基于 DDoS 安全区的伪造 IP 检测技术研究-《计算机技术与发展》

文章信息/Info

Title:: Research on Forged IP Detection Technology Based on DDoS Security Zone

作者:: 赵陇¹; 2 ; 王志勃¹; 2 ; 章万静²; 1. 江苏省电子产品装备与制造中心,江苏淮安 223003; 2. 淮安信息职业技术学院,江苏淮安 223003

Author(s):: ZHAO Long¹; 2 ; WANG Zhi-bo¹; 2 ; ZHANG Wan-jing²; 1. Jiangsu Province Electronic Products and Manufacturing Center,Huaian 223003,China; 2. Huaian Vocational College of Information Technology,Huaian 223003,China

摘要:: DDoS 攻击是种常见的网络攻击手段。伴随着物联网的发展,DDoS 攻击越来越多地来自于物联网设备,特别是一些常见的像摄像头之类的简单设备比如去年 9 月爆发的 Mirai 病毒感染事件,这是迄今为止最大的分布式拒绝服务(DDoS)攻击事件之一,有超过 10 万个设备被感染。此后,陆续监测到来自物联网设备的多次大型攻击。随着物联网设备的小型化,像无线路由器、IP 摄像头等,这种攻击逐渐发展成为一种新的趋势。在 DDoS 攻击的初始阶段,检测出源 IP 是否被伪造是很重要的。文中提出了一种基于 DDoS 安全区的快速检测伪造 IP 的方法,目标是为了防御 DDoS 攻击。为了实现这一目标,评估了正常流量的 TTL,作为可访问 DDoS 安全区的参考。最后,使用实际 DDoS 攻击案例进行验证分析,证明了该方法可以快速检测出伪造 IP。

Abstract:: DDoS attacks are a common means of cyber attacks. With the development of the Internet of Things(IoT),DDoS attacks are increasingly coming from IoT devices,especially some common simple devices like cameras. For example,the Mirai virus infection that erupted in September last year is one of the largest distributed denial of service (DDoS) attacks,with more than 100 000 devices infected. Since then,multiple large attacks from IoT devices have been monitored. With the miniaturization of IoT devices,such as wireless routers,IP cameras,etc.,this kind of attack has gradually developed into a new trend. In the initial stage of DDoS attack,it is very important to detect whether the source IP is forged. We propose a method for quickly detecting forged IP based on the DDoS security zone,which aims to defend against DDoS attacks. To achieve this goal,we evaluate the TTL of normal traffic as a reference for accessing the DDoS security zone. Finally,we use the actual DDoS attack case for verification analysis,which proves that the method can quickly detect forged IP.