摘要
分布式拒绝服务攻击(DDoS)在短时间内产生大量的数据包,可以迅速耗尽网络或者主机的资源,对Internet的稳定性造成了巨大威胁。文中通过分析DDoS攻击的原理及攻击者的行为方式,划分攻击阶段,提取攻击特征,据此建立多Agent DDoS检测模型并分配各Agent的任务。模型由熵检测算法捕捉网络数据包的异常,再由DDoS的Ontology推断出攻击的具体情况。根据在DARPA 2000入侵检测数据集上的实验结果,模型对DDoS攻击的准备阶段和实施阶段有较高的识别率。
Distributed Denial of Service (DDoS) attacks generate enormous packets, and can easily exhaust the resource of a network or a host within a short period of time. It imposes a very serious threat to the stability of the Internet. This paper analyses the attacking rules and attacker's behaviors of DDoS, and then proposes a DDoS attack detection model based on multi-agent. The model uses the entropy detection algorithm to detect abnormal packets, and deduces details of the attack using specific DDoS Ontology. The experiment is based on DARPA 2000 Intrusion Detection Scenario Specific Data Set. The results indicate that this method can effectively detect DDoS attacks.
出处
《计算机科学》
CSCD
北大核心
2008年第3期292-295,共4页
Computer Science
基金
重庆市自然科学基金资助