摘要
降质(reduction of quality,RoQ)攻击是一种非典型拒绝服务攻击,它利用TCP自适应机制的安全漏洞能够显著降低或抑制TCP服务质量,且具有很强的隐蔽性.现有的研究集中在针对单条网络链路上的攻击和检测.但是,RoQ攻击的对象并不局限于此,它既可以对单条链路发动攻击,也可以有选择的对多条链路(甚至整个网络)发起攻击,造成更大的危害,所以需要有一种能够从网络全局角度分析和识别的方法.为此,提出了一种基于骨干网络流量分析的异常监测、定位和识别的方法 MIL-RoQ(monitoring,identifying and locating the RoQ attack in backbone network).主要使用主成分分析(principal component analysis,PCA)和频谱分析(spectrum analysis)技术对骨干流量进行流量建模分析,从全局角度监测网络流量变化情况,能够同时分析和判断多条链路的异常情况,并能准确识别出RoQ攻击.使用了CERNET骨干网络数据进行实验分析,结果表明该方法能够有效地定位和识别RoQ攻击;同时,攻击识别时只需要使用局部的流量数据,因而能显著降低计算量和复杂度.
Reduction of quality (RoQ) attack is an atypical denial of service (DoS) attack ,which exploits the vulnerability of TCP's adaptive behavior that can seriously reduce or inhibit the throughput of TCP flows .While most of the defensive methods are studied on the single network access link (router) ,the RoQ attack can not only launch on the single network link ,but also attack towards several links or even entire network ,which causes more severe consequences .In order to obtain a global perspective from the network and identify the attack ,in this paper we propose a traffic anomaly analysis method to monitor ,identify and locate the RoQ attack in backbone network on the basis of principal component analysis (PCA ) and spectrum analysis techniques .Experimental results demonstrate that our method can analyze and find anomalies in the traffic from several dow nstream links in backbone network ,and also locate and identify the RoQ attacks accurately .Meanwhile ,our method can significantly reduce the computation and complexity as it only needs to analyze local traffic data about anomalous links .
出处
《计算机研究与发展》
EI
CSCD
北大核心
2015年第4期813-822,共10页
Journal of Computer Research and Development
基金
国家"九七三"重点基础研究发展计划基金项目(2012CB315806)
国家自然科学基金项目(61170211)
高等学校博士学科点专项科研基金项目(20110002110056
20130002110058)
关键词
网络安全
异常检测
RoQ攻击
主成分分析
频谱分析
network security
anomaly detection
reduction of quality (RoQ) attack
principal component analysis (PCA)
spectrum analysis