摘要
分布式拒绝服务攻击的原理简单,但危害严重.在攻击源端的检测方法有诸多优点,但也存在着挑战,如攻击源端攻击数据流量小,不易检测,不能使用服务商过多的资源等.文中针对这些特点提出了一种在攻击源端的轻量级方法.该方法使用BloomFilter对网络数据进行提取,在此基础上使用变化点检测方法对数据进行分析,可以达到使用少量资源进行准确检测的目的.重放DARPA数据的实验表明,在使用相同存储开销的前提下,该方法与同类工作相比,检测结果更准确,计算资源消耗更少.
Distributed Denial of Service (DDoS) attack is a major threat to Internet services. Research on this kind of attack is significant for the security and reliability of the Internet. Defense at the source-end has many advantages but it also encounters several challenges. One is the inaccurate detection. Compared to the attacking traffic at victim side, the malicious traffic near source-end is relatively much low and does not show evident features. Another problem for the source-end detections is a lack of motivation for source-end ISPs to deploy them due to storage and computation cost consideration. To make the defense at the source-end more practical, the authors propose an efficient and flexible method. A Bloom filter based hash table is employed to monitor asymmetric TCP handshakes for the purpose of saving memory storage and computation cost. After information about the asymmetric traffic is extracted and stored in the Bloom filter, CUSUM is then applied to detect abnormal changes in the digested traffic. The method is evaluated and compared with other two similar methods in experiments. In experiment environment DARPA data is replayed and all methods use same storage cost, results show the proposed method obtains the most accurate detection result with lest computation cost.
出处
《计算机学报》
EI
CSCD
北大核心
2006年第8期1392-1400,共9页
Chinese Journal of Computers
基金
国家自然科学基金重大研究计划(90104005)
湖北省自然科学基金(2003ABA047)
江西省自然科学基金(511010)资助.
