期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于宏观网络流相关性的DDoS攻击检测 被引量:6

DDoS Attack Detection Based on Correlation of Macro Network Flow
下载PDF
导出
摘要 针对现行分布式拒绝服务(DDoS)攻击检测方法存在检测效率低、适用范围小等缺陷,在分析DDoS攻击对网络流量大小和IP地址相关性影响的基础上,提出基于网络流相关性的DDoS攻击检测方法。对流量大小特性进行相关性分析,定义Hurst指数方差变化率为测度,用以区分正常流量与引起流量显著变化的异常性流量。研究IP地址相关性,定义并计算IP地址相似度作为突发业务流和DDoS攻击的区分测度。实验结果表明,对网络流中流量大小和IP地址2个属性进行相关性分析,能准确地区分出网络中存在的正常流量、突发业务流和DDoS攻击,达到提高DDoS攻击检测效率的目的。 Aiming at the defects such as detection efficiency is still low,the application scope is narrow in currently detection methods,based on analyzing the impact of the correlation of traffic size and IP address caused by Distributed Denial of Service(DDoS) attacks,this paper proposes a method of detecting DDoS attacks based on the correlation of network flow,analyses the correlation of traffic size,defines the rate of variance of hurst exponent as the measure to distinguish the normal traffic and abnormal traffic which cause the original traffic increase notable.The correlation of IP address is analysed,flash traffic and DDoS attacks through the measure of degree of similarity are distinguished.Result shows that through combine correlation analysis of traffic size and IP address,it can distinguish DDoS attacks traffic from normal traffic and burst traffic,and raise the detection efficiency.
作者 许晓东 范艳华 朱士瑞
机构地区 江苏大学网络中心
出处 《计算机工程》 CAS CSCD 北大核心 2011年第10期134-136,共3页 Computer Engineering
基金 江苏省教育厅高校科学研究基金资助项目(03KJD520073)
关键词 分布式拒绝服务攻击 自相似性 突发业务流 相似度 Distributed Denial of Service(DDoS) attack self-similarity burst traffic degree of similarity
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献5

  • 1Chang R K C.Defending Against Flooding-based Distributed Denial-of-Service Attacks:A Tutorial[J].IEEE Communications Magazine,2002,40(10):42-51.
  • 2Xiang Y,Lin Y.Detecting DDoS Attack Based on Network Self-similarity[J].IEE Proceeding on Communications,2004,151(3):292-295.
  • 3Abry P,Baraniuk R,Flandrin P,et al.Multi-scale Network Traffic Analysis,Modeling,Inference Using Wavelets,Multi-fractal and Cascades[J].IEEE Signal Processing Magazine,2002,19(3):28-46.
  • 4Leland W E,Taqqu M S,Wilson D V On the Self-similar Nature of Ethernet Traffic[J].IEEE/ACM Transactions on Networking,1994,2(1):1-15.
  • 5朱士瑞,耿春梅,许晓东.基于EBP的宏观网络流量异常行为检测[J].计算机工程,2009,35(13):131-133. 被引量:3

二级参考文献5

  • 1任勋益,王汝传,王海艳.基于自相似检测DDoS攻击的小波分析方法[J].通信学报,2006,27(5):6-11. 被引量:56
  • 2Leland W E,Taqqu M S,Willinger W,et al.On The Self-similar Nature of Ethernet Traffic(Extended Version)[J].IEEE/ACM Transactions on Networking,1994,2(1):1-15.
  • 3Paxson V,Floyd S.Wide Area Traffic:The Failure of Poisson Modeling[J].IEEE/ACM Transactions on Networking,1995,3(3):226-244.
  • 4Hu Hanping,Guo Wenxuan,Zhang Baoliang,et al.A Method of Security Measurement of the Network Data Transmission[C]//Proc.of the 19th IEEE International Symposium on Parallel and Distributed Processing.[S.l.]:IEEE Press,2005:2338-2368.
  • 5Jones O D,Shen Y.Estimating the Hurst Index of a Self-similar Process via The Crossing Tree[J].IEEE Signal Processing Letters,2004,11(4):416-419.

共引文献2

同被引文献51

引证文献6

二级引证文献26

计算机工程
2011年 第10期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部