on Experimental Computer Science. Berkeley, CA, USA: USENIX Association, 2007: 7.

[2] Su P, Chen X, Tang H. DoS attack impact assessment based on 3GPP QoS indexes //Proceedings of the 2008 3rd International Conference on Innovative Computing Information and Control Volume 00. Washington, DC, USA: IEEE Computer Society, 2008: 103.

[3] Aburrous M, Hossain M, Thabatah F, et al. Intelligent quality performance assessment for E-Banking security using fuzzy logic //Proceedings of the Fifth International Conference on Information Technology. New Generations, Washington, DC, USA: IEEE Computer Society, 2008: 420- 425.

[4] Chen T W, Sortais M, Schafer M, et al. Performance analysis of a denial of service protection scheme for optimized and QoS-aware handover
[J]. Computer Networks: The International Journal of Computer and Telecommunications Networking, 2005, 49(3):449- 464.

[5] Yin Q. Research of SIP DoS attack defense mechanism based on queue theory
[J]. Journal of Chongqing University of Posts and Telecommunications (Natural Science Edition), 2008, 20(4):471- 474 (in Chinese). 殷茜. 基于排队论的SIP DoS攻击防御机制的研究
[J]. 重庆邮电大学学报:自然科学版, 2008, 20(4):471- 474.

[6] Wang Y, Lin C, Li Q, et al. A queueing analysis for the denial of service (DoS) attacks in computer networks
[J]. Computer Networks: The International Journal of Computer and Telecommunications Networking, 2007, 51(12):3564-3573.

[7] Bellaiche M, Gregoire J. Measuring defense systems against flooding attacks //Wireless Communications and Mobile Computing Conference. 2008: 600- 605.

[8] Zhang S J, Li J H, Chen X Z, et al. Method research for defending against distributed denial-of-service attacks based on dynamic game theory
[J]. Journal of Shanghai Jiaotong University, 2008, 42(2):198-201 (in Chinese). 张少俊, 李建华, 陈秀真, 等. 基于动态博弈理论的分布式拒绝服务攻击防御方法 . 上海交通大学学报, 2008, 42(2):198-201.

[9] Shi P, Lian Y F. Game-theoretical effectiveness evaluation of DDoS defense //The Seventh International Conference on Networking. 2008: 427- 433.

[10] Willig A. A short introduction to queueing theory
[M]. Technical University Berlin, 1999.

[11] Tijms H. New and old results for the M/D/c queue
[J]. AEU-International Journal of Electronics and Communications, 2006, 60(2):125-130.

[12] Bertsekas D P, Gallager. Data networks
[M]. 2nd edition. Prentice Hall, 1992.

[13] Fall K, Varadhan K. The ns manual . 2009- 01- 06 05- 01]. http://www.isi.edu/nsnam/ns/doc/index.html.

[14] Fui-Hoon F, Nah. A study on tolerable waiting time: how long are web users willing to wait?
[J]. Behaviour & Information Technology, 2004, 23(3):153.

[15] Thomas R. UNIX IP stack tuning guide . 2000-12- 03 05- 01]. http://www.cymru.com/Documents/ip-stack-tuning.html.

一种基于排队论的DoS攻防绩效评估方法

An efficiency evaluation methodology of DoS attack and defense mechanisms based on queueing theory

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 3

编辑推荐

Metrics

本文评价

访问统计

联系我们

[1]	鲍超, 罗奎. 中国省会城市低碳发展水平的综合测度及分析[J]. 中国科学院大学学报, 2013, 30(4): 497-503.
[2]	贾若祥, 侯晓丽, 刘毅. 中国省级地区可持续发展能力综合指标评价(英文)[J]. 中国科学院大学学报, 2004, 21(1): 63-70.
[3]	贾若祥. 地区产业竞争力评价方法及其应用——以济南、青岛为例[J]. 中国科学院大学学报, 2002, 19(2): 116-120.