摘要
针对物联网大规模分布式拒绝服务攻击检测难题,基于Docker虚拟化容器技术搭建了物联网流量仿真平台,通过模拟Mirai僵尸网络和执行命令产生4种不同的攻击流量。人工执行与物联网实验箱自动产生正常流量。对原始流量进行统计分析生成包级和秒级两种不同等级的物联网流量数据集。提出了分段HURST指数、滑动窗口熵和滑动窗口置信区间3种统计指标和分析方法,并制定了攻击检测规则。实验结果表明:基于滑动窗口均值置信区间的异常流量检测方法可达72.11%的准确率。
To solve the problem of large-scale Distributed Denial of Service(DDoS)attack detection in Internet of Things(IoT)simulation environment,the Docker virtualized container technology is used to construct the IoT traffic simulation platform. First,four different types of attack traffic are generated by simulating Mirai botnet and executing commands,and normal traffic is generated by manual click and IoT experiment box auto execution. Then,statistical analysis is carried out on the original traffic to generate two different levels of datasets:packet-level and second-level. Third,three statistical analysis methods and indicators are proposed,including segmented HURST exponent,sliding-window based entropy and sliding-window based confidence interval. Finally,the DDoS attack traffic detection rules are generated by the training dataset. The experimental results show that the sliding-window based confidence interval abnormal traffic detection method can achieve an accuracy of 72.11%.
作者
陈红松
陈京九
CHEN Hong-song;CHEN Jing-jiu(School of Computer and Communication Engineering,University of Science and Technology Beijing,Beijing 100083,China)
出处
《吉林大学学报(工学版)》
EI
CAS
CSCD
北大核心
2020年第5期1894-1904,共11页
Journal of Jilin University:Engineering and Technology Edition
基金
国家社会科学基金项目(18BGJ071)。
关键词
统计分析
异常流量检测
分布式拒绝服务
攻击模拟
物联网仿真
statistical analysis
abnormal traffic detection
distributed denial of service
attack simulation
internet of things simulation
