基于神经网络的伪造IP拒绝服务攻击检测与过滤

Defending Spoofing IP Address Attack Using Neural Network on Boarder Routers

通过对互联网行为的研究,提出了一种基于神经网络的伪造IP拒绝服务攻击检测与过滤技术.该技术在对互联网IP数据包路由路径的合理假设下,充分利用了神经网络的学习和表达能力,使用未发现攻击时的数据进行学习与检测,在发现攻击时利用神经网络进行过滤.通过分析过滤方法在一定程度上达到保护本地网络不受DDoS攻击侵害的目的.经分析和验证,该方法在攻击检测与过滤中具有一定效果.

IP - based flooding attack is a common form of Distributed Denial-of-Service （DDoS） attacks which abuses network resources and may bring serious threats to the network. This attack is hard to be filtered by the routers in case that the source IP address is always spoofed. This paper describes a method to filter the attacking traffic on the boarder touters using neural network. This method trains the neural network while not being attacked, and when under attack, uses the network to classify the attacking traffic and the normal traffic. Our approach does not require changes to the Internet router algorithms or protocols. And it may highly effectively classify the attacking traffic and the normal traffic with little priori knowledge.