中文摘要：

近年来,IP源地址伪造被频繁应用于网络攻击中,对互联网安全造成极大威胁.域间源地址验证方法通过对IP报文进行自治域级别的验证来防御这类网络攻击.学术界提出了这类方法的评价指标,并依照该指标设计出很多新的方法.然而,这些方法尽管指标值优秀,却无一能在实际中得到互联网服务提供商的广泛部署.究其原因,是现有评价指标主要关注互联网整体的安全性,而没有考虑到互联网服务提供商的个体利益.文中首次从互联网服务提供商的经济诉求出发,研究域间源地址验证方法的可部署性评价模型.作者提出将部署收益、部署开销和运维风险作为可部署性评价的3项基本指标,并给出其形式化定义;从理论上证明了该指标体系的合理性;建立了评价模型,为每个指标设计了完善的量化评价方法;以现有著名域间源地址方法的部署收益评价为例,展示了将理论模型应用于方法评价的具体流程,并对评价结果进行深入分析;最后,作者讨论了方法可部署性与互联网整体安全性的关系、方法设计的优化目标以及如何应用模型指导方法的设计.该评价模型的提出,对于设计更易于部署的方法具有指导意义,并有利于促进域间源地址验证方法在互联网的部署.

英文摘要：

In recent years,IP spoofing is frequently used in network attacks,which immensely threatens the Internet security.Inter-domain source address validation methods defend against these attacks by enforcing the domain-level source address verification on the IP packets.The academia has proposed the evaluation criteria for these methods,and designed many methods according to the criteria.However,although these methods meet the criteria,none of them is widely deployed by Internet service providers（ISPs）in practice.The reason is that the current criteria mainly focus on the security of the global Internet,but considers little about ISPs＇ individual interests.For the first time,this paper studies the deployability evaluation model of the interdomain source address validation methods from the perspective of the ISPs＇ economic appeals.We propose deployment benefit,deployment cost and operational risk as the three deployability evaluation criteria,and present their formal definitions;the rationality of the criteria is provedtheoretically;an evaluation model is established,which specifies the comprehensive quantitative evaluation mechanism for each criterion;we apply the model on the evaluation of deployment benefit of existing methods to demonstrate the concrete evaluation process,and present deep analysis of the evaluation results;finally,we discuss the relationship between the deployability of the methods and the security of the global Internet,the optimization objective of the design of the methods,and the use of the model in guiding the method design.The evaluation model will guide the design of highly deployable methods,and facilitate the deployment of inter-domain source address validation methods on the Internet.