Journal of Software:2019.30(9):2791-2814

(东北大学 信息科学与工程学院, 辽宁 沈阳 110819;网络与交换技术国家重点实验室(北京邮电大学), 北京 100876)
Hierarchical Anti-Spoofing Alliance Construction Approach
LU Ning,LI Feng,WANG Shang-Guang,SHI Wen-Bo,YANG Fang-Chun
(College of Information Science and Engineering, Northeastern University, Shenyang 110819, China;State Key Laboratory of Networking and Switching Technology(Beijing University of Posts and Telecommunications), Beijing 100876, China)
Chart / table
Similar Articles
Article :Browse 1087   Download 923
Received:August 22, 2017    Revised:October 09, 2017
> 中文摘要: IP匿名是当前互联网协议中最具威胁的安全漏洞,它会引发一系列安全、管理和计费问题.基于对等过滤的域间源地址验证方法通过构建反匿名联盟,能够利用当前已广泛实现、轻量的Egress Filtering有选择性地将流向联盟成员的匿名包清理掉,在保证高效的同时兼具部署激励性.然而,现有方法存在以下问题:过于扁平化、单一化的联盟体系结构,使得其过滤器需求量和成员更新传播范围随联盟规模的扩张而急剧增大;过于随机的非成员判定方式和低效的数据处理方式,使得其过滤规则优化算法的计算开销和精度都有待完善.对此,提出了一种层次化的基于对等过滤的反匿名联盟构建方法.通过理论分析和基于大规模真实互联网拓扑的仿真实验结果表明:相比以往同类典型方案,该方法在继承其优势的同时改善了过滤器开销、通信开销、计算开销和优化精度.
Abstract:IP spoofing, as one of the most threatening security flaws in the current Internet, can bring a series of issues about network management and telecommunications billing. For this reason, the researchers propose the mutual egress filtering based defense mechanism, which uses the best current anti-spoofing practice, i.e., egress filtering, to clean the anonymous packets with high-efficiency, and simultaneously increase the incentive deployment through constructing the anti-spoofing alliance. However, the existing work has the following disadvantages:the flat and plain architecture leads to the higher overhead on the filter and communication; the inefficient data processing and non-member identification leads to the higher computation overhead and the lower precision of filter optimization. Therefore, this study proposes a hierarchical anti-spoofing alliance construction approach based on mutual egress filtering. Extensive mathematical analysis and simulations are performed to evaluate the proposed approach. The results show that the proposed approach significantly outperforms the prior approaches in terms of the filter overhead, communication overhead, computation overhead, and the precision of filter optimization.
文章编号:     中图分类号:TP393    文献标志码:
基金项目:国家自然科学基金(61601107,61402094);河北省自然科学基金(F2015501122,F2015501105);辽宁省博士科研启动基金(F201501143) 国家自然科学基金(61601107,61402094);河北省自然科学基金(F2015501122,F2015501105);辽宁省博士科研启动基金(F201501143)
Foundation items:National Natural Science Foundation of China (61601107, 61402094); the Natural Science Foundation of Hebei Province (F2015501122, F2015501105); the Doctoral Scientific Research Foundation of Liaoning Province (F201501143)
Reference text:


LU Ning,LI Feng,WANG Shang-Guang,SHI Wen-Bo,YANG Fang-Chun.Hierarchical Anti-Spoofing Alliance Construction Approach.Journal of Software,2019,30(9):2791-2814