期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于主动探测机制的SYN Flooding攻击检测方法 被引量:1

Active Detecting Method against SYN Flooding Attacks
下载PDF
导出
摘要 SYN Flood给网络正常运行带来极大危害,而已有广泛研究的基于流量自相似性的检测方式对这种小包攻击可能会失效。通过对DAG卡捕获高精度流量样本进行分析,提出一种基于主动探测机制的SYN攻击检测方法。该方法将包对测量背景流量技术应用于异常流量检测中,用夹入背景流长度变化来检测攻击。实验表明,该算法对SYN攻击检测率可达88%。这种基于端到端的检测方法,具有良好的灵活性和可控制性等优点。 SYN Flood brings great danger to the normal network operation. Many research studies detect the attack by analyzing the self-similarity of network traffic. However, the method may be ineffective to SYN Flood. By analyzing the high-precision traces which are captured by DAG cards, we proposed a new SYN Flood detection mechanism based on the active detection. It brings the technology of packet-pair to abnormal traffic detection that detects SYN Flood, according to the background flow length change. The method has a 88% SYN attack detection rate from experimental results. This method is based on end-to-end technology which has better flexibility and controllability.
作者 李海伟 张大方 刘俊 杨晓波
机构地区 湖南大学计算机与通信学院 湖南大学软件学院
出处 《计算机科学》 CSCD 北大核心 2010年第3期117-120,共4页 Computer Science
基金 国家自然科学基金(NSFC)项目(90718008 60673155)资助
关键词 SYN Flooding攻击 自相似性 异常检测 包对 SYN flooding attack,Self-similarity,Abnormal detection,Packet pair
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献14

  • 1Chang R K C. Defending against flooding-based distributed denial- of-service attack: a tutorial[J]. IEEE Comm Magazine, 2002,40 (10) :42-51.
  • 2Wang H N, Zhang D L, Shin K G. Detecting SYN flooding attacks[C]//Proc, of the 21st Annual Joint Conf. of the IEEE Computer and Communications Societies. 2002,3:1530-1539.
  • 3Jin C,Wang H N,Shin K G. Hop-Count filtering: An effective defense against spoofed DDoS traffic[C]//Proc, of the 10th ACM Conf. on Computer and Communications Security. 2003: 30- 41.
  • 4Kim Y W, Lau W C, Chuah M C, et al. Packetscore: Statisticalbased overload control against distributed denial-of-service attacks[C]//Proc, of the 23rd Annual Joint Conf. of the IEEE Computer and Communications Societies. 2004,4:2594-2604.
  • 5严芬,王佳佳,陈轶群,殷新春,黄皓.一种轻量级的SYN Flooding攻击检测方法[J].计算机科学,2008,35(9):72-75. 被引量:6
  • 6Rohani M F,Maarof M A, et al. An implementation of LoSS detection with second order statistical model[C]//Proceedings of the Postgraduate Annual Research Seminar. FSKSM, UTM, 2007.
  • 7Li M. Change trend of averaged hurst parameter of traffic under DDOS flood attacks[J]. Computer & Security, 2006,25 (3) : 213- 220.
  • 8任勋益,王汝传,王海艳.基于自相似检测DDoS攻击的小波分析方法[J].通信学报,2006,27(5):6-11. 被引量:56
  • 9Leland W,Taqqu M,Willinger W. On the self-similar nature of Ethernet traffic(Extended Version)[J]. IEEE/ACM Trans on Networking, 1994,2 ( 1 ) : 1-15.
  • 10Paxson V, Floyd S. Wide area traffic : the failure of poisson modeling[J]. IEEE/ACM Tracns on Networking, 1995,3 (3): 226- 244.

二级参考文献23

  • 1孙钦东,张德运,高鹏.基于时间序列分析的分布式拒绝服务攻击检测[J].计算机学报,2005,28(5):767-773. 被引量:55
  • 2陈伟,何炎祥,彭文灵.一种轻量级的拒绝服务攻击检测方法[J].计算机学报,2006,29(8):1392-1400. 被引量:26
  • 3CHANG R K C.Defending against flooding-based distributed denial-of-service attack:a tutorial[J].IEEE Comm Magazine,2002,40(10):42-51.
  • 4LAU F,RUBIN S H,SMITH M H.Distributed denial of service attacks[A].Proceedings of the IEEE International Conference on Systems,Man,and Cybernetics[C].Nashville,2000.2275-2280.
  • 5LELAND W,TAQQU M,WILLINGER W.On the self-similar nature of Ethernet traffic (Extended Version)[J].IEEE/ACM Trans on Networking,1994,2(1):1-15.
  • 6PAXSON V,FLOYD S.Wide area traffic:the failure of poisson modeling[J].IEEE/ACM Trans on Networking,1995,3(3):226-244.
  • 7DANG T D,MOLNAR S.On the Effects of Non-Staionarity in Long Range Dependent Tests[R].Budapest Univ Technology and Economics Tech Rep,Budapest,Hungary,1999.
  • 8ABRY P,VEITCH D.Wavelet analysis of long range dependent traffic[J].IEEE Trans on Infor Theory,1998,44(1):2-15.
  • 9李弻程,罗建书.小波分析及其应用[M].北京:电子工业出版社,2003.
  • 10DAUBECHIES I.Ten Lectures on Wavelets[M].Philadelphia,PA:SIAM,1992.

共引文献60

同被引文献9

  • 1陈杰,薛质,单蓉胜.一种基于Patricia树的检测Syn Flood攻击的方法[J].计算机工程,2004,30(13):26-28. 被引量:4
  • 2林白,李鸥,赵桦.基于源端网络的SYN Flooding攻击双粒度检测[J].计算机工程,2005,31(10):132-134. 被引量:6
  • 3贾春福,刘春波,高敏芬等译.计算机安全原理与实践[M].北京:机械工业出版社,2008.
  • 4SYNFlood攻击的基本原理及防御[EB/OL].http://www.bitscn, com/network/hack/200705 / 102673. html, 2007.
  • 5WANG H,ZHANG D,SHIN K G.Detecting SYN flood attacks[J/OL].Proceedings of the Annual Joint Conference of the IEEE Computer Society and Communications Society (INFOCOM), New York, NY, USA, 2002,3 : 1530-1539.
  • 6Xiao Bin, Chert Wei, He Yanxiang,et al.An active detecting method against SYN flood attack[J/OL].The llth International Conference on Parallel and Distributed Systems (ICPADS'05), Volume I, 709-715, Fukuoka, Japan, 2005.07.
  • 7Ling Yun,Gu Ye,Wei Guiyi.Detect SYN flood attack in edge routers[J].International Journal of Security and its Applications, 2009,3 (1) : 32-45.
  • 8许晓东,杨海亮,朱士瑞.基于重尾特性的SYN洪流检测方法[J].计算机工程,2008,34(22):179-181. 被引量:5
  • 9黄发文,徐济仁,陈家松.计算机网络安全技术初探[J].计算机应用研究,2002,19(5):46-48. 被引量:39

引证文献1

计算机科学
2010年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部