摘要
混合型DDoS攻击采取多种数据类型相结合的方式,具有穿透力强、难以被精确检测的特点,逐步取代了单一类型的DDoS攻击。文章针对混合型DDoS攻击的检测,设计了基于Hadoop集群的分布式入侵检测架构,并提出了一种利用MapReduce模型的多属性融合检测算法。该算法对传统的仅从IP单一角度进行检测的算法进行改进,能够融合IP、数据帧长度、标志位等多重属性并通过自适应调整阈值实现入侵流量检测。实验结果表明,该系统具有良好的扩展性,通过扩展集群规模与调大HDFS分块可获得更优的检测性能。与传统检测算法相比,在检测时间未明显增加的情况下,该系统可显著提高混合型DDoS攻击的检测率,同时能够确定具体攻击类型。
Hybrid DDoS attack adopts the attack mode combining multiple data types,and gradually replaces the single type of DDoS attack because of its strong penetrating power and difficult to be accurately detected.For the detection of hybrid DDoS attacks,a distributed intrusion detection architecture based on Hadoop cluster is designed,and a multi-attribute fusion detection algorithm using MapReduce model is proposed.This algorithm improves the traditional algorithm which only detects from IP single angle,and can realize intrusion traffic detection by integrating IP,data frame length,flag bit and other multiple attributes and adaptive adjustment threshold.The experimental results show that the distributed intrusion detection system designed in this paper has good scalability,and better detection performance can be achieved by expanding the cluster scale and increasing the HDFS block size.Compared with the traditional detection algorithm,the detection rate of hybrid DDoS attack is significantly improved without significant increase in detection time,and the specific attack type can be determined.
作者
罗文华
程家兴
LUO Wenhua;CHENG Jiaxing(College of Public Security Information Technology and Information,Criminal Investigation Police University of China,Shenyang 110035,China)
出处
《信息网络安全》
CSCD
北大核心
2021年第2期61-69,共9页
Netinfo Security
基金
国家重点研发计划[2018YFC0830600]
公安部技术研究计划[2017JSYJA10]。
