摘要
目前应用层分布式拒绝服务(Application Layer Distributed Denial of Service,AL-DDo S)攻击对网络安全造成的威胁与日俱增,针对应用层用户访问行为,研究了一种基于多聚类中心近邻传播(Multi-Exemplar Affinity Propagation,MEAP)聚类算法的AL-DDo S攻击检测模型。该方法使用用户请求序列的信息熵作为输入,通过MEAP快速获得能够描述用户浏览行为的特征模型,对新加入的请求序列计算到各个聚类中心的距离,设定阈值从而区别正常与攻击序列。通过模拟实验表明,该方法能够有效地完成在线AL-DDo S攻击准实时检测。
The Application Layer Distributed Denial of Service(AL-DDoS)attack has increased gradually as a threat on the security of network. For user access behavior, a new method based on Multi-Exemplar Affinity Propagation(MEAP)clustering algorithm is proposed in the paper to detect AL-DDoS. The method makes the entropy of request sequences as input to obtain the user behavior pattern by MEAP, and calculates the distance between the new coming request sequence and each cluster centers, finally distinguishes the normal and attack traffic. The simulation experiments show that the method can effectively complete the online detection about AL-DDoS.
作者
孙剑
刘渊
赵新杰
SUN Jian;LIU Yuan;ZHAO Xinjie(School of Digital Media, Jiangnan University, Wuxi, Jiangsu 214122, China)
出处
《计算机工程与应用》
CSCD
北大核心
2016年第21期116-120,139,共6页
Computer Engineering and Applications
基金
国家自然科学基金(No.61103223)
江苏省自然科学基金重点项目(No.BK2011003)
关键词
分布式拒绝服务攻击
应用层
近邻传播
聚类
入侵检测系统
Distributed Denial of Service(DDoS)
application layer
affinity propagation
clustering
intrusion detection system
