【打印本页】      【下载PDF全文】   查看/发表评论  下载PDF阅读器  关闭
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 7565次   下载 7848 本文二维码信息
码上扫一扫!
内容中心网络中DoS攻击问题综述
李杨,辛永辉,韩言妮,李唯源,徐震
分享到: 微信 更多
(中国科学院 信息工程研究所 信息安全国家重点实验室 北京 中国 100093;中国科学院大学 网络空间安全学院 北京 中国 100049)
摘要:
“内容中心网络”(Content Centric Networking,CCN)是未来互联网架构体系群中极具前景的架构之一。尽管CCN网络的全新设计使其能够抵御目前网络存在的大多数形式DoS攻击,但仍引发了新型的DoS攻击,其中危害较大的两类攻击是兴趣包泛洪攻击和缓存污染攻击。这两类DoS攻击利用了CCN网络自身转发机制的安全逻辑漏洞,通过泛洪大量的恶意攻击包,耗尽网络资源,并导致网络瘫痪。与传统IP网络中DoS攻击相比,CCN网络中的内容路由、内嵌缓存和接收者驱动传输等新特征,对其DoS攻击的检测和防御方法都提出了新的挑战。本文首先介绍CCN网络的安全设计和如何对抗已有的DoS攻击,然后从多角度描述、比较CCN中新型DoS攻击的特点,重点阐述了兴趣包泛洪攻击和缓存污染攻击的分类、检测和防御方法,以及它们所面临的问题挑战,最后对全文进行总结。
关键词:  内容中心网络  DoS攻击  兴趣包泛洪攻击  缓存污染攻击
DOI:10.19363/j.cnki.cn10-1380/tn.2017.01.007
投稿时间:2016-06-22修订日期:2016-10-21
基金项目:本课题得到国家自然科学基金(No.61202419);中国科学院战略性先导科技专项(No.XDA06010306)资助。
A Survey of DoS Attack in Content Centric Networking
LI Yang,XIN Yonghui,HAN Yanni,LI Weiyuan,Xu Zhen
State Key Laboratory Of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;University of Chinese Academy of Sciences, Beijing 100049, China
Abstract:
Content Centric Networking (CCN) is one of the most promising architectures in the future Internet architecture. Although the new design in the CCN network can withstand the most network DoS attacks, it still leads to the new types of DoS attack, including interest flooding attack (IFA) and cache pollution attack (CPA) which is two kinds of attacks with greatest harm. These two types of DoS attacks exploit the security logic vulnerabilities of the CCN network forwarding mechanism itself, through flooding a large number of malicious attacks packets, exhausting the network resources, resulting in network paralysis. Compared with traditional IP DoS attacks, the new features of CCN network, such as content routing, embedded caching and receiver driven transmission, put new challenge to the detection and defense of DoS attacks. This paper firstly introduces the security design of CCN network and how to prevent the existing DoS attacks, then describes and compares the CCN new DoS attacks' characteristics from a variety of angles, and then explains the classification, detection and defense methods, and their problems of the IFA and CPA in details, and finally concludes the paper.
Key words:  Content Centric Networking  DoS attack  interest flooding attack  cache pollution attack