信息安全研究2025,Vol.11Issue(4):296-303,8.DOI:10.12379/j.issn.2096-1057.2025.04.01
网络拓扑混淆技术综述
A Survey of Network Topology Obfuscation Techniques
摘要
Abstract
Link-Flooding Attack(LFA)is a novel distributed denial-of-service(DDoS)attack that exploits network topology detection.Network Topology Obfuscation serves as an effective deceptive defense mechanism against this attack,aiming to provide proactive protection before an attack occurs.Over the past decade,relevant research has continuously made progress,proposing corresponding obfuscation solutions for different scenarios and objectives.This paper comprehensively reviews the network topology obfuscation techniques.First,it combines the basic principles and classifications of network topology discovery to point out the risks of topology leakage in current network topology discovery.Next,it formally defines network topology obfuscation design and presents a proactive defense model.Then,based on the obfuscation concept,the technologies are divided into packet modification,decoy traps,routing mutation,and metric forgery schemes,and proposes a set of metrics to comprehensively compare the current mainstream network topology obfuscation techniques.关键词
链路洪泛攻击/网络拓扑混淆/主动防御/欺骗防御/拓扑泄露风险Key words
link-flooding attack/network topology obfuscation/active defense/deceptive defense/topology leakage risks分类
计算机与自动化引用本文复制引用
黄春娇,张宇,史建焘,朱国普..网络拓扑混淆技术综述[J].信息安全研究,2025,11(4):296-303,8.基金项目
国家重点研发计划项目(2022YFB3102903) (2022YFB3102903)
