摘要
针对现有基于流量特征的DDoS泛洪攻击检测方法易被攻陷,且难以区分攻击与突发访问事件(flash crowds)等问题,提出了一种泛化的攻击检测策略。在此基础上,分别构建泛洪行为和泛洪攻击两种流指纹,通过目标超点聚合度定位泛洪行为,采用一种滑动判别算法区分泛洪攻击与flash crowds事件。实验结果表明,该检测方法可以有效检测泛洪攻击。由于该方法只需维护流到达信息,对于实现高速网络环境下的攻击检测具有一定的实际意义。
The current detection methods based on the traffic features of DDoS flooding attacks are fooled by hackers easily, and confused by differentiating attacks from flash crowds. First, a general- ized detection strategy is introduced. Based on the strategy, flow fingerprints of flooding behaviors and flooding attacks are built by combining superpoints and flow similarity. The flooding behaviors are located by the polymerization degree of destination superpoints. And a sliding-discrimination al- gorithm is used in flow similarity measurement for discriminating flooding attacks from flash crowds. The experimental results evaluate the efficiency of the detection approach. Since the detection main- tenances are flow arrivals, the approach is practical for DDoS flooding attacks detection in high- speed network.
出处
《信息工程大学学报》
2016年第5期586-592,共7页
Journal of Information Engineering University
基金
国家科技支撑计划资助项目(2014BAH30B01)
关键词
DDoS泛洪攻击
流指纹
超点
泛化
相似度
DDoS flooding attacks
flow fingerprint
superpoint
generalized
similarity
