期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于流量行为的DDoS检测系统 被引量:4

DDoS Detection System Based on Traffic Behavior
下载PDF
导出
摘要 针对传统攻击检测算法不能实时识别攻击源和受害者的问题,基于对单用户流量行为的分析,设计实现一种实时的DDoS洪流攻击检测和防御系统。通过周期性地检测每个用户发送和接收的流量,判断其是否满足TCP和UDP协议行为的时间同步性,从而有效识别攻击者、受害者和正常用户,并且实时过滤攻击流量和转发正常流量。测试结果表明,该系统能够在攻击早期实时地检测出攻击者并过滤其流量,防御效果明显。 Because many traditional detection algorithms can not real time inspect the attack source and the victim, based on single-user traffic behavioral analysis, this paper presents a real-time DDoS flooding attack detection and prevention system. Based on the time synchronization of TCP and UDP protocol behavior, through periodically detecting every single IP user's sending and receiving traffic and judging whether its traffic behaviors meet the synchronization or not. This system can effectively recognize attackers, victims and normal users, and real time filter attackers' traffic and forward normal users' packets. Experimental results show that the system can make a real-time detection for DDoS flooding attacks and determine the attacker at the early attacking stage, and the defense effect is obvious.
作者 张毅 刘强
机构地区 重庆邮电大学通信与信息工程学院
出处 《计算机工程》 CAS CSCD 北大核心 2011年第4期134-136,共3页 Computer Engineering
基金 教育部科学技术研究基金资助重点项目(208117) 重庆市教委基金资助重点项目(KJ070516)
关键词 DDoS洪流攻击 实时性 单用户流量行为 无参数CUSUM算法 DDoS flooding attack real-time single-user traffic behavior non-parametric CUSUM algorithm
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献5

  • 1Arbor Network. Worldwide Infrastructure Security Re- port [EB/OL]. (2009-09-12). http://www.arbornetwork.com/report.
  • 2Li Xin, Fang Bian, Crovella M, et al. Detection and Identification of Network Anomalies Using Sketch Subspaces[EB/OL]. (2006-09-23). 2006www.eiteulike.org/user/fnkhan/article.
  • 3Ringerg H, Soule A, Rexford J, et al. Sensitivity of PCA for Traffic Anomaly Detection[C]//Proceedings of ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems. [S. l.]: ACM Press, 2007.
  • 4秦晓明,赵建功,姜建国.序列检测在DDoS检测中的应用[J].计算机工程,2009,35(4):146-148. 被引量:3
  • 5Xu Chuan, Tang Hong, Zhao Guofeng. Design and Complemen- tation of a Real Time Traffic Measurement System in High-speed Networks[C]//Proc. of IEEE NPC'08. [S. l.]: IEEE Press, 2008: 341-344.

二级参考文献6

  • 1蔡玮珺,黄皓.DDoS攻击IP追踪及攻击源定位技术研究[J].计算机工程,2006,32(14):151-153. 被引量:6
  • 2荆一楠,屠鹏,王雪平,张根度.一种基于反向确认的DDoS攻击源追踪模型[J].计算机工程,2007,33(2):127-129. 被引量:2
  • 3Abdelsayed S, Glimsholt D, Leckie C, et al. An Efficient Filter for Denial-of-service Bandwidth Attacks[C]//Proc. of GLOBECOM'03. San Francisco, CA, USA: [s. n.], 2003.
  • 4Brodsky B, Darkhovsky B. Nonparametric Methods in Change-point Problems[M]. Dordrecht, Netherlands: Kluwer Academic Publishers, 1993.
  • 5Bloom B H. Space/Time Trade-offs in Hash Coding with Allowable Errors[J]. Communication of the ACM, 1970, 13(7): 422-426.
  • 6Lippmann R, Fried D, Graf I, et al. Evaluating Intrusion Detection Systems: The 1998 DARPA off-line Intrusion Detection Evaluation[C]//Proc, of the 2000 DARPA Information Survivability Conf. and Exposition. [S. l.]: IEEE Computer Society, 2000.

共引文献2

同被引文献21

  • 1吴庆涛,张有根,邵志清.基于网络连接统计的分布式拒绝服务攻击检测[J].华东理工大学学报(自然科学版),2006,32(5):583-586. 被引量:4
  • 2杨宏宇,谢丽霞.网络入侵诱骗技术——蜜罐系统的应用[J].计算机工程,2006,32(13):176-178. 被引量:15
  • 3郝桂英,赵敬梅,齐忠,刘凤.一种基于主动防御网络安全模型的设计与实现[J].微计算机信息,2006,22(08X):88-89. 被引量:17
  • 4李一.网络行为:一个网络社会学概念的简要分析[J].兰州大学学报(社会科学版),2006,34(5):48-53. 被引量:31
  • 5宗兆伟,黎峰,翟征德.基于统计分析和流量控制的DNS分布式拒绝服务攻击的检测及防御[C].北京:2009全国计算机网络与通信学术会议.2009.
  • 6CNCERT/CC.2010互联网网络安全态势综述[R].2011.
  • 7Subbulakshmi T, Shalinie S M, Ramamoorthi A,Detcction and classification of DDoS attacks using machine learning algorithms[Y]. European Journal of Scientific Research, 2010,47 (3) : 334-346.
  • 8Wang Yao,Hu Mingzeng,Li Bin, et al.Tracking anomalous behav- iors of name servers by mining DNS traffic[C]//Lecture Notes in Computer Science,2006,4331:351-357,.
  • 9Rastegari S, Saripan M I, Rasid M F A.Detection of denial of service attacks against domain name system using neural net- works[J].IJCSI International Journal of Computer Science Issues, 2009( 1 ) : 23-27.
  • 10Xu Tu,He Dake,Zhcng Yu,Detecting DDoS attack based on one- way connection dcnsity[C]//Procecdings of 10th IEEE Internation- al Conference on Communication Systems,2006: 1-5.

引证文献4

二级引证文献6

计算机工程
2011年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部