CN105429940B - A method of the extraction of network data flow zero watermarking is carried out using comentropy and hash function - Google Patents

A method of the extraction of network data flow zero watermarking is carried out using comentropy and hash function Download PDF

Info

Publication number
CN105429940B
CN105429940B CN201510701787.9A CN201510701787A CN105429940B CN 105429940 B CN105429940 B CN 105429940B CN 201510701787 A CN201510701787 A CN 201510701787A CN 105429940 B CN105429940 B CN 105429940B
Authority
CN
China
Prior art keywords
zero watermarking
extraction
network
data flow
flow
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510701787.9A
Other languages
Chinese (zh)
Other versions
CN105429940A (en
Inventor
陈永红
侯雪艳
田晖
王田
蔡奕侨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huaqiao University
Original Assignee
Huaqiao University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huaqiao University filed Critical Huaqiao University
Priority to CN201510701787.9A priority Critical patent/CN105429940B/en
Publication of CN105429940A publication Critical patent/CN105429940A/en
Application granted granted Critical
Publication of CN105429940B publication Critical patent/CN105429940B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/146Tracing the source of attacks

Abstract

The invention discloses a kind of methods for carrying out the extraction of network data flow zero watermarking using comentropy and hash function, the algorithm is in the original flow of transmitting terminal, by temporally carrying out fragment to data flow, the distribution situation of statistical data packet size simultaneously calculates Shannon entropy, carries out the extraction of zero watermarking to it using hash function;In receiving end, zero watermarking extraction is carried out to the flow received again using same method;Confirm transmitting terminal and receiving end with the presence or absence of apparent network communication relationship by the comparison of the zero watermarking extracted to both ends.Using the extraction and detection method of network flow zero watermarking system of the invention, the network communication relationship in anonymous communication system between transmitting terminal and receiving end can be effectively determined, provide theoretical foundation for ddos attack positioning.

Description

It is a kind of to carry out the extraction of network data flow zero watermarking using comentropy and hash function Method
Technical field
The present invention relates to communicating pair relationships under Anonymizing networks environment to confirm field, more specifically, being related to a kind of utilization Comentropy and hash function carry out the method and a kind of extraction and detection system of network flow zero watermarking of watermark extracting to network flow System.
Background technique
With the rapid development of global IT application, computer network has been the world today's high-new skill the most breathtaking One of art.Resource-sharing, information exchange and the distributed treatment of network bring great convenience to study, work, scientific research.But layer goes out Not poor various attacks bring huge potential threat and destruction to computer network and system.
Since 2000, network constantly occurs by attack, according to " FBI computer crime in 2003 and peace Full investigation " display, DDOS attack is the network crime being number two, and quantity is constantly soaring.
Ddos attack initiates a large amount of useless messages for occupying network bandwidth to target of attack by more puppet's hosts of control, The system and Internet resources that target of attack is consumed with this, make it externally can not normally provide service.Due to the burst of attack traffic Property and address randomness, cause this attack to be difficult with traditional based on the detection technique of traffic monitoring from sudden normal stream It is distinguished in amount.
In numerous ddos attacks, SYN Flood is undoubtedly attack class that is presently most classical and being most widely used Type, it is utilized the loophole in Transmission Control Protocol realization, can have an impact to all network equipments based on ICP/IP protocol stack.
The concrete operating principle of SYN Flood attack are as follows: a large amount of pseudo- by being sent to the open port of destination server The attack message for making source address, causes the half-open connection queue in server network protocol stack to take caching, and final delay machine stops Work, prevent other users are from normally accessing.Various operating systems or even poor firewall, the router of performance etc. all without Method effectively defends this attack mode.And by various network tools, which can be convenient ground cook source address, this makes Obtaining pursuit attack person becomes extremely difficult.
The characteristics of for SYN Flood attack, the fundamental way of solution is tracking attack stream, finds out attack path and finds Attack source, here it is IP retrogressive methods.
IP backtracking is intended to find attacker since by attacker, is a kind of method for focusing on deterrence.IP backtracking substantially may be used It is divided into two classes.
One kind is to recall the attack of certain flow.Major defect is: (1) modifying to IP agreement;(2) work as attack stream When measuring sufficiently large, backtracking performance is acceptable, and to small flow and single packet attack, rate of false alarm and rate of failing to report are all quite high.
Another kind of is the attack that can recall any flow, including single packet attack.Basic principle is: being grouped when router forwards When, also grouping information is recorded;Backtracking is the router recorded by inquiry packets to determine grouping process.This kind of scheme Critical issue is: since router storage resource is limited, grouped record is easily lost.
For this purpose, we have invented the IP retrogressive methods based on data flow zero watermarking.
Digital watermarking is the certain digital informations of addition into data multimedia (such as image, sound, vision signal) earliest To reach the functions such as the identification of the file true and false, copyright protection.Watermark was introduced into network security for mark network flow later.
Network flow zero watermarking is a new research direction of current data flow watermark, and thought utilizes original flow Certain important feature constructions can be with the watermark of unique identification, therefore original data stream is also considered as having contained the watermark and tool For certain marks.The maximum feature of zero watermarking is exactly not change any data of original flow, ensure that the invisible of watermark Property, therefore the problems such as there is no data-flow quality decline or watermark amounts limited.
Summary of the invention
Invention the deficiency for aiming to overcome that the prior art, provide it is a kind of using comentropy and hash function progress network The method and a kind of IP backtracking system based on network flow zero watermarking that data flow zero watermarking extracts.
The technical solution adopted by the present invention to solve the technical problems is: provide it is a kind of using comentropy and hash function into The method that row network data flow zero watermarking extracts, comprising: in the original flow of transmitting terminal, by temporally dividing data flow Piece, the distribution situation of statistical data packet size are simultaneously calculated Shannon entropy, are carried out the extraction of zero watermarking to it using hash function;It is connecing Receiving end carries out zero watermarking extraction to the flow received again using same method;Pass through the zero watermarking that extracts to both ends Compare to confirm transmitting terminal and receiving end with the presence or absence of apparent network communication relationship;
The step of extraction of the network flow zero watermarking are as follows:
A1, the original data stream t for obtaining transmitting terminal, choose suitable offset o, according to T pairs of regular hour piece size Data flow carries out fragment, obtains l timeslice;
A2, in each timeslice size, the distribution situation of statistical data packet size;It calculates in each time interval, The times N that different packet sizes occurij(i△t);
A3, it calculates in each time interval, the probability that different size packet occurs:
Pij(i △ t)=Nij(i△t)/∑sum J=1Nij(i△t)
Wherein, Nij(i △ t) is represented in i-th of time interval, the number that different size of packet occurs;∑sum J=1Nij(i△ T) it represents in same time interval, the total degree that different size of packet occurs, sum represents different size packet in the time interval With;
A4, the value condition that different size packet in each time interval is represented with stochastic variable X utilize aromatic formula, meter Calculate the Shannon entropy in each timeslice:
H (X) '=- ∑n J=1p(xj)logp(xj)
p(xj) probability when representing a certain particular value in stochastic variable;
A5, quantification treatment is carried out to comentropy H (X) ':
H (X)=H (X) ' * a
Wherein, a is quantization unit;
One group of A6, input code key Key, carry out Hash with the Shannon entropy H (X) after quantization, obtain required watermark:
Wi=HASH (Keyi,H(Xi))
Wherein, WiIt is the characteristic quantity of the watermark and data flow finally required, KeyiIt is i-th of code key, H (Xi) it is The entropy of i timeslice, HASH () are hash functions needed for asking watermark.
Preferably, the traffic flow information from transmitting terminal is collected in the border routing of transmitting terminal, zero watermarking is carried out to it It extracts, and the zero watermarking W and extracting parameter of extraction is dumped into third-party agent.
Preferably, the border routing in receiving end collects the traffic flow information for being sent to receiving end, obtains from third-party agent Obtain zero water
Print extract needed for various parameters, using zero watermarking extraction the step of extract the received data flow in receiving end taken The zero of band
Watermark W ', and it is sent to third-party agent;By third-party agent compare transmitting terminal and receiving end zero watermarking whether It is identical.
A method of IP backtracking is carried out, zero water of network data flow is carried out using comentropy and hash function based on described The method extracted is printed, is included the following steps:
B1, determining attack stream from border routing first with network flow zero watermarking by attacker;
B2, the upper routing that attack stream flows through is confirmed using the method that zero watermarking extraction and network communication relationship confirms Position;
B3, step B2 is repeated until attack stream to be locked in a certain specific local network;
B4, when locking a certain router or local area network, determine what attack stream flowed through according to the method that zero watermarking extracts Attack source is finally locked on certain or a few physical machines by host route, realizes that IP recalls with this.
1) the beneficial effects of the present invention are: by attacker, first with network flow zero watermarking, determine attack stream from Which router or interchanger find the path that attack stream flows through with this.
2) when locking a certain router or local area network, as springboard, continue it is true to the router being connected with itself Recognize the source of attack stream, further recalls the path of attack stream.
So circulation is gone down, then attack source can be locked between a certain local area network or a few hosts.
Invention is further described in detail with reference to the accompanying drawings and embodiments;But it is of the invention a kind of to utilize comentropy The method for carrying out the extraction of network data flow zero watermarking with hash function is not limited to the embodiment.
Detailed description of the invention
Fig. 1 is the block schematic illustration for carrying out zero watermarking extraction to network flow using comentropy and hash function;
Fig. 2 is the flow diagram for carrying out zero watermarking extraction to network flow using comentropy and hash function;
Fig. 3 is the network frame schematic diagram that correspondence confirmation is carried out using zero watermarking;
Fig. 4 is the overall flow schematic diagram that correspondence confirmation is carried out using zero watermarking;
Fig. 5 is that IP backtracking schematic diagram is carried out using zero watermarking.
Specific embodiment
Embodiment 1
Referring to figs. 1 to 5, of the invention a kind of comentropy and hash function to be utilized to carry out network data flow zero watermarking The method of extraction, comprising: in the original flow of transmitting terminal, by temporally carrying out fragment, statistical data packet size to data flow Distribution situation and calculate Shannon entropy, the extraction of zero watermarking is carried out to it using hash function;In receiving end, same side is utilized Method carries out zero watermarking extraction to the flow received again;Confirmed by the comparison of the zero watermarking extracted to both ends transmitting terminal and Receiving end whether there is apparent network communication relationship.
The step of extraction of the network flow zero watermarking are as follows:
A1, the original data stream t for obtaining transmitting terminal, choose suitable offset o, according to T pairs of regular hour piece size Data flow carries out fragment, obtains l timeslice;
A2, in each timeslice size, the distribution situation of statistical data packet size;It calculates in each time interval, The times N that different packet sizes occurij(i△t);
A3, it calculates in each time interval, the probability that different size packet occurs:
Pij(i △ t)=Nij(i△t)/∑sum J=1Nij(i△t)
Wherein, Nij(i △ t) is represented in i-th of time interval, the number that different size of packet occurs;∑sum J=1Nij(i△ T) it represents in same time interval, the total degree that different size of packet occurs, sum represents different size packet in the time interval With;
A4, the value condition that different size packet in each time interval is represented with stochastic variable X utilize aromatic formula, meter Calculate the Shannon entropy in each timeslice:
H (X) '=- ∑n J=1p(xj)logp(xj)
p(xj) probability when representing a certain particular value in stochastic variable;
A5, quantification treatment is carried out to comentropy H (X) ':
H (X)=H (X) ' * a
Wherein, a is quantization unit;
One group of A6, input code key Key, carry out Hash with the Shannon entropy H (X) after quantization, obtain required watermark:
Wi=HASH (Keyi,H(Xi))
Wherein, WiIt is the characteristic quantity of the watermark and data flow finally required, KeyiIt is i-th of code key, H (Xi) it is The entropy of i timeslice, HASH () are hash functions needed for asking watermark.
Preferably, the traffic flow information from transmitting terminal is collected in the border routing of transmitting terminal, zero watermarking is carried out to it It extracts, and the zero watermarking W and extracting parameter of extraction is dumped into third-party agent.
Preferably, the border routing in receiving end collects the traffic flow information for being sent to receiving end, obtains from third-party agent Zero watermarking extract needed for various parameters, using zero watermarking extraction the step of extract the received data flow in receiving end entrained by Zero watermarking W ', and be sent to third-party agent;Whether the zero watermarking for comparing transmitting terminal and receiving end by third-party agent is identical.
A method of IP backtracking is carried out, zero water of network data flow is carried out using comentropy and hash function based on described Print mentions
The method taken, includes the following steps:
B1, determining attack stream from border routing first with network flow zero watermarking by attacker;
B2, the upper routing that attack stream flows through is confirmed using the method that zero watermarking extraction and network communication relationship confirms Position;
B3, step B2 is repeated until attack stream to be locked in a certain specific local network;
B4, when locking a certain router or local area network, determine what attack stream flowed through according to the method that zero watermarking extracts Attack source is finally locked on certain or a few physical machines by host route, realizes that IP recalls with this.
Fig. 1 shows the specific operation process using comentropy and hash function to data flow, and Fig. 2 then gives the operation Specific flow chart.Zero watermarking extraction progress is carried out furtherly to using comentropy and hash function below with reference to Fig. 1 and Fig. 2 It is bright, mainly including the following steps:
Step 1, by the agency operated on local area network border routing, the data flow letter forwarded through the routing is collected Breath.
Step 2, to different data flows, according to certain rules needed for selection and withdrawal watermark between offset and time Every.
Step 3, it is distributed according to data package size, calculates the comentropy in each interval, and quantify to it.
Step 4, it inputs one group of code key and seeks the data flow in conjunction with the comentropy after quantization using given hash function Characteristic quantity, i.e. watermark W.
Step 5, various parameters needed for watermark W and extraction watermark are dumped in third-party agent.
There is determining correspondence between transmitting terminal and receiving end really to verify, need to also be carried out in receiving end corresponding Watermark extraction.
Fig. 3 shows the network frame figure that the confirmation of network communication relationship is carried out using zero watermarking, and it is double that Fig. 4 then gives communication The overall flow figure of Fang Jinhang correspondence confirmation.Totality is carried out to the confirmation of communicating pair relationship below with reference to Fig. 3 and Fig. 4 to say It is bright, mainly including the following steps:
Step 1, according to Fig. 1 and Fig. 2 the method, transmitting terminal border routing is by watermark entrained by transmitting terminal data flow W is extracted and has been uploaded to third-party agent.
Step 2, the agency on the border routing of receiving end is operated in, the traffic flow information for being transmitted to receiving end is collected.
Step 3, various parameters information needed for extracting watermark is read from third-party agent.
Step 4, Fig. 1 and watermark extracting method shown in Fig. 2 are deferred to according to known parameter, again to the data flow received Secondary carry out watermark extracting, if the watermark that receiving end is extracted is W '.
Step 5, the watermark W ' that receiving end is extracted is dumped in third-party agent.
Step 6, in third-party agent, the watermark W and W ' that extract twice are compared according to certain algorithm.If W and Both W ' are identical, then there are apparent correspondences between provable transmitting terminal and receiving end;Conversely, not can prove that then.
Although SYN Flood attack can be with spoofed IP, all IP forged are all from the same host or same local Net.It is as shown in Figure 5 to the IP backtracking specific steps of SYN Flood attack:
Step 1, it will be assumed that the attack is led to from external network (internal network retrogressive method is the same, only simpler) The method of above-mentioned network zero watermarking is crossed it was determined that attack stream is from border router.
Step 2, double using Fig. 1 and zero watermarking extracting method shown in Fig. 3 and communication between each router of internet Square relationship confirmation method, the position for the upper router that confirmation attack stream flows through.
Step 3, step 2 is repeated, until attack stream to be locked in a certain specific local network.
Step 4, in local area network, step 2 is repeated, is no longer the confirmation of network communication relationship between router at this time, and It is the confirmation of correspondence between routing and host or host and host.
Step 5, step 4 is repeated, finally attack stream is locked on certain or a few hosts.
Above-described embodiment, which is only used to further illustrate, of the invention a kind of utilizes comentropy and hash function to carry out network number According to the method that stream zero watermarking extracts, but the invention is not limited to embodiments, according to the technical essence of the invention to above Any simple modification, equivalent change and modification made by embodiment, fall within the scope of protection of technical solution of the present invention.

Claims (4)

1. a kind of method for carrying out the extraction of network data flow zero watermarking using comentropy and hash function characterized by comprising In the original flow of transmitting terminal, by temporally carrying out fragment to data flow, the distribution situation of statistical data packet size and calculating Shannon entropy carries out the extraction of zero watermarking using hash function to it;In receiving end, using same method again to receiving Flow carries out zero watermarking extraction;Confirm transmitting terminal and receiving end with the presence or absence of bright by the comparison of the zero watermarking extracted to both ends Aobvious network communication relationship;
The step of extraction of the network data flow zero watermarking are as follows:
A1, the original data stream t for obtaining transmitting terminal, choose suitable offset o, according to regular hour piece size T to data Stream carries out fragment, obtains l timeslice;
A2, in each timeslice size, the distribution situation of statistical data packet size;It calculates in each time interval, it is different The times N that packet size occursij(i△t);
A3, it calculates in each time interval, the probability that different size packet occurs:
Pij(i △ t)=Nij(i△t)/∑sum J=1Nij(i△t)
Wherein, Nij(i △ t) is represented in i-th of time interval, the number that different size of packet occurs;∑sum J=1Nij(i △ t) generation In the same time interval of table, the total degree that different size of packet occurs, sum represents the sum of different size packet in the time interval;
A4, the value condition that different size packet in each time interval is represented with stochastic variable X are calculated each using aromatic formula Shannon entropy in a timeslice:
H (X) '=- ∑n J=1p(xj)logp(xj)
p(xj) probability when representing a certain particular value in stochastic variable;
A5, quantification treatment is carried out to comentropy H (X) ':
H (X)=H (X) ' * a
Wherein, a is quantization unit;
One group of A6, input code key Key, carry out Hash with the Shannon entropy H (X) after quantization, obtain required watermark:
Wi=HASH (Keyi,H(Xi))
Wherein, WiIt is the characteristic quantity of the watermark and data flow finally required, KeyiIt is i-th of code key, H (Xi) it is i-th The entropy of timeslice, HASH () are hash functions needed for asking watermark.
2. a kind of side for carrying out the extraction of network data flow zero watermarking using comentropy and hash function according to claim 1 Method, it is characterised in that: collect the traffic flow information from transmitting terminal in the border routing of transmitting terminal, zero watermarking is carried out to it and is mentioned It takes, and the zero watermarking W and extracting parameter of extraction is dumped into third-party agent.
3. a kind of side for carrying out the extraction of network data flow zero watermarking using comentropy and hash function according to claim 2 Method, it is characterised in that: the border routing in receiving end collects the traffic flow information for being sent to receiving end, obtains from third-party agent Zero watermarking extract needed for various parameters, using zero watermarking extraction the step of extract the received data flow in receiving end entrained by Zero watermarking W ', and it is sent to third-party agent;Whether the zero watermarking for comparing transmitting terminal and receiving end by third-party agent is identical.
4. a kind of method for carrying out IP backtracking, based on utilization comentropy described in any one of claims 1 to 3 and Hash letter The method that number carries out the extraction of network data flow zero watermarking, characterized by the following steps:
B1, determining attack stream from border routing first with network flow zero watermarking by attacker;
B2, upper one position routed flowed through using the method confirmation attack stream that zero watermarking extraction and network communication relationship confirms It sets;
B3, step B2 is repeated until attack stream to be locked in a certain specific local network;
B4, when locking a certain router or local area network, the host that attack stream flows through is determined according to the method that zero watermarking extracts Attack source is finally locked on certain or a few physical machines by route, realizes that IP recalls with this.
CN201510701787.9A 2015-10-26 2015-10-26 A method of the extraction of network data flow zero watermarking is carried out using comentropy and hash function Active CN105429940B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510701787.9A CN105429940B (en) 2015-10-26 2015-10-26 A method of the extraction of network data flow zero watermarking is carried out using comentropy and hash function

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510701787.9A CN105429940B (en) 2015-10-26 2015-10-26 A method of the extraction of network data flow zero watermarking is carried out using comentropy and hash function

Publications (2)

Publication Number Publication Date
CN105429940A CN105429940A (en) 2016-03-23
CN105429940B true CN105429940B (en) 2019-03-12

Family

ID=55507882

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510701787.9A Active CN105429940B (en) 2015-10-26 2015-10-26 A method of the extraction of network data flow zero watermarking is carried out using comentropy and hash function

Country Status (1)

Country Link
CN (1) CN105429940B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106302433B (en) * 2016-08-11 2019-12-31 华侨大学 Network flow watermark detection method and system based on network flow prediction and entropy
CN106686007B (en) * 2017-03-03 2020-06-02 南京理工大学 Active flow analysis method for discovering intranet controlled rerouting node
CN109005175B (en) * 2018-08-07 2020-12-25 腾讯科技(深圳)有限公司 Network protection method, device, server and storage medium
CN111031006A (en) * 2019-11-22 2020-04-17 国网浙江省电力有限公司绍兴供电公司 Intelligent power grid communication anomaly detection method based on network flow
CN110912895B (en) * 2019-11-26 2022-03-04 华侨大学 Network data flow tracing method based on perceptual hash
CN114124467B (en) * 2021-10-29 2023-05-05 中国电子科技集团公司第三十研究所 FreeNet anonymous flow detection method and system in open network mode

Also Published As

Publication number Publication date
CN105429940A (en) 2016-03-23

Similar Documents

Publication Publication Date Title
CN105429940B (en) A method of the extraction of network data flow zero watermarking is carried out using comentropy and hash function
Gao et al. Tracing cyber attacks from the practical perspective
JP4683383B2 (en) Method and system for resilient packet reverse detection in wireless mesh and sensor networks
Durcekova et al. Sophisticated denial of service attacks aimed at application layer
Sanmorino et al. DDoS attack detection method and mitigation using pattern of the flow
CN109327426A (en) A kind of firewall attack defense method
CN109120602B (en) IPv6 attack tracing method
Devi et al. Detection of application layer DDoS attacks using information theory based metrics
Luo et al. Robust network covert communications based on TCP and enumerative combinatorics
CN109561051A (en) Content distributing network safety detection method and system
Mittal et al. A review of DDOS attack and its countermeasures in TCP based networks
Foroushani et al. Deterministic and authenticated flow marking for IP traceback
Patil et al. Unmasking of source identity, a step beyond in cyber forensic
CN111953527B (en) Network attack recovery system
Aghaei-Foroushani et al. IP traceback through (authenticated) deterministic flow marking: an empirical evaluation
Vijayalakshmi et al. IP traceback system for network and application layer attacks
Chen et al. Preventing DRDoS attacks in 5G networks: a new source IP address validation approach
CN107835168A (en) A kind of authentication method being multiplied based on client information sequence spreading matrix transposition
Rajam et al. A novel traceback algorithm for DDoS attack with marking scheme for online system
Balyk et al. A survey of modern IP traceback methodologies
CN116074051A (en) Equipment fingerprint generation method and equipment
Wang et al. Exploiting Content Delivery Networks for covert channel communications
TWI489820B (en) An attack source trace back method
Pimpalkar et al. Defense against DDOS attacks using IP address spoofing
Park et al. An effective defense mechanism against DoS/DDoS attacks in flow-based routers

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant