摘要
现有的应用层分布式拒绝服务(DDo S)攻击检测方法都是基于用户浏览行为特征的统计来区别正常用户与非正常用户,因为要进行高层协议解析和深度数据包处理,所需计算的时间长,空间复杂度高,所以,实现在线检测面临极大困难。针对小样本应用层Web DDo S攻击,提出半监督流形正则化检测方法。首先,在1个时间窗口内以IP地址或域名为标识,将过滤后的Web日志映射到1个14维的特征空间以描述用户的访问行为;其次,采用半监督流形正则化的Laprls最小二乘法对此特征空间中小样本数据进行分类预测以区分正常用户与非正常用户;最后,在少量标记样本的适应性和未标记样本的学习2个方面,分别通过实验和其他算法进行对比。研究结果表明:所提出的算法在检测Web DDo S攻击方面比支持向量机、最小乘方二乘法、K-NN算法具有更高的分类正确率,说明半监督流形正则化的Laprls最小二乘法算法对检测小样本Web DDo S攻击具有较好的实用性。
The existing detection methods of application layer of distributed denial of service(DDo S) attack are based on the statistical characteristic of user browsing behavior to distinguish the abnormal user and normal users, and because the calculation time and space complexity of high-level protocol parsing and deep packet processing are very high, it is very difficult to realize online detection. Aiming at the small samples of Web DDo S attacks, a semi-supervised manifold regularization detection method was proposed. Firstly, Web log was filtered into a 14 dimensional feature spaces according to IP address or domain name within a time window to describe the user's access behavior. Secondly, Laprls least-square algorithm based on semi-supervised manifold regularization was designed to classify the small sample data in the feature space so that the abnormal user could be distinguished from normal users. Finally, through the experimental analysis, the algorithm was contrasted with other algorithms in terms of adaptability of small samples and usage of unlabelled samples. The results show the proposed algorithm has higher classification accuracy compared with other algorithms such as SVM, RLS and K-NN in terms of Web DDo S attack detection, which shows that a semi-supervised manifold regularization of Laprls least-square algorithm has better practicability for detecting Web DDo S attack.
出处
《中南大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2014年第12期4232-4238,共7页
Journal of Central South University:Science and Technology
基金
国家自然科学基金资助项目(60773013)~~
