期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于流量和IP熵特性的DDoS攻击检测方法 被引量:16

DDoS attack detection method based on network traffic and IP entropy
下载PDF
导出
摘要 针对现有DDo S(distributed deny of service)攻击检测率低、误报率较高等问题进行了深入研究。根据DDo S攻击发生时网络中的流量特性和IP熵特性,建立了相应的流量隶属函数和IP熵隶属函数,隶属函数的上下限参数通过对真实网络环境仿真得到。提出了基于流量和IP熵特性的DDo S攻击检测算法,先判断流量是否异常,再判断熵是否异常,进而判断是否发生了DDo S攻击。由仿真结果可以看出,单独依靠流量或IP熵都不能很好地检测出DDo S攻击。该算法将流量和IP熵特性综合考虑,准确地检测出了DDo S攻击,降低了误报率,提高了检测率。 In-depth research on the low true positive rate and high false positive rate of existing DDo S attack,this paper analyzed the characteristics of network traffic and IP entropy when DDo S attack occured,established the membership function of traffic and IP entropy. It obtained the lower limit parameter and utilization limit parameters of membership function by the real network environment simulation,and proposed a DDo S attack detection algorithm based on the characteristics of network traffic and IP entropy. The method first judged whether the network traffic was abnormal,and then judged whether the entropy was abnormal,then judged whether a DDo S attack was happened. The simulation results show that the separate flow or IP entropy can't well detect the DDo S attack. The algorithm comprehensively consider of network traffic and IP entropy characteristics,has accurately detected the DDo S attack and decrease false positive rate and improved true positive rate.
作者 杨君刚 王新桐 刘故箐
机构地区 西安通信学院信息服务系 西安通信学院信息传输系
出处 《计算机应用研究》 CSCD 北大核心 2016年第4期1145-1149,共5页 Application Research of Computers
基金 陕西省自然科学基金资助项目(2011JM8033)
关键词 DDOS攻击 检测率 误报率 流量 IP熵 隶属函数 DDoS attack true positive rate false positive rate network traffic IP entropy membership function
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献20

  • 1Zade A R, Patil S H. A survey on various defense mechanisms against application layer distributed denial of service attack[J] . International Journal on Computer Science and Engineering, 2011, 11(3):3558-3563.
  • 2Hicks M. DDoS attack knocks out DoubleClick ads[EB/OL] . (2004-07-27). http://news. bbc. co. uk/1/low/business/3713174. stm.
  • 3全面解析:黑客常规攻击方式之DDoS攻击![EB/OL] . (2014-01-13). http://www. ubooo. com/Computer/Office/66089. html.
  • 4CNN. Denial-of-service attacks on the rise?[EB/OL] . (2002). http://www. cnn. com/2002/TECH/internet/04/09/dos. threat. idg/index. html.
  • 5CNCERT/CC. 2014年CNCERT互联网安全威胁报告[EB/OL] . (2014-12). http://www. cert. org. cn/publish/main/upload/File/2014monthly12. pdf.
  • 6李锦玲,汪斌强,张震.基于流量分析的App-DDoS攻击检测[J].计算机应用研究,2013,30(2):487-490. 被引量:7
  • 7Houle K J, Weaver G M, Long N, et al. Trends in denial of service attack technology[R] . [S. l.] :CERT and CERT Coordination Center, 2001.
  • 8Jung J, Krishnamurthy B, Rabinovich M. Flash crowds and denial of service attacks:characterization and implications for CDNs and Web sites[C] // Proc of the 11th Word Wide Web Conference. 2002.
  • 9Lee S, Kim G, Kim S. Sequence-order-independent network profiling for detecting application layer DDoS attacks[J] . Journal on Wireless Communications and Networking, 2011, 2011(1):1-9.
  • 10许晓东,范艳华,朱士瑞.基于宏观网络流相关性的DDoS攻击检测[J].计算机工程,2011,37(10):134-136. 被引量:6

二级参考文献94

共引文献107

同被引文献106

引证文献16

二级引证文献69

计算机应用研究
2016年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部