摘要
针对分布式拒绝服务(distributed denial of service,DDoS)网络攻击知识库研究不足的问题,提出了DDoS攻击恶意行为知识库的构建方法。该知识库基于知识图谱构建,包含恶意流量检测库和网络安全知识库两部分:恶意流量检测库对DDoS攻击引发的恶意流量进行检测并分类;网络安全知识库从流量特征和攻击框架对DDoS攻击恶意行为建模,并对恶意行为进行推理、溯源和反馈。在此基础上基于DDoS开放威胁信号(DDoS open threat signaling,DOTS)协议搭建分布式知识库,实现分布式节点间的数据传输、DDoS攻击防御与恶意流量缓解功能。实验结果表明,DDoS攻击恶意行为知识库能在多个网关处有效检测和缓解DDoS攻击引发的恶意流量,并具备分布式知识库间的知识更新和推理功能,表现出良好的可扩展性。
Aiming at the problem of insufficient research on the knowledge base of distributed denial of service(DDoS)network attacks,a method for constructing a knowledge base of DDoS attacks malicious behavior was pro-posed.The knowledge base was constructed based on the knowledge graph,and contains two parts:a malicious traf-fic detection database and a network security knowledge base.The malicious traffic detection database detects and classifies malicious traffic caused by DDoS attacks,the network security knowledge base detects DDoS attacks from traffic characteristics and attack frameworks model malicious behaviors,and perform inference,tracing and feedback on malicious behaviors.On this basis,a distributed knowledge base was built based on the DDoS open threat signal-ing(DOTS)protocol to realize the functions of data transmission between distributed nodes,DDoS attack defense,and malicious traffic mitigation.The experimental results show that the DDoS attack malicious behavior knowledge base can effectively detect and mitigate the malicious traffic caused by DDoS attacks at multiple gateways,and has the knowledge update and reasoning function between the distributed knowledge bases,showing good scalability.
作者
刘飞扬
李坤
宋飞
周华春
LIU Feiyang;LI Kun;SONG Fei;ZHOU Huachun(School of Electronic and Information Engineering,Beijing Jiaotong University,Beijing 100044,China)
出处
《电信科学》
2021年第11期17-32,共16页
Telecommunications Science
基金
国家重点研发计划项目(No.2018YFA0701604)。
关键词
DDOS
分布式
知识图谱
恶意行为知识库
DDoS
distributed
knowledge graph
malicious behavior knowledge base
