期刊文献+

骨干网络中RoQ攻击的监测、定位和识别 被引量:5

MIL-RoQ:Monitoring,Identifying and Locating the RoQ Attack in Backbone Network
下载PDF
导出
摘要 降质(reduction of quality,RoQ)攻击是一种非典型拒绝服务攻击,它利用TCP自适应机制的安全漏洞能够显著降低或抑制TCP服务质量,且具有很强的隐蔽性.现有的研究集中在针对单条网络链路上的攻击和检测.但是,RoQ攻击的对象并不局限于此,它既可以对单条链路发动攻击,也可以有选择的对多条链路(甚至整个网络)发起攻击,造成更大的危害,所以需要有一种能够从网络全局角度分析和识别的方法.为此,提出了一种基于骨干网络流量分析的异常监测、定位和识别的方法 MIL-RoQ(monitoring,identifying and locating the RoQ attack in backbone network).主要使用主成分分析(principal component analysis,PCA)和频谱分析(spectrum analysis)技术对骨干流量进行流量建模分析,从全局角度监测网络流量变化情况,能够同时分析和判断多条链路的异常情况,并能准确识别出RoQ攻击.使用了CERNET骨干网络数据进行实验分析,结果表明该方法能够有效地定位和识别RoQ攻击;同时,攻击识别时只需要使用局部的流量数据,因而能显著降低计算量和复杂度. Reduction of quality (RoQ) attack is an atypical denial of service (DoS) attack ,which exploits the vulnerability of TCP's adaptive behavior that can seriously reduce or inhibit the throughput of TCP flows .While most of the defensive methods are studied on the single network access link (router) ,the RoQ attack can not only launch on the single network link ,but also attack towards several links or even entire network ,which causes more severe consequences .In order to obtain a global perspective from the network and identify the attack ,in this paper we propose a traffic anomaly analysis method to monitor ,identify and locate the RoQ attack in backbone network on the basis of principal component analysis (PCA ) and spectrum analysis techniques .Experimental results demonstrate that our method can analyze and find anomalies in the traffic from several dow nstream links in backbone network ,and also locate and identify the RoQ attacks accurately .Meanwhile ,our method can significantly reduce the computation and complexity as it only needs to analyze local traffic data about anomalous links .
出处 《计算机研究与发展》 EI CSCD 北大核心 2015年第4期813-822,共10页 Journal of Computer Research and Development
基金 国家"九七三"重点基础研究发展计划基金项目(2012CB315806) 国家自然科学基金项目(61170211) 高等学校博士学科点专项科研基金项目(20110002110056 20130002110058)
关键词 网络安全 异常检测 RoQ攻击 主成分分析 频谱分析 network security anomaly detection reduction of quality (RoQ) attack principal component analysis (PCA) spectrum analysis
  • 相关文献

参考文献26

  • 1Arbor Networks. Worldwide Infrastructure Security Report, Volume 6 [EB/OL]. 2012 [ 2014-02-15 ]. http://www. arbornet works, corn/report.
  • 2孙长华,刘斌.分布式拒绝服务攻击研究新进展综述[J].电子学报,2009,37(7):1562-1570. 被引量:31
  • 3Kuzmanovie A, Knightly E W. Low-rate TCP-targeted denial of service attacks: The shrew vs the mice and elephants [C] //Proc of ACM SIGCOMM'03, New York: ACM, 2003:75-86.
  • 4Lou Xia/u, Chang K C. On a new class o[ pulsing denial o[- service attacks and the defense [C] //Proc of Network and Distributed System Security Symposium. Reston, VA: The Internet Society, 2005.
  • 5文坤,杨家海,张宾.低速率拒绝服务攻击研究与进展综述[J].软件学报,2014,25(3):591-605. 被引量:27
  • 6Lou Xiapu, Chan W W, Chang K C. Vanguard: A new detection scheme for a class of TCP-targeted denial-of-service attacks [C] //Proc of Network Operations and Management Symp (NOMS 2006). Piscataway, NJ: IEEE, 2006: 507- 518.
  • 7Sarat S, Terzis A. On the effect of router buffer sizes on low-rate denial of service attacks [C] //Proc of the 14th Int Conf on Computer Communications and Networks (ICCCN'05). Piscataway, NJ IEEE, 2005: 281-286.
  • 8Sun H, Lui J, Yau D. Defending against low-rate TCP attacks Dynamic detection and protection [C] //Proc of the 12th IEEE Int Conf on Network Protocols(ICNP 2004). Washington, DC IEEE Computer Society, 2004: 196-205.
  • 9Guirguis M, Tharp J, Bestavros A, et al. Assessment of vulnerability of content adaptation mechanisms to RoQ attacks [C] //Proc of the 8th Int Conf on Networks (09'ICN). Piscataway, NJ: IEEE, 2009:445-450.
  • 10Chen Hao, Chen Yu, Summerville D H, et al. An optimized design of reconfigurable PSD accelerator for online shrew DDoS attacks detection [C] //Proc of INFOCOM 2013. Piscataway, NJ: IEEE, 2013:1780-1787.

二级参考文献52

  • 1孙知信,李清东.路由器端防范DDos攻击机制综述[J].南京邮电大学学报(自然科学版),2007,27(1):89-96. 被引量:8
  • 2李金明,王汝传.基于VTP方法的DDoS攻击实时检测技术研究[J].电子学报,2007,35(4):791-796. 被引量:18
  • 3Worldwide Infrastructure Security Report,Volume Ⅲ[OL].Arbor Networks,http://www.arbornetworks.com/report,September 2007.
  • 4Dittrich D.Distributed Denial of Service(DDoS) Attacks/tools[OL].http://staff.washington.edu/dittricb/misc/ddos/.
  • 5Kargl F,Maier J,Weber M.Protecting web servers from distributed denial of service attacks[A].In Proc.International Conference on World Wide Web[C].2001.
  • 6Hussain A,Heidemann J,Papadopoulos C.A framework for classifying denial of service attacks[A].In Proc.ACM SIGCOMM[C].2003.
  • 7Mirkovic J,Reiher P.A taxonomy of DDoS attack and DDoS defense mechanisms[J].ACM SIGCOMM Computer Communications Review.2004,34(2):39-53.
  • 8Carl G,Kesidis G,Brooks R R,et al.Denial-of-service attackdetection techniques[J].IEEE Internet Computing.2006,10(1):82-89.
  • 9Peng T,Leckie C,Ramamohanarao K.Survey of network-based defense mechanisms countering the DoS and DDoS problems[J].ACM Computing Surveys.2007,39(1).
  • 10Symantec Internet Security Threat Report[OL].http://www.Symantec.com/business/theme.jsp? themeid = threatreport,April 8 2008.

共引文献54

同被引文献41

引证文献5

二级引证文献23

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部