论文部分内容阅读
近两年来,分布式拒绝服务(Distributed Denial of Service,DDoS)攻击成为一种日益常见的网络异常流量,它不仅导致被攻击者的网络服务中断,还对电信运营商的IP城域骨干网的安全构成严重威胁。从电信运营商的角度,分析了危害IP城域网安全的DDoS攻击特征,在综合考虑攻击特征、技术现状、投资成本的基础上,提出一种容易在IP城域网部署的DDoS攻击检测与封堵方案。试用结果表明,该方案可以显著提高运营商IP城域网在DDoS攻击事件方面的响应处理能力。
In the past two years, Distributed Denial of Service (DDoS) attacks have become an increasingly common anomaly of network traffic. It not only results in the disruption of network services to attackers, but also affects the telecom carrier’s IP metro backbone Security poses a serious threat. From the perspective of telecom operators, this paper analyzes the characteristics of DDoS attacks endangering IP MAN security. Based on the comprehensive consideration of attack characteristics, current status of technology and investment costs, this paper proposes a DDoS attack detection Closure program. The trial results show that the scheme can significantly improve the response capability of the operator IP MAN in DDoS attack events.