摘要
低速DDoS攻击具有很好的隐蔽性,能轻易躲避目前基于网络通信流的异常探测。描述了一个基于全局信息熵背离度的协作探测方法和IP回溯跟踪算法,其通过使用正常通信流和攻击流的信息熵背离度来监控网络低速DDoS攻击行为,并能进行IP回溯跟踪所有的攻击源直到其所在的局域网络。模拟实验结果显示,该算法在探测低速DDoS攻击方面,比香农熵法具有更高的灵敏度,并比现行Kullback-Leibler度量法更有效且能明显地减少漏报率。
A low-rate distributed denial of service(DDoS)attack has significant ability of concealing its traffic because it is able to elude the current anomaly-based detection methods.In this paper,we present a collaborative detection algorithm using the generalized entropy metric and the information divergence metric to detect low-rate DDoS attacks by measuring the difference between legitimate traffic and attack traffic.The experimental results show that the presented algorithm can effectively detect low-rate DDoS attacks,more significantly improve the detection sensitivity than Shannon metric and more clearly reduce the false positive rate than current Kullback–Leibler divergence.
作者
桂兵祥
周万雷
GUI Bing-xiang;ZHOU Wan-lei(School of Mathematics and Computer Science, Wuhan Polytechnic University, Wuhan 430023, China;School of Information Technology, Deakin University, Burwood, VIC 3125, Australia)
出处
《武汉轻工大学学报》
2018年第2期48-52,共5页
Journal of Wuhan Polytechnic University
关键词
低速DDoS攻击
信息熵背离度
协作探测算法
IP回溯算法
探测灵敏度
误报率
low -rate DDoS attack
information divergence metrics
collaborative detection algorithm
IP traceback algorithm
detection sensitivity
false positive rate