摘要
低速率拒绝服务(LDoS,low-rate denial of service)攻击是一种降质服务(RoQ,reduction of quality)攻击,具有平均速率低和隐蔽性强的特点,它是云计算平台和大数据中心面临的最大安全威胁之一。提取了LDoS攻击流量的3个内在特征,建立基于BP神经网络的LDoS攻击分类器,提出了基于联合特征的LDoS攻击检测方法。该方法将LDoS攻击的3个内在特征组成联合特征作为BP神经网络的输入,通过预先设定的决策指标,达到检测LDoS攻击的目的。采用LDoS攻击流量专用产生工具,在NS2仿真平台和test-bed网络环境中对检测算法进行了测试与验证,实验结果表明通过假设检验得出检测率为96.68%。与现有研究成果比较说明基于联合特征的LDoS攻击检测性优于单个特征,并具有较高的计算效率。
LDoS (low-rate denial of service) attack is a kind of RoQ (reduction of quality) attack which has the characte- ristics of low average rate and strong concealment. These characteristics pose great threats to the security of cloud com- puting platform and big data center. Based on network traffic analysis, three intrinsic characteristics of LDoS attack flow were extracted to be a set of input to BP neural network, which is a classifier for LDoS attack detection. Hence, an ap- proach of detecting LDoS attacks was proposed based on novel combined feature value. The proposed approach can speedily and accurately model the LDoS attack flows by the efficient self-organizing learning process of BP neural net- work, in which a proper decision-making indicator is set to detect LDoS attack in accuracy at the end of output. The pro- posed detection approach was tested in NS2 platform and verified in test-bed network environment by using the Linux TCP-kernel source code, which is a widely accepted LDoS attack generation tool. The detection probability derived from hypothesis testing is 96.68%. Compared with available researches, analysis results show that the performance of com- bined features detection is better than that of single feature, and has high computational efficiency.
出处
《通信学报》
EI
CSCD
北大核心
2017年第5期19-30,共12页
Journal on Communications
基金
国家自然科学基金资助项目(No.U1533107
No.U1433105)
中央高校基本科研业务基金资助项目(No.3122016D003)
中国民航大学研究生课程案例开发基金资助项目
天津市自然科学重点基金资助项目(No.17JCZDJC30900)~~
关键词
低速率拒绝服务攻击
联合特征
BP神经网络
异常检测
low-rate denial of service attack, united features, BP neural network, anomaly detection
