摘要
针对传统机器学习算法在分布式拒绝服务攻击检测中存在检测时间过长、控制器负载过大等缺点,提出基于混沌理论模型下分布式拒绝服务攻击流量预测算法.首先,收集正常数据包和流表信息,当异常流表信息进入系统时,若初始状态之间存在微小差异,初始位置的运动状态轨迹会以指数速率分离;根据Lyapunov指数的取值范围判断进入系统的数据和流信息是否合法,若判断为异常流信息,立即清除.实验结果表明,提出的研究思路对攻击流信息敏感度较高,对分布式拒绝服务攻击的检测率、准确率、误报率相较于传统机器学习算法和统计分析算法有明显的提高.
Aiming at the shortcomings of traditional machine learning algorithm in DDoS(distributed denial of service,DDoS)attack detection,such as long computation time and large network resource cost,a new algorithm based on chaos theory is proposed to predict DDoS attack traffic data.First,the normal data packet and the flow table information are collected.When the abnormal flow table information enters the system,the motion state trajectory of the initial position will be separated at an exponential rate when there is a slight difference between the initial states.According to the value range of Lyapunov index,the system judges whether the data and flow information entering the system are legal or not.It will be cleared immediately if it were judged as abnormal.The experimental results show that the proposed approach is highly sensitive to the DDoS attacks,and the dectection rate,accuracy and false alarm rate of DDoS attacks are significantly improved compared with the traditional machine learning algorithm and statistical analysis algorithm.
作者
郭莎
杨桂芹
蒋占军
GUO Sha;YANG Gui-qin;JIANG Zhan-jun(School of Electronic and Information Engineering,Lanzhou Jiaotong University,Lanzhou 730070,China)
出处
《兰州交通大学学报》
CAS
2020年第6期45-50,共6页
Journal of Lanzhou Jiaotong University
关键词
软件定义网络
分布式拒绝服务
混沌理论
异常检测
software defines network(SDN)
distributed denial of service(DDoS)
chaos theory
anomaly detection
