CN101917341A - Packet marking probability selecting method and device for inter-domain retrospect - Google Patents
Packet marking probability selecting method and device for inter-domain retrospect Download PDFInfo
- Publication number
- CN101917341A CN101917341A CN2010102611247A CN201010261124A CN101917341A CN 101917341 A CN101917341 A CN 101917341A CN 2010102611247 A CN2010102611247 A CN 2010102611247A CN 201010261124 A CN201010261124 A CN 201010261124A CN 101917341 A CN101917341 A CN 101917341A
- Authority
- CN
- China
- Prior art keywords
- packet
- mark
- marking probability
- indicating bit
- jumping
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a packet marking probability selecting method and a packet marking probability selecting device for inter-domain retrospect. A corresponding indicating bit of a data packet entering or leaving the current AS is checked at an interface of a BGP router of the current autonomous system AS, which is externally connected with an adjacent AS; when the indicating bit of the data packet shows that the data packet has not been marked by the upstream AS, a BGP routing table is checked in the BGP router according to a prefix longest matching principle, and an AS_PATH attribute value of a corresponding routing table entry is obtained, so the corresponding AS hop count is obtained; a marking probability is set according to the AS hop count to mark the corresponding data packet; and when the marking is determined to be carried out, the indicating bit of the corresponding data packet is set to be marked. The method and the device have the advantages of high speed of reconstructing attack paths, accuracy of reconstructing the attack paths and low router marking overhead.
Description
Technical field
The invention belongs to Internet technical field, relate in particular to a kind of packet marking probability selecting method that is used for inter-domain retrospect.
Background technology
Because the defective at the beginning of TCP/IP (TCP) design, network is not verified the source address of packet, just carries out route according to destination address, and packet is forwarded to destination.The assailant utilizes this leak cook source address, distance host or network are attacked, but the victim often can't be effectively to attack real-time obstruct, follow the trail of trace to the source, accurately seat offence person, call to account.
The IP trace-back technique can determine to send the transfer path of the location of network nodes and the attack packets of attack packets, and tracing process carries out under the assistance of a series of routers.Such technology not only can be reviewed network attack, and it is carried out legal sanction, the deterrence network crime.And, can also carry out statistical analysis to the forward-path that data wrap in the network, optimize routing configuration, help network integrated planning and traffic engineering area research.The IP trace-back technique can be divided into following 4 classes at present:
(1) link test technology.From begin inspection from the nearest router of victim, whether transmitted attack packets, date back to nearest router step by step from the assailant.Typical as input is debugged and the control inundation
(2) bag labelling technique.When attack packets process router, router is marked at the part routing information in the attack packets with certain probability, and the victim collects attack packets, recovers attack path according to the routing information in the attack packets, finds out the attack source.
(3) log-file technology.By the characteristic information of router records via the packet of oneself transmitting, the victim extracts the characteristic information of attack packets, and from from the nearest router of victim, recursively whether querying router transmitted attack packets, thereby recover attack path, find out the attack source.
(4) based on the technology of ICMP (Internet Control Message Protocol, message control protocol between net).Router generates new ICMP packet and mails to destination host when transmitting packet, and destination host goes out attack path and attack source according to the ICMP data packet recovery of collecting.
The probabilistic packet marking technology belongs to a kind of of bag labelling technique, is the class IP trace-back technique that industry is studied at most, is one of present research focus.But, in the present various probabilistic packet marking technology marking probability choose and tagging mechanism is optimized inadequately.
The first, cause the victim to reconstruct attack path and need receive more packet, slowed down attack path reconstruct speed; The second, can not the defensive attack person forge mark, cause the attack path of victim's reconstruct inaccurate; The 3rd, downstream router can cover the mark of upstream router, causes repeating label, increases router marking overhead.
Therefore, need to propose a kind of packet marking probability selecting method of more optimizing at present.
Summary of the invention
Purpose of the present invention is intended to one of solve the aforementioned problems in the prior at least.
For this reason, embodiments of the invention propose a kind of packet marking probability selecting method and device more excellent, that be applicable to the inter-domain retrospect of IPv6 (internet protocol version 6) and IPv4 (internet protocol version 4).
According to an aspect of the present invention, the embodiment of the invention has proposed a kind of packet marking probability selecting method that is used for inter-domain retrospect, said method comprising the steps of: the interface inspection that connects neighbours AS outside the bgp router of current autonomous system AS enters or leaves the corresponding indicating bit of the packet of current AS; Represent that at the indicating bit of packet this packet is not out-of-date by the upstream AS mark, in this bgp router, check bgp routing table according to the prefix longest match principle, and obtain the autonomous system path as_path attribute value of corresponding route table items, obtain corresponding AS jumping figure; According to described AS jumping figure marking probability is set the packet of correspondence is carried out mark; And corresponding packet indicating bit is set when determining to carry out mark is mark.
The further embodiment according to the present invention for the packet that enters current AS, is provided with inverse that described AS jumping figure the adds 1 sum probability that serves as a mark.
The further embodiment according to the present invention, for the packet that leaves current AS, the inverse that described AS jumping figure the is set probability that serves as a mark.
The further embodiment according to the present invention connects the interface of neighbours AS outside the bgp router of source AS, the indicating bit that leaves all packets of source AS is set to unmarked.
The further embodiment according to the present invention represents that at indicating bit corresponding packet is out-of-date by the upstream AS mark, then the packet of correspondence is not carried out mark.
According to a further aspect in the invention, embodiments of the invention propose a kind of packet marking probability selecting device that is used for inter-domain retrospect, described device comprises: indicating bit is checked module, and described indicating bit checks that module is used for connecting neighbours AS outside the bgp router of current autonomous system AS interface inspection enters or leave the indicating bit of the packet of current AS; Routing table is checked module, described routing table checks that module is used for representing that at the indicating bit of packet corresponding packet is not out-of-date by the upstream AS mark, check bgp routing table in the described bgp router according to the prefix longest match principle, and obtain the as_path attribute value of corresponding route table items, obtain corresponding AS jumping figure; Determination module, described determination module are provided with marking probability according to described AS jumping figure and determine whether the packet of correspondence is carried out mark; And mark module, described mark module is used for when determining to carry out mark corresponding packet being carried out mark, and the indicating bit that packet is set is mark.
The further embodiment according to the present invention, for the packet that enters current AS, described determination module is provided with inverse that described AS jumping figure the adds 1 sum probability that serves as a mark; For the packet that leaves current AS, the inverse that described determination module the is provided with described AS jumping figure probability that serves as a mark.
The further embodiment according to the present invention connects the interface of neighbours AS outside the bgp router of source AS, the indicating bit that described mark module leaves all packets of source AS is set to unmarked.
The further embodiment according to the present invention, described determination module compares described marking probability and random number, described random number [0,1) in the scope; If random number is not more than described marking probability, then determine the packet of mark correspondence; If random number greater than described marking probability, is then determined the not packet of mark correspondence.
The further embodiment according to the present invention represents that at indicating bit corresponding packet is out-of-date by the upstream AS mark, and described determination module is determined not the packet of correspondence is carried out mark.
The present invention by data packet transmission via router side carry out indicating bit and judge, realize whole marks of packet, thereby can all cover assailant's forgery mark, therefore forgery mark that can the defensive attack person makes the destination victim correctly to reconstruct attack path according to packet marking.
And, for the upstream data bag downstream of mark no longer carrying out mark, thereby can avoid repeating label, greatly reduce the marking overhead of router.
In addition, packet not by the situation of upstream router mark under, search bgp routing table according to the prefix longest match principle, as_path attribute value according to corresponding route table items obtains the AS jumping figure, and marking probability is set, and select whether current data packet to be marked with this marking probability according to this AS jumping figure.Like this, compare at present and need receive more packet in order to reconstruct whole attack path, the present invention can make destination under the situation that receives the minimal data bag, and quick reconfiguration goes out correct attack path, has improved the reconstruct speed of attack path.
Aspect that the present invention adds and advantage part in the following description provide, and part will become obviously from the following description, or recognize by practice of the present invention.
Description of drawings
Above-mentioned and/or additional aspect of the present invention and advantage are from obviously and easily understanding becoming the description of embodiment below in conjunction with accompanying drawing, wherein:
Fig. 1 is the packet marking probability selecting method flow chart that is used for inter-domain retrospect of the embodiment of the invention;
Fig. 2 is the packet marking probability selecting device block diagram that is used for inter-domain retrospect of the embodiment of the invention.
Embodiment
Describe embodiments of the invention below in detail, the example of described embodiment is shown in the drawings, and wherein identical from start to finish or similar label is represented identical or similar elements or the element with identical or similar functions.Below by the embodiment that is described with reference to the drawings is exemplary, only is used to explain the present invention, and can not be interpreted as limitation of the present invention.
The purpose of this invention is to provide a kind of more excellent, be applicable to marking probability system of selection IPv6 and IPv4, that be used for inter-domain retrospect and device.
At first with reference to figure 1, this figure is the packet marking probability selecting method flow chart that is used for inter-domain retrospect of the embodiment of the invention.
The interface that outside the bgp router of current autonomous system AS, connects neighbours AS, the i.e. interface inspection that is connected with neighbours AS enters or leaves the corresponding indicating bit (indicator bit) (step 102) of the packet of current AS, promptly check all input packets of importing current AS from neighbours AS, perhaps check the packet that outputs to all outputs of neighbours AS from current AS.In the present invention, all AS are only selected the indicating bit of its bgp router outlet carrying out dateout bag is detected, the indicating bit of perhaps only selecting the bgp router inlet of all AS to be imported packet detects.
By the inspection of indicating bit, judge whether the corresponding data bag crosses (step 104) by the upstream AS mark.It is unmarked that clear 0 expression in indicator bit position for example is set; Indicator bit position is set is 1 and represent mark.Certainly, whether 0 and 1 only make the symbol difference of mark for the expression packet, and those of ordinary skills obviously also can use other numerals or symbol to represent as can be known.
Represent that at indicating bit corresponding packet is not out-of-date by the upstream AS mark, for example be set to example with above-mentioned indicator bit position 0,1, when checking that indicator bit is 0, to destination address according to longest prefix match principle (longest prefix matching), check the bgp routing table of current bgp router, obtain the as_path attribute value of corresponding route table items, thereby obtain corresponding AS number number, i.e. AS jumping figure (step 106).
Then, the AS jumping figure that obtains according to step 106 is provided with the probability of this packet of mark, and determines whether packet is carried out mark (step 108).
Wherein, for the packet that enters current AS, inverse that the AS jumping figure the adds 1 sum probability that serves as a mark is set; For the packet that leaves current AS, the inverse that the AS jumping figure the is set probability that serves as a mark.
Particularly, can determine whether the packet of correspondence is carried out mark in conjunction with random number in an embodiment.In an embodiment of the present invention, whether be not more than marking probability by random number relatively and determine, wherein random number [0,1) in the scope.
For example, if random number is not more than marking probability, the packet of mark correspondence then, and corresponding packet indicating bit is set is mark (step 110), it is 1 that indicator bit promptly is set; If random number greater than flag probability, the packet (step 112) of mark correspondence not then.
Represent that at indicating bit corresponding packet is out-of-date by the upstream AS mark, for example be set to example, when checking that indicator bit is 1, then equally not to packet mark (step 112) with above-mentioned indicator bit position 0,1.
When current AS was source AS, at bgp router and the interface that neighbours AS is connected of source AS, the indicating bit that leaves the packet of source AS was set to unmarked, is about to the indicator bit clear 0 of all corresponding packets.
In addition, at first be on the outlet port of the bgp router of the AS that has Access Network, to be provided with, make it know oneself output port for the BGP of source AS.
As indicated above, output to the dateout bag of neighbours AS for leaving from source AS, the bgp router of source AS is represented the indicator bit position 0 of dateout bag unmarked.
Therefore, similarly, need repeating step 106 to 112, at first inquire about the bgp routing table of current bgp router, obtain the as_path attribute value of corresponding route table items, thereby obtain the AS jumping figure among the AS_PATH according to the longest prefix match principle.According to this AS jumping figure marking probability is set then, whether determines the flag data bag, if mark, then with indicator bit position 1.
As indicated above, therefore can carry out the detection of corresponding data bag indicating bit at the arrival end of all bgp routers or the port of export of all bgp routers, packet marking of the present invention is correspondingly disposed and is judged at the arrival end of all bgp routers or the port of export.
(1) threshold marker method.For the output interface of the bgp router of source AS, promptly packet moves following algorithm from the interface that source AS outputs to neighbours AS:
for?each?packet
if?it?is?at?output?port?of?an?BGP?in?the?source?AS
indicator?bit=0
Input interface for the bgp router of other AS, being packet enters into the interface of current AS from neighbours AS, moves following algorithm, wherein | and AS_PATH| represents AS number the number that the AS path is comprised, be the AS jumping figure, router is this packet of probability mark with 1/h.
for?each?packet
if?indicator?bit=0
search?the?route?item?according?to?the?longest?prefix?matching;
get?AS_PATH?andh←|AS_PATH|+1;
let?r?be?a?random?humber?in[0,1)
if?r≤1/h
mark?the?packet;
indicator?bit←1;
else
unmark?the?packet
else
unmark?the?packet.
(2) exit marking method.For the output interface of the bgp router of each AS, promptly packet outputs to the interface of neighbours AS from current AS, moves following algorithm,
Wherein | AS_PATH | AS number the number that expression AS path is comprised, i.e. AS jumping figure, router is this packet of probability mark with 1/h.
for?each?packet
if?it?is?at?output?port?of?an?BGP?in?the?source?AS
indicator?bit←0;
if?indicator?bit=0
search?the?route?item?according?to?the?longest?prefix?matching;
get?AS_PATH?and?h←|AS_PATH|;
let?r?be?a?random?number?in[0,1)
if?r≤1/h
mark?the?packet;
indicator?bit?←1;
else
unmark?the?packet
else
unmark?the?packet.
From above-mentioned algorithm as can be seen, when calculating h,, need on the basis of AS jumping figure, add 1 for the threshold marker method.
And for inputing or outputing packet, the packet that is not labeled then will be labeled with less probability if will transmit the packet that more AS jumping figure could arrive purpose AS; If will transmit the packet that less AS jumping figure could arrive purpose AS, then will be labeled with bigger probability.
The particular content (except that the mark of packet indicating bit) that it is pointed out that the packet marking here can be the packet marking method of existing arbitrary form, and the present invention can cooperate suitable with it.
In addition, shown in Fig. 2 embodiment, the present invention also provides a kind of packet marking probability selecting device that is used for inter-domain retrospect, and this device comprises indicating bit inspection module 12, routing table inspection module 14, determination module 16 and mark module 18.
Indicating bit checks that module 12 is used for connecting neighbours AS outside the bgp router of current AS interface inspection enters or leave the indicating bit of all corresponding data bags of current AS, routing table checks that module 14 is used for representing that at the indicating bit of packet this packet is not out-of-date by the upstream AS mark, check the routing table in the bgp router of current AS according to the prefix longest match principle, and obtain the as_path attribute value of corresponding route table items, thereby obtain corresponding AS jumping figure.
For source AS, mark module 18 connects the interface of neighbours AS outside the bgp router of source AS, and the indicating bit that leaves the packet of source AS is set to unmarked.
Wherein, for the packet that enters current AS, determination module 16 is provided with inverse that the AS jumping figure the adds 1 sum probability that serves as a mark; For the packet that leaves current AS, the inverse that determination module 16 is provided with the AS jumping figure probability that serves as a mark.
Particularly, determination module 16 can compare marking probability and random number in an embodiment, wherein random number [0,1) in the scope.If random number is not more than marking probability, then determine the packet of mark correspondence; If random number greater than flag probability is then determined the not packet of mark correspondence.Check the output of module 12 according to indicating bit, represent that at indicating bit corresponding packet is out-of-date by the upstream AS mark, determination module 16 is determined not the packet of correspondence is carried out mark.
In addition, for other network of router level, on the basis that obtains router hops from current router to the purpose router, router hops can be replaced AS jumping figure of the present invention, and carry out other network packet of router level in conjunction with above-mentioned packet marking method and apparatus of the present invention and transmit mark.
The present invention by data packet transmission via router side carry out indicating bit and judge, realize whole marks of packet, thereby assailant's forgery mark all can be covered, therefore defensive attack person's forgery mark makes the destination victim correctly to reconstruct attack path according to legal packet marking.
And, for no longer being carried out mark by the packet downstream router of upstream router mark, thereby can avoid repeating label, greatly reduce the marking overhead of router.
In addition, can also guarantee for each packet that the mark equiprobability that each bgp router is done arrives destination.Like this, compare at present and need receive more packet in order to reconstruct whole attack path, the present invention can make destination under the situation of average received minimal data bag, and quick reconfiguration goes out attack path, has improved the reconstruct speed of attack path.
Particularly, for each packet, the mark that each bgp router is done needs equiprobability to arrive destination, and like this, destination is on average collected minimum packet just can recover AS level attack path.If to purpose AS, the AS jumping figure of process is that t jumps from source AS, the bgp router number consecutively is 1,2......t, and marking probability is respectively P
1, P
2... P
tIf, then for each packet, need satisfy the mark equiprobability arrival destination that each bgp router is done, promptly be 1/t, then:
1/t=P
1
1/t=(1-P
1)P
2
......
1/t=(1-P
1)(1-P
2)...(1-P
t-2)P
t-1
1/t=(1-P
1)(1-P
2)...(1-P
t-1)P
t
Obtain:
P
1=1/t
P
2=1/y-1
......
P
t=1
Like this, choose mode by packet marking probability of the present invention, bgp router knows that this packet will could arrive purpose AS through several AS after receiving certain packet.Thereby for each packet, can guarantee that the mark equiprobability that each bgp router is done arrives destination by the present invention.
Although illustrated and described embodiments of the invention, for the ordinary skill in the art, be appreciated that without departing from the principles and spirit of the present invention and can carry out multiple variation, modification, replacement and modification that scope of the present invention is by claims and be equal to and limit to these embodiment.
Claims (12)
1. a packet marking probability selecting method that is used for inter-domain retrospect is characterized in that, said method comprising the steps of:
The interface inspection that connects neighbours AS outside the Border Gateway Protocol (BGP) router of current autonomous system AS enters or leaves the corresponding indicating bit of the packet of current AS;
Represent that at the indicating bit of packet corresponding packet is not out-of-date by the upstream AS mark, in this bgp router, check bgp routing table according to the prefix longest match principle, and obtain the autonomous system path as_path attribute value of corresponding route table items, thereby obtain corresponding AS jumping figure;
According to described AS jumping figure marking probability is set the packet of correspondence is carried out mark; And
Corresponding packet indicating bit is set when determining to carry out mark is mark.
2. packet marking probability selecting method as claimed in claim 1 is characterized in that, connects the interface of neighbours AS outside the bgp router of source AS, and the indicating bit that leaves all packets of source AS is set to unmarked.
3. packet marking probability selecting method as claimed in claim 1 is characterized in that, represents that at indicating bit corresponding packet is out-of-date by the upstream AS mark, then the packet of correspondence is not carried out mark.
4. packet marking probability selecting method as claimed in claim 1 is characterized in that, described determining step comprises:
Described marking probability and random number are compared, described random number [0,1) in the scope;
Be not more than described marking probability as if random number, then the packet of mark correspondence;
If random number is greater than described marking probability, the packet of mark correspondence not then.
5. as claim 1-4 each described packet marking probability selecting method wherein, it is characterized in that,, inverse that described AS jumping figure the adds 1 sum probability that serves as a mark is set for the packet that enters current AS.
6. as claim 1-4 each described packet marking probability selecting method wherein, it is characterized in that, for the packet that leaves current AS, the inverse that described AS jumping figure the is set probability that serves as a mark.
7. packet marking probability selecting device that is used for inter-domain retrospect is characterized in that described device comprises:
Indicating bit is checked module, and described indicating bit checks that module is used for connecting neighbours AS outside the bgp router of current autonomous system AS interface inspection enters or leave the indicating bit of the packet of current AS;
Routing table is checked module, described routing table checks that module is used for representing that at the indicating bit of packet corresponding packet is not out-of-date by the upstream AS mark, check bgp routing table in the described bgp router according to the prefix longest match principle, and obtain the as_path attribute value of corresponding route table items, thereby obtain corresponding AS jumping figure;
Determination module, described determination module are provided with marking probability according to described AS jumping figure and determine whether the packet of correspondence is carried out mark; And
Mark module, described mark module are used for when determining to carry out mark corresponding packet being carried out mark, and corresponding packet indicating bit is set is mark.
8. packet marking probability selecting device as claimed in claim 7 is characterized in that, connects the interface of neighbours AS outside the bgp router of source AS, and the indicating bit that described mark module leaves all packets of source AS is set to unmarked.
9. packet marking probability selecting device as claimed in claim 7 is characterized in that described determination module compares described marking probability and random number, described random number [0,1) in the scope; If random number is not more than described marking probability, then determine the packet of mark correspondence; If random number greater than described marking probability, is then determined the not packet of mark correspondence.
10. packet marking probability selecting device as claimed in claim 7 is characterized in that, represents that at indicating bit corresponding packet is out-of-date by the upstream AS mark, and described determination module is determined not the packet of correspondence is carried out mark.
11., it is characterized in that for the packet that enters current AS, described determination module is provided with inverse that described AS jumping figure the adds 1 sum probability that serves as a mark as claim 7-10 each described packet marking probability selecting method wherein.
12. as claim 7-10 each described packet marking probability selecting method wherein, it is characterized in that, for the packet that leaves current AS, the inverse that described determination module the is provided with described AS jumping figure probability that serves as a mark.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102611247A CN101917341A (en) | 2010-08-24 | 2010-08-24 | Packet marking probability selecting method and device for inter-domain retrospect |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102611247A CN101917341A (en) | 2010-08-24 | 2010-08-24 | Packet marking probability selecting method and device for inter-domain retrospect |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101917341A true CN101917341A (en) | 2010-12-15 |
Family
ID=43324735
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102611247A Pending CN101917341A (en) | 2010-08-24 | 2010-08-24 | Packet marking probability selecting method and device for inter-domain retrospect |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101917341A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102957610A (en) * | 2012-12-03 | 2013-03-06 | 杭州华三通信技术有限公司 | Routing processing method and routing forward equipment |
| CN104038384A (en) * | 2014-05-22 | 2014-09-10 | 中国电子科技集团公司第三十研究所 | Tracking and tracing system based on GBF and working method thereof |
| TWI489820B (en) * | 2011-01-03 | 2015-06-21 | Univ Nat Taiwan Science Tech | An attack source trace back method |
| CN105357024A (en) * | 2015-09-23 | 2016-02-24 | 清华大学 | Area control equipment, domain control equipment and control system for SDN (Software Defined Networking) |
| CN105847034A (en) * | 2016-03-16 | 2016-08-10 | 清华大学 | Source verification and path authentication method and device |
| CN109120602A (en) * | 2018-07-25 | 2019-01-01 | 中国人民公安大学 | A kind of IPv6 attack source tracing method |
| CN110086819A (en) * | 2019-05-05 | 2019-08-02 | 哈尔滨英赛克信息技术有限公司 | Attack source tracing method based on FRIT |
| CN110703817A (en) * | 2016-03-29 | 2020-01-17 | 华为技术有限公司 | Control method, device and system for statistical flow |
| CN110932971A (en) * | 2019-05-23 | 2020-03-27 | 北京航空航天大学 | Inter-domain path analysis method based on layer-by-layer reconstruction of request information |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101518017A (en) * | 2006-03-01 | 2009-08-26 | 新泽西理工学院 | Autonomous System-based Edge Marking (ASEM) for Internet Protocol (IP) traceback |
-
2010
- 2010-08-24 CN CN2010102611247A patent/CN101917341A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101518017A (en) * | 2006-03-01 | 2009-08-26 | 新泽西理工学院 | Autonomous System-based Edge Marking (ASEM) for Internet Protocol (IP) traceback |
Non-Patent Citations (2)
| Title |
|---|
| 《Wireless Communications, Networking and Mobile Computing, 2008. WiCOM "08. 4th International Conference》 20081231 Zhaoyang Qu等 A Packet Marking Algorithm Based on the Path Identification of Autonomous System 1-4 1-12 , 2 * |
| 《信息技术》 20100531 刘竹等 基于动态概率包标记的DDOS攻击源追踪技术研究 第74-76页 1-12 , 2 * |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI489820B (en) * | 2011-01-03 | 2015-06-21 | Univ Nat Taiwan Science Tech | An attack source trace back method |
| CN102957610A (en) * | 2012-12-03 | 2013-03-06 | 杭州华三通信技术有限公司 | Routing processing method and routing forward equipment |
| CN102957610B (en) * | 2012-12-03 | 2016-03-02 | 杭州华三通信技术有限公司 | Route processing method and routing forwarding equipment |
| CN104038384A (en) * | 2014-05-22 | 2014-09-10 | 中国电子科技集团公司第三十研究所 | Tracking and tracing system based on GBF and working method thereof |
| CN105357024A (en) * | 2015-09-23 | 2016-02-24 | 清华大学 | Area control equipment, domain control equipment and control system for SDN (Software Defined Networking) |
| CN105847034A (en) * | 2016-03-16 | 2016-08-10 | 清华大学 | Source verification and path authentication method and device |
| CN105847034B (en) * | 2016-03-16 | 2019-02-05 | 清华大学 | Source verifying and path authentication method and device |
| US11716262B2 (en) | 2016-03-29 | 2023-08-01 | Huawei Technologies Co., Ltd. | Control method, apparatus, and system for collecting traffic statistics |
| US11381480B2 (en) | 2016-03-29 | 2022-07-05 | Huawei Technologies Co., Ltd. | Control method, apparatus, and system for collecting traffic statistics |
| CN110703817A (en) * | 2016-03-29 | 2020-01-17 | 华为技术有限公司 | Control method, device and system for statistical flow |
| CN110703817B (en) * | 2016-03-29 | 2022-04-05 | 华为技术有限公司 | Control method, device and system for statistical flow |
| CN109120602B (en) * | 2018-07-25 | 2020-12-25 | 中国人民公安大学 | IPv6 attack tracing method |
| CN109120602A (en) * | 2018-07-25 | 2019-01-01 | 中国人民公安大学 | A kind of IPv6 attack source tracing method |
| CN110086819B (en) * | 2019-05-05 | 2021-08-17 | 哈尔滨英赛克信息技术有限公司 | FRIT-based attack tracing method |
| CN110086819A (en) * | 2019-05-05 | 2019-08-02 | 哈尔滨英赛克信息技术有限公司 | Attack source tracing method based on FRIT |
| CN110932971B (en) * | 2019-05-23 | 2020-11-24 | 北京航空航天大学 | Inter-domain path analysis method based on layer-by-layer reconstruction of request information |
| CN110932971A (en) * | 2019-05-23 | 2020-03-27 | 北京航空航天大学 | Inter-domain path analysis method based on layer-by-layer reconstruction of request information |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101917341A (en) | Packet marking probability selecting method and device for inter-domain retrospect | |
| CN103581021B (en) | The method and apparatus of business detection under software defined network | |
| CN101938415B (en) | Rapid forwarding method for network forwarding device | |
| CN102195843B (en) | Flow control system and method | |
| JP5195953B2 (en) | Abnormal link estimation device, abnormal link estimation method, program, and abnormal link estimation system | |
| CN101931628B (en) | Method and device for verifying intra-domain source addresses | |
| CN107566279A (en) | A kind of router alias resolution method based on routing iinformation and Traceroute information | |
| CN102158497B (en) | IP address filtering method and device | |
| JP5283192B2 (en) | Method, node device, and program for detecting faulty link in real time based on routing protocol | |
| EP3293917B1 (en) | Path probing using an edge completion ratio | |
| CN107342939A (en) | The method and apparatus for transmitting data | |
| CN114553769B (en) | End-to-end flow monitoring in a computer network | |
| CN106027497A (en) | DDoS (Distributed Denial of Service) tracing and source end filtering method oriented to SDN (Software Defined Networking) and based on OpenFlow-DPM | |
| CN101699796B (en) | Stream trust-based method and system for transmitting data message at high speed and router thereof | |
| CN106789387A (en) | A kind of chain circuit detecting method and device for SDN | |
| CN102769567B (en) | A kind of retransmission method of multilink transparent internet Frame and device | |
| CN102571464B (en) | Link tracking processing method and system | |
| CN102648604A (en) | Method of monitoring network traffic by means of descriptive metadata | |
| CN105049345B (en) | A kind of method and system of BGP routing traffics data fusion | |
| CN106059850A (en) | Link abnormity detection method, system, apparatus, and chip in IS-IS network | |
| CN112953822A (en) | Method, device and system for reducing routing loop | |
| CN113518034B (en) | Method, device, equipment and storage medium for route detection | |
| CN105391638B (en) | A kind of method and system of OSPF, ISIS routing traffic data fusion | |
| CN101741617A (en) | Method and device for positioning fault | |
| US20060133387A1 (en) | Route tracing in wireless networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20101215 |