基于多维信息熵值的DDoS攻击检测方法

针对互联网中日益严重的分布式拒绝服务攻击行为,提出了一种基于多维信息熵值的DDoS攻击检测方法.首先根据DDoS攻击的特点,采用条件熵及相异熵构建具有良好区分度的多维攻击检测向量,在此基础上采用滑动窗口的多维无参数CUSUM算法放大正常流量与攻击流量的差异来实现DDoS攻击的检测.通过实际网络攻击流量及合成攻击流量测试表明:文中提出的算法能够检测到LLS_ DDoS数据集及合成数据集中的全部攻击,算法对于DDoS攻击的响应速度快,能够应用于高速骨干网络中.

Detection DDoS Attack Based on Multi-Dimensional Entropy

In order to detect the increasingly serious distributed denial of service (DDoS) attack on the internet, an algorithm for detecting DDoS attack based on multi-dimensional information entropy is proposed. First of all, according to the property of DDoS attack, the multi-dimensional detecting vector which is capable of distinguishing attack from normal traffic is constructed based on conditional entropy and discrepant entropy. Then the sliding multi-dimensional non-parameter CUSUM algorithm with the capability of amplifying the discrepancy between normal and abnormal network traffic is adopted to detect DDoS attack. The experiments over actual and composite network attack traffic show that the proposed algorithm can detect all the DDoS attacks in both traces. Meantime, the proposed algorithm is capable of detecting DDoS attack quickly and it can be applied in the high backbone network.