摘要
文章根据分布式拒绝服务攻击(DDoS)的本质特点,提出了一种基于隐马尔可夫模型(HMM)的DDoS攻击检测方法。该方法通过IP地址信息库,保存当前常用服务的源IP地址,然后对新到数据包的IP地址用HMM建模。通过离线训练,更新IP地址信息库,优化HMM参数。在线检测时,IP地址信息库在线学习更新,HMM实时检测,并根据检测结果通过边界路由器进行积极响应。实验结果显示,该方法具有很好的检测效果,并能及时响应,保持常用服务的延续性。
On the basis of the inherent feature of distributed denial of service (DDoS) attacks, a novel approach of detection of DDoS attacks based on hidden Markov model (HMM) is proposed. We first build an IP addresses database, which keeps all the legitimate IP addresses which have previously appeared in the network, and then established HMM, which is based on the new IP addresses of normal network data packet. HMM and IP address database is trained separately though off-line training. The model is then used to detect the DDoS attacks by processing the network traffic and the edge router is used to decide whether to admit an incoming IP packet. Experimental results show that this method works very well on the DDoS attacks in adaptability and detection accuracy.
出处
《微电子学与计算机》
CSCD
北大核心
2006年第10期176-177,180,共3页
Microelectronics & Computer
基金
国家自然科学基金项目(60303012)
关键词
分布式拒绝服务
隐马尔可夫模型
学习机制
Distributed denial of service, Hidden Markov model, Learning mechanism
