| 基于流连接密度的分布式拒绝服务攻击检测 |
| |
| 引用本文: | 孙钦东,张德运,孙朝晖,张晓. 基于流连接密度的分布式拒绝服务攻击检测[J]. 西安交通大学学报, 2004, 38(10): 1048-1052 |
| |
| 作者姓名: | 孙钦东 张德运 孙朝晖 张晓 |
| |
| 作者单位: | 西安交通大学电子与信息工程学院,710049,西安 |
| |
| 基金项目: | 国家信息化计算机网络与信息安全基金资助项目 (2 0 0 1 -研 1 - 0 1 0 ) |
| |
| 摘 要: | 分析了分布式拒绝服务(DDoS)攻击的特点,定义了能够反映DDoS攻击所引起的网络流量变化特点的流连接密度(FCD)概念,并证明了FCD时间序列的非平稳特性.据此,提出了一种基于FCD的DDoS攻击检测方法,该方法通过拟合FCD时间序列的自适应自回归模型,将FCD序列转换为多维空间的向量序列,然后使用经过样本训练的K最近邻分类器进行攻击识别.实验结果及分析显示,该检测方法能够有效检测DDoS攻击,误报率低于4 3%,并能够对流量数据进行在线处理,实现DDoS攻击的在线检测.
|
| 关 键 词: | 分布式拒绝服务 自适应自回归 K最近邻 |
| 文章编号: | 0253-987X(2004)10-1048-05 |
| 修稿时间: | 2003-12-02 |
Detection of Distributed Denial of Service Attacks Based on Flow Connection Density |
| |
| Sun Qindong,Zhang Deyun,Sun Zhaohui,Zhang Xiao. Detection of Distributed Denial of Service Attacks Based on Flow Connection Density[J]. Journal of Xi'an Jiaotong University, 2004, 38(10): 1048-1052 |
| |
| Authors: | Sun Qindong Zhang Deyun Sun Zhaohui Zhang Xiao |
| |
| Abstract: | The features of distributed denial of service (DDoS) attacks are analyzed. The concept of the flow connection density (FCD) which reflects the variation of network flow caused by DDoS attacks is defined, then the characteristics of non-stationary of FCD time series is proved. A new method to detect DDoS attacks is proposed by fitting the adaptive autoregression model of the FCD time series to transform it into the vector sequence in multi-dimensional space, and identifying DDoS attacks by using the .K.-nearest neighbor classifier trained by samples. The experimental results and analysis show that the developed approach can detect DDoS attacks effectively, and the error detection rate is lower than 4.3%.The approach also can deal with the new flow information and detect DDoS attacks online. |
| |
| Keywords: | distributed denial of service adaptive autoregression K-nearest neighbor |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
