摘要
为有效地防御分布式拒绝服务DDoS(DistributedDenialofService)的攻击 ,提出了基于多域间入侵检测系统IDSs(IntrusionDetectionSystems)合作的攻击检测模型 .围绕重要网络资源 ,构建了以〈路由器 ,IDS〉对为基础的闭合的IDS合作环 ,通过环上节点间信息共享和合作组内的警报关联分析 ,能够在DDoS攻击数据包汇聚成致命攻击流之前捕获攻击特征并采取相关措施 .提出了合作环组织方式、共享信息交换方式、警报关联算法以及各节点系统逻辑结构 .利用原型多域合作入侵检测MDCI(MultipleDomainsCooperativeIntrusion detection)系统实施了DDoS攻击实验 ,针对实验数据分析可以看出 ,合作环模型有效地提高了IDS系统对DDoS攻击的预警速度 .
To prevent the DDoS (distributed denial of service) attacks effectively, a cooperative detection model was proposed based on the cooperation among the IDSs (intrusion detection systems) distributed in multiple administrative domains. Surrounding some valuable network assets, the enclosed defense ring was set up that consists of (IDS, Router) pairs with the IDS monitoring specific router traffic. The IDSs reside in the ring were allotted to a cooperation group. With the information exchanging and alert correlating within the group, the signatures of DDoS attacks aimed at the network assets could be captured timely before the overwhelming attack flooding aggregates. The construction method of cooperation rings, the information exchange mode, alerts correlation method and infrastructure of cooperative IDS entity were proposed. Some experiments were conducted with the MDCI (multiple domains cooperative intrusion-detection) system, a prototype system. Results show that the prototype improves detection performance effectively.
出处
《北京航空航天大学学报》
EI
CAS
CSCD
北大核心
2004年第11期1106-1110,共5页
Journal of Beijing University of Aeronautics and Astronautics
基金
国家自然科学基金资助项目 (90 2 0 40 14 )
吉林省自然科学基金资助项目 (2 0 0 3 0 5 16 2 )
关键词
入侵检测系统
分布式拒绝服务攻击
合作检测
闭合环
Computer crime
Correlation methods
Distributed computer systems
Interoperability
Security of data
Topology
