摘要
为了解决由于IDS检测结果的不确定性而导致其不能有效运用于DDoS攻击响应的问题,提出了一种对每例IDS检测出的DDoS检测结果进行真实性检验的算法.首先,通过分析具有代表性的攻击检测案例,研究了IDS对DDoS攻击产生误判的原因.然后,根据这些误判原因,提出了一组真实DDoS攻击所具有的特征,包括源地址伪造、报文特征测度不一致等.这些特征可以用形式化的方法进行描述并可支持对IDS的DDoS检测结果进行真实性分析.最后,基于利用这些特征建立的规则集,提出了一种可以对IDS的每例DDoS攻击检测结果进行真实性判定的算法,并将其应用于一个以流记录为数据源、在大规模网络边界工作的IDS.基于实际网络流量的运行结果表明,该算法可以准确有效地纠正基于规则匹配的IDS检测方法所产生的误判.
To solve the problem that IDS can not be for effectively testing used for DDoS attack response attack due to the results,an uncertainty of its detection algorithm the authenticity of DDoS detection results Firstly,by cases,the causes given by IDS on is proposed.analyzing the typical attack detection of IDS Secondly,according reasons,a misjudgment of DDoS attack attacks are studied.to these set of characteristics proposed,including forgery,inconsistency real DDoS is source address of message characteristic measure,etc.These features can be described by formal methods and can support the authenticity analysis Finally,based features,of an DDoS detection results of IDS.on the DDoS set of rules established by of using IDS these algorithm to determine that the authenticity of each attack detection result is given and applied on an IDS takes flow records as data sources and the works on large network boundaries.accurately The operation results based the on actual network generated traffic by show that proposed algorithm based can the and effectively correct misjudgment the IDS detection method on rule matching.words:detection;misjudgment;analysis;
出处
《东南大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2017年第A01期9-13,共5页
Journal of Southeast University:Natural Science Edition
基金
国家自然科学基金资助项目(61602114)
关键词
DDOS检测
攻击误判
源地址分析
威胁响应
DDoS detection
attack misjudgment
source address analysis
threat response
