期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

融合规则的条件随机场DDoS攻击检测方法 被引量:1

DDoS attack detection method based on conditional random field with feature set
下载PDF
导出
摘要 基于流量突发性、源IP地址的分散性、流非对称性等单一手段进行DDoS攻击检测,存在准确率低,虚警率高等问题。利用条件随机场不要求严格独立性假设与综合多特征能力的优点,提出了基于CRF模型融合特征规则集实现对DDoS攻击的检测方法,采用单边连接密度OWCD、IP包五元组熵IPE组成多维特征向量,仿真结果表明,在DARPA 2000数据集下,检测准确率达99.82%、虚警率低于0.6%,且在强背景噪声干扰下无明显恶化。 The traditional detection methods for DDoS attacks have low accuracy and high false alarms rate because those means are only based on one of such flow features as burst feature, dispersed source IP address, asymmetry flow and etc. This paper uses conditional random field to integrate many pattern match rules for DDoS attack detection. The feature vector includes one way connection density, source IP entropy, destination IP entropy, destination port entropy and protocol entropy. The simulation results show that the proposed method outperforms other well-known methods such as naive Bayes and SVM. The detection accuracy rate reaches 99.82% and the false alarm rate is less than 0.6%.The method is robustness under strong interference traffic noise.
作者 陈世文 邬江兴 黄万伟
机构地区 国家数字交换系统工程技术研究中心
出处 《计算机工程与应用》 CSCD 2013年第17期9-11,62,共4页 Computer Engineering and Applications
基金 国家重点基础研究发展规划(973)(No.G2012CB315900)
关键词 分布式拒绝服务攻击 条件随机场 特征向量 distributed denial of service attack conditional random fields feature vector entropy
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献18

  • 1Beitollahi H, Deconinck G.Analyzing well-known counter- measures against distributed denial of service attacks[J]. Computer Communications, 2012,35 ( 11 ) : 1312-1332.
  • 2Lakhina A, Crovella M, Diot C.Diagnosing network-wide traffic anomalies[C]//Proc of ACM SIGCOMM.New York: ACM Press, 2004: 219-230.
  • 3Peng T, Leckie C, Ramamohanarao K.Proactively detecting distributed denial of service attacks using source IP address monitoring[C]//Proc of the 3rd International IFFP-TC6 Net- working Conference, 2004: 771-782.
  • 4Mirkovic J, Reiher P.D-WARD: a source-end defense against flooding denial-of-service attaeks[J].IEEE Trans on Depend- able and Secure Computing, 2005,2 (3) : 216-232.
  • 5Lafferty J,McCallum A,Pereira F.Conditional random fields: probabilistic models for segmenting 'and labeling sequence data[C]//Proc of the 18th Int'l Conf on Machine Learning (ICML 2001 ) ,2001:282-289.
  • 6Settles B.Biomedieal named entity recognition using condi- tional random fields and rich feature sets[C]//Proc of the International Joint Workshop on Natural Language Process- ing in Biomedicine and Its Applications, 2004 : 104-107.
  • 7周俊生,戴新宇,尹存燕,陈家骏.基于层叠条件随机场模型的中文机构名自动识别[J].电子学报,2006,34(5):804-809. 被引量:112
  • 8Gupta K K, Nathn B, Kotagiri R.Layered approach using conditional random fields for intrusion deteetion[J].lEEE Trans on Dependable and Secure Computing, 2010, 7(1): 35-49.
  • 9刘运,蔡志平,钟平,殷建平,程杰仁.基于条件随机场的DDoS攻击检测方法[J].软件学报,2011,22(8):1897-1910. 被引量:14
  • 10Kashyap H J, Bhattacharyya D K.A DDoS attack detection mechanism based on protocol specific traffic features[C]// Proc of the 2nd International Conference on ComputationalScience, Engineering and Information Technology, 2012: 194-200.

二级参考文献20

  • 1刘群,张华平,俞鸿魁,程学旗.基于层叠隐马模型的汉语词法分析[J].计算机研究与发展,2004,41(8):1421-1429. 被引量:197
  • 2徐明,陈纯,应晶.一个两层马尔可夫链异常入侵检测模型(英文)[J].软件学报,2005,16(2):276-285. 被引量:7
  • 3孙钦东,张德运,高鹏.基于时间序列分析的分布式拒绝服务攻击检测[J].计算机学报,2005,28(5):767-773. 被引量:55
  • 4周东清,张海锋,张绍武,胡祥培.基于HMM的分布式拒绝服务攻击检测方法[J].计算机研究与发展,2005,42(9):1594-1599. 被引量:15
  • 5Wang Houfeng,Shi Wuguang.A simple rule-based approach to organization name recognition in chinese text[A].Proc of 5th CICLing[C].LNCS 3406,Heidelberg,German:Springer-Verlag,2005.769-772.
  • 6Hongkui Yu,Huaping Zhang,Quan Liu.Recognition of Chinese organization name based role tagging[A].Proc of Advances in Computation of Oriental Languages[C].Beijing:Tsinghua University Press,2003.79-87.
  • 7McCallum A,Freitag D,Pereira F.Maximum entropy Markov models for information extraction and segmentation[A].Proc of 17th ICML[C].Stanford,California,USA:Morgan Kaufmann,2000.591-598.
  • 8John Lafferty,Andrew McCallum,Fernando Pereira.Conditional random fields:Probabilistic models for segmenting and labeling sequence data[A].Proc of the 18th ICML[C].San Francisco:Morgan Kaufmann,USA:2001.282-289.
  • 9Andrew McCallum,Wei Li.Early results for named entity recognition with conditional random fields,feature induction and Web-enhanced lexicons[A].Proc of the 7th CoNLL[C].Edmonton,Canada:Morgan Kaufmann,2003.188-191.
  • 10Thorsten Brants.Cascaded Markov models[A].Proc of EACL'99[C].Bergen,Norway:European Chapter of the Association for Computational Linguistics,1999.118-125.

共引文献123

同被引文献23

引证文献1

二级引证文献8

计算机工程与应用
2013年 第17期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部