摘要
低速率拒绝服务(low-rate denial of service,简称LDoS)攻击采用周期性发送短脉冲数据包的方式攻击云计算平台和大数据中心,导致连接用户的路由器丢包和数据链路传输性能下降.LDoS攻击流量平均速率很低,具有极强的隐蔽性,很难被检测到.在分析LDoS攻击流量的基础上,通过小波变换得到网络流量的小波能谱熵,并以此作为隐半马尔可夫模型(HSMM)的输入,设计采用HSMM网络模型的LDoS攻击判决分类器,提出了基于小波能谱熵和隐半马尔可夫模型的LDoS攻击检测方法.该检测方法在NS-2和Test-bed环境中分别进行了测试.实验结果表明,该方法具有较好的检测性能,通过假设检验得出检测率为96.81%.
Low-rate denial of service(LDoS) attack can cause the packets loss of the legitimate users and reduce the transmission performance of the transport system by sending short bursts of packets periodically. The LDoS attack flows always mix with the legitimate traffic, hence, it is hard to be detected. This study designs an LDoS attack classifier based on network model, which uses hidden semi-Markov model(HSMM), and deploys a decision indicator to detect LDoS attacks. In this method, wavelet transform is exploited to compute the network traffic’s wavelet energy spectrum entropy, which is used as the input of the HSMM. The proposed detection method has been evaluated in NS-2 and Test-bed, and experimental results show that it achieves a better performance with detection rate of 96.81%.
作者
吴志军
李红军
刘亮
张景安
岳猛
雷缙
WU Zhi-Jun;LI Hong-JUN;LIU Liang;ZHANG Jing-An;YUE Meng;LEI Jin(College of Electronic Information and Automation,Civil Aviation University of China,Tianjin 300300,China)
出处
《软件学报》
EI
CSCD
北大核心
2020年第5期1549-1562,共14页
Journal of Software
基金
国家自然科学基金委员会与中国民航局联合基金(U1933108)
天津市教委科研项目(2019KJ117)。
关键词
低速率拒绝服务
网络测量
小波分析
隐半马尔可夫模型
异常检测
low-rate denial of service
network measurement
wavelet analysis
hidden semi-Markov model
anomaly detection
