摘要
低速率拒绝服务(LDoS,low-rate denial of service)攻击具有极强的隐蔽性,对大数据中心和云计算平台构成潜在的安全威胁。在研究LDoS攻击期间网络流量变化的基础上,对数据接收端回传给发送端的ACK数据分组进行统计分析,揭示了其序号步长在LDoS攻击期间具有的波动特征。采用排列熵的方法提取该特征,提出了一种基于ACK序号步长排列熵的LDoS攻击检测方法。该方法通过采集发送端收到的ACK数据分组,对其序号进行采样并计算步长;再利用对时间敏感性较强的排列熵算法检测出步长突变时刻,达到检测LDoS攻击的目的。在实际网络环境中设计和搭建了测试平台并对所提方法进行了验证,实验结果表明,所提方法具有较好的检测性能,取得了较好的检测效果。
Low-rate denial of service(LDoS)attack is a potential security threat to big data centers and cloud computing platforms because of its strong concealment.Based on the analysis of network traffic during the LDoS attack,statistical analysis was given of ACK packets returned by the data receiver to the sender,and result reveals the sequence number step had the characteristics of volatility during the LDoS attack.The permutation entropy method was adopted to extract the characteristics of volatility.Hence,an LDoS attack detection method based on ACK serial number step permutation entropy was proposed.The serial number was sampled and the step length was calculated through collecting the ACK packets that received at the end of sender.Then,the permutation entropy algorithm with strong time-sensitive was used to detect the mutation step time,and achieve the goal of detecting LDoS attack.A test-bed was designed and built in the actual network environment for the purpose of verifying the proposed approach performance.Experimental results show that the proposed approach has better detection performance and has achieved better detection effect.
作者
吴志军
潘卿波
岳猛
WU Zhijun;PAN Qingbo;YUE Meng(School of Electronic Information&Automation,Civil Aviation University of China,Tianjin 300300,China)
出处
《通信学报》
EI
CSCD
北大核心
2018年第7期139-147,共9页
Journal on Communications
基金
国家自然基金委员会与中国民航局联合基金资助项目(No.U1533107)
天津市自然基金重点资助项目(No.17JCZDJC30900)~~
关键词
低速率拒绝服务
ACK序号步长
排列熵算法
检测
low-rate denial of service
ACK serial number step-length
permutation entropy
detection
