基于域间路由的分布式分组过滤有效性研究
作者:
作者单位:

作者简介:

通讯作者:

基金项目:


Research on the Effectiveness of Distributed Packet Filtering Based on Inter-Domain Routing
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
    摘要:

    消除伪造源地址分组是互联网安全可信的内在要求.基于路由的分布式分组过滤具有良好的效果,但是目前对其有效性缺乏严密的理论分析.基于域间路由传播和互联网拓扑的分层特征,建立路由传播数模型和理想AS 图模型,以此为工具分析了基于域间路由的最大过滤和半最大过滤有效性.结论印证并从理论上解释了前人研究中的实验结果.最大过滤能够消除绝大多数的伪造分组,虽然无法达到100%,但可以将伪造成功的自治系统数量限制为互联网AS路径的平均长度.在理想AS图上,半最大过滤与最大过滤的有效性相同,但是存储和计算开销要小很多,为实际中部署半最大过滤提供了理论依据.理论模型分析揭示了基于域间路由的分布式分组过滤的内在优缺点,有助于设计辅助措施和在整个互联网全面而合理地部署.

    Abstract:

    Filtering the spoofed packets with a false source addresses is the inherent requirement of the trustworthy and secure Internet. Routing based distributed packet filtering is effective, but its effectiveness has no solid theory analysis. In this paper, based on the inter-domain route distribution and the hierarchy of the Internet topology, the study establishes the route distribution tree model and ideal AS graph model using these two models analyze the effectiveness of maximum filtering and semi-maximum filtering. The analysis results verify the former experimental results and figure out the theoretical explanation. Maximum filtering can filter out most spoofed packets. Though it cannot reach 100%, maximum filtering can limit the number of the successful spoofing AS to the average AS path length of the Internet. On the ideal AS graph, semi-maximum filtering has the same effectiveness as the maximum filtering and its storage and computing overhead is much lower than maximum filtering, which provides the theoretical basis to use it in practice. The model-based analysis points out the inherent features of the inter-domain routing based distributed packet filtering, which conduces to design the subsidiary mechanism and the overall deployment in the whole Internet.

    参考文献
    相似文献
    引证文献
引用本文

王立军.基于域间路由的分布式分组过滤有效性研究.软件学报,2012,23(8):2130-2137

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
历史
  • 收稿日期:2011-04-14
  • 最后修改日期:2011-11-02
  • 录用日期:
  • 在线发布日期: 2012-08-07
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号