摘要
针对当前溯源方法无法识别源于中间路由器的恶意攻击、无法区分攻击流量类型等问题,借鉴热力学中熵的概念并结合IP分布特征,定义IP熵变量,结合通信熵和IP熵提出一个基于熵变量的DDoS攻击溯源模型,设计DDoS攻击识别算法、DDoS攻击溯源算法和DDoS流量区分算法。实验结果表明,该模型在时间容忍范围内提升了溯源效率,降低了僵尸网络检测的漏报率,能够识别出快速DDoS攻击、慢速DDoS攻击及flash crowd等类型,识别率达到了85.71%。
For the current traceability method,the malicious attack originating from the intermediate router cannot be identified,and the type of attack traffic cannot be distinguished.The concept of entropy in thermodynamics was combined with the IP distribution feature to define the IP entropy variable.Based on communication entropy and IP entropy,a DDoS attack source tracing model based on entropy variable was proposed.DDoS attack recognition algorithm,DDoS attack tracing algorithm and DDoS traffic discrimination algorithm were designed.Experimental results show that the proposed model improves the traceability efficiency within the time tolerance,reduces the false negative rate of botnet detection,and it can identify fast DDoS attacks,slow DDoS attacks and flash crowds,and the recognition rate reaches 85.71%.
作者
郭伟
邱菡
周天阳
朱俊虎
GUO Wei;QIU Han;ZHOU Tian-yang;ZHU Jun-hu(Cyberspace Security College,Information Engineering University,Zhengzhou 450001,China;National Digital Switching System Engineering and Technological Research Center,Zhengzhou 450002,China)
出处
《计算机工程与设计》
北大核心
2019年第12期3367-3374,共8页
Computer Engineering and Design
基金
国家自然科学基金项目(61502528)
