摘要
网络攻击追踪溯源在定位攻击源、阻止或抑制网络攻击、提供法律举证、威慑攻击者等方面具有非常积极的意义。近年来,学术界对此开展了大量的研究,并提出了多种追踪溯源技术体制。分析了在大规模网络环境下网络攻击追踪溯源所面临的问题,以及当前主要技术体制的优缺点和适用性,提出了融合多种追踪溯源机制的多源追踪溯源技术思路,设计了基于信息融合的扩展性强、易于部署建设的MSNAA网络攻击追踪溯源系统架构。
The attributing technology for network attack plays a key role in locating attack source, stopping or checking attack, providing lawful testimony, and deterring attackers. In this paper, the difficulties for network attack attribution in large-scale network are discussed, and the technical principles and technical characteristics of present attack-tracing approaches are described. Meanwhile the multi-source attributing approach in combination of multiple attributing mechanisms is proposed, and the information fusion-based multi-source network attack attribution architecture of strong scalability and easy deployment also de- signed.
出处
《通信技术》
2013年第12期77-81,共5页
Communications Technology
关键词
网络安全
网络攻击追踪溯源
IP追踪
信息融合
network security
network attack attribution
IP traceback
information fusion