@article{oai:ipsj.ixsq.nii.ac.jp:00220188,
 author = {奥田, 尚樹 and 前田, 香織 and 高野, 知佐 and 市原, 英行 and Naoki, Okuda and Kaori, Maeda and Chisa, Takano and Hideyuki, Ichihara},
 issue = {9},
 journal = {情報処理学会論文誌},
 month = {Sep},
 note = {サイバー空間に脅威を与えるサイバー攻撃の1つ，DDoS（Distributed Denial of Service）攻撃は，攻撃トラヒックサイズが増幅する傾向にあり，その規模は数テラbpsに到達している．これに対してDDoS攻撃の被害を抑えるDDoS攻撃緩和システムが提案されている．特に，サービス継続のために緩和期間中に攻撃外の正常通信のパケット損失を防ぐことが重要である．本稿では，サービス継続を目的として拡散型フロー制御を用いるDDoS攻撃緩和方式を提案し，その有効性を示す．この方式は，DDoS攻撃元から攻撃対象までのルータ等をオーバレイネットワークで構成し，ノードのバッファあふれまでの時間（緩和時間）を拡散型フロー制御により，伸ばすものである．このとき攻撃トラヒックの転送レートの算出が必要となるが，本稿では既存の算出式を改良することにより，従来できてなかった各ノードのバッファ容量のばらつきがある実ネットワークに近い場合の緩和時間を伸ばすことができることを示す．また，DDoS攻撃の攻撃規模が増大した場合についても，攻撃規模に応じた適切なネットワーク資源の配分を行うことで，十分に緩和の効果を発揮できることを示す．, DDoS (Distributed Denial of Service) attacks, which are one of the cyber attacks that pose a threat to cyberspace, tend to increase the attack traffic size, and the scale has reached several Tera bps. On the other hand, a DDoS attack mitigation system that suppresses the damage of DDoS attacks has been proposed. In particular, it is important to prevent packet loss of normal communication outside the attack during the mitigation period in order to continue the service. In this paper, we propose a DDoS attack mitigation method that uses diffuse flow control for the purpose of service continuity, and show its effectiveness. In this method, routers from the DDoS attack source to the attack target are configured with an overlay network, and the time (mitigation time) until the node buffer overflows is extended by diffuse flow control. At this time, it is necessary to calculate the transfer rate of the attack traffic. The proposed calculation method in this paper by improving in the existing one can extend the mitigation time in the case of actual networks of which the buffer capacity of each node varies. This case is not focused in the existing method. Shows that can be stretched. The paper also shows that even when the attack scale of a DDoS attack increases, tour proposed method is useful the paper by allocating appropriate network resources according to the attack scale.},
 pages = {1410--1418},
 title = {拡散型フロー制御を用いるDDoS攻撃緩和方式の有効性評価},
 volume = {63},
 year = {2022}
}