基于时频分析的分布式拒绝服务攻击的自动检测

研究了分布式拒绝服务 (DDoS)攻击的特点 ,定义了流连接密度 (FCD)的概念 ,并证明了FCD时间序列的非平稳特性 .据此 ,提出了一种新的基于时频分析的自动检测DDoS攻击的方法 ,该方法采用平滑魏格纳 维利分布对FCD时间序列进行时频变换 ,将FCD时间序列转换为二维空间内的波动能量分布 ,并有效抑制了二次交叉项的影响 ,然后使用经过样本训练的K最近邻分类器进行攻击识别 .实验结果表明 ,该检测方法能够比较准确地识别DDoS攻击 ,识别误差主要出现在网络状态切换阶段 ,这对攻击识别的影响很小 ,识别误差率仅为 4 2 6 % .

Automatic Detection of Distributed Denial of Service Attacks Based on Time-Frequency Analysis

Based on the analysis of distributed denial of service (DDoS) attacks, the flow connection density (FCD) is defined and the characteristic of non-stationary of FCD time series is proved. A new method to detect DDoS attacks is proposed based on the time-frequency analysis of FCD. The proposed method detects DDoS attacks by transforming the time series of FCD with smooth Winger-Ville distribution, to obtain the energy distribution of the time series in two-dimensional space and suppress the effect of the quadratic cross term, and then identifying DDoS by using the K-nearest neighbor classifier trained by samples. The experimental results show that the developed approach can detect DDoS attacks correctly, and identification errors mainly present to the switching stage of the network with little influence on the identification of DDoS attacks. Compared with the theoretic value, the identification error ratio is only 4.26%.