期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于最大频繁序列模式挖掘的App-DDoS攻击的异常检测 被引量:7

Detecting App-DDoS Attacks Based on Maximal Frequent Sequential Pattern Mining
下载PDF
导出
摘要 为了动态、准确、高效地描述用户的访问行为,实现对不同应用层分布式拒绝服务(Application-layerDistributed Denial of Service,App-DDoS)攻击行为的透明检测,该文提出基于最大频繁序列模式挖掘的ADA_MFSP(App-DDoS Detection Algorithm based on Maximal Frequent Sequential Pattern mining)检测模型。该模型在对正常Web访问序列数据库(Web Access Sequence Database,WASD)及待检测WASD进行最大频繁序列模式挖掘的基础上,引入序列比对平均异常度,联合浏览时间平均异常度、请求循环平均异常度等有效检测属性,最终实现攻击行为的异常检测。实验证明:ADA_MFSP模型不仅能有效检测各类App-DDoS攻击,且有良好的检测灵敏度。 In order to describe the user's access behavior dynamically,efficiently and accurately,a novel detection model for Application-layer Distributed Denial of Service(App-DDoS) attack based on maximal frequent sequential pattern mining is proposed,named App-DDoS Detection Algorithm based on Maximal Frequent Sequential Pattern mining(ADA_MFSP).After mining maximal frequent sequential patterns of trained and detected Web Access Sequence Database(WASD),the model introduces sequence alignment,view time and request circulation abnormality to describe the behaviour of App-DDoS attacks,finally achieves the purpose of attack detection.It is proved with experiments that the ADA_MFSP model can not only detect kinds of App-DDoS attacks,but also has good detection sensitivity.
作者 李锦玲 汪斌强
机构地区 国家数字交换系统工程技术研究中心
出处 《电子与信息学报》 EI CSCD 北大核心 2013年第7期1739-1745,共7页 Journal of Electronics & Information Technology
基金 国家科技支撑计划(2011BAH19B01) 国家高技术研究发展计划(2011AA01A103)资助课题
关键词 应用层分布式拒绝服务攻击 检测模型 频繁序列模式挖掘 异常度 Application-layer Distributed Denial of Service(App-DDoS) attack Detection model Frequent sequential pattern mining Abnormality
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献11

  • 1Durcekova V, Schwartz L, and Shahmehri N. Sophisticated denial of service attacks aimed at application layer[C].ELEKTRO, Rajeck Teplice, 2012: 55-60.
  • 2Renuka Devi S and Yogesh P. A hybrid approach to counter application layer DDoS attacks[J]. International Journal on Cryptography and Information Security, 2012, 2(2): 45-52.
  • 3Zade R and Patil H. A survey on various defense mechanisms against application layer distributed denial of service attack [J]. International Journal on Computer Science and Engineering, 2011, 3(11): 3558-3563.
  • 4Ranjan S, Swaninathan R, and Uysal M. DDoS-shield: DDoS-resilient scheduling to counter application layer attacks[J]. IEEE/ACM Transactions on Networking, 2009, 17(1): 26-39.
  • 5Xie Yi and Yu Shun-zheng. Monitoring the application-layer DDoS attacks for popular websites[J]. IEEE/ACM Transactions on Networking, 2009, 17(1): 15-25.
  • 6Xie Yi and Yu Shun-zheng. A large-scale hidden semi-markov model for anomaly detection on user browsing behaviors[J]. IEEE/ A CM Transactions on Networking, 2009, 17(1): 54-65.
  • 7肖军,云晓春,张永铮.基于会话异常度模型的应用层分布式拒绝服务攻击过滤[J].计算机学报,2010,33(9):1713-1724. 被引量:21
  • 8Duan Jian-li and Liu Shu-xia. Research on Web log mining analysis[C]. International Symposium on Instrumentation & Measurement, Sensor Network and Automation, Sanya China 2012: 515-519.
  • 9Singh D K, Sharma V, and Sharma S. Graph-based approach for mining frequent sequential access patterns of Web pages [J]. International Journal of Computer Applications, 2012, 40(10): 33-37.
  • 10Chen Jin-lin. An updown directed acyclic graph approach for sequential pattern mining[J]. IEEE Transactions on Knowledge and Data Engineering, 2010, 22(7): 913-928.

二级参考文献15

  • 1MyDoom virus[online].http://www.us-cert.gov/cas/techalerts/ta04-028a.html.
  • 2Chen X,Heidemann J.Flash crowd mitigation via adaptive admission control based on application-level observations.ACM Transactions on Internet Technology,2005,5(3):532-569.
  • 3Jung J,Krishnamurthy B,Rabinovich M.Flash crowds and denial of service attacks:Characterization and implications for CDNs and web sites//Proceedings of the 11th IEEE International World Wide Web Conference.Honolulu,Hawaii,USA,ACM,2002:252-262.
  • 4Xie Y,Yu S.Monitoring the application-layer DDoS attacks for popular websites.IEEE/ACM Transactions on Networking,2009,17(1):15-25.
  • 5Li K,Zhou W,Li P,Hai J,Liu J.Distinguishing DDoS attacks from flash Crowds using probability metrics//Proceedings of the 3rd International Conference on Network and System Security.Gold Coast,Queensland,Australia,2009:9-17.
  • 6Yu S,Thapngam T,Liu J,Wei S,Zhou W.Discriminating DDoS flows from flash crowds using information distance//Proceedings of the 3rd International Conference on Network and System Security.Gold Coast,Queensland,Australia,2009:351-356.
  • 7Oikonomou G,Mirkovic J.Modeling human behavior of defense against flash-crowd attacks//Proceedings of the IEEE International Conference on Communications.Dresden,Germany,2009:14-18.
  • 8Park K,Pai V,Lee K,Calo S.Securing Web service by automatic robot detection//Proceedings of the Annual Conference on USENIX'06 Annual Technical Conference.Boston,USA,2006:23-28.
  • 9Ranjan S,Swaminathan R,Uysal M,Knightly E.DDoS-Shield:DDoS-resilient scheduling to counter application layer attacks.IEEE/ACM Transactions on Networking,2009,17(1):26-39.
  • 10Kandula S,Katabi D,Jacob M,Berger A.Botz-4-scale:Surviving organized DDoS attacks that mimic flash crowds//Proceedings of the 2nd Conference on Symposium on Networked Systems Design & Implementation.Kyoto,Japan,2005:287-300.

共引文献20

同被引文献167

引证文献7

二级引证文献114

电子与信息学报
2013年 第7期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部