摘要
基于当前入侵检测技术在检测到攻击的情况下没有良好的反应策略过滤攻击流量这一问题,提出了基于攻击流量特征聚类的特征提取算法AFCAA(anomalytrafficcharacteraggregationalgorithm).针对一般DOS(denialofservice)/DDOS(distributeddenialofservice)攻击流数据包头中具有某些相似的特性,AFCAA通过运用重心原理进行统计聚类,在一定的欧氏距离范围内对基于目的IP的攻击流样本相应字段进行聚类划分,动态地提取出攻击流的重心作为攻击的特征.然后,及时地把其特征传输给NetFilter,可以进行高效的过滤,并保护正常流量的传输.实验结果表明,对当前流行的多种拒绝服务攻击,应用AFCAA系统的软件路由器都能够较准确地获取异常流量的特征,从而有效地进行过滤,减少攻击包传播的危害,保护有限的网络资源.
Under the situation of detecting attacks, current IDSs have no good reacting strategy to filter attack traffic. Based on network attacks' traffic characters, an anomaly traffic character aggregation algorithm (AFCAA) is put forward. Because normal DOS (denial of service)/DDOS (distributed denial of service) attack traffic has some characters in their packets' head, AFCAA uses the center of gravity theory to process statistic aggregation and aggregation partition based on the special field of the destination IP attack traffic in a fixed Euclid distance, and then it distills the center of attack traffic dynamically as the characters of attacks. Afterwards, through transmitting these characters to Net Filter, AFCAA can filter abnormal packets efficiently and protect the normal packet transmission. The experimental results show that the software router using AFCAA can efficiently find useful characters of prevalent DOS/DDOS attacks, reduce the harm of attack packets' spreading, and protect the limited network resources.
出处
《软件学报》
EI
CSCD
北大核心
2006年第2期295-304,共10页
Journal of Software
基金
国家自然科学基金
国家高技术研究发展计划(863)
教育部回国人员基金资助
南京市回国人员基金资助
华为研究基金~~
