摘要
针对具有成本低廉、破坏性大、防御困难特性的DNS Query Flood攻击,本文构建UDP请求的知识图谱。基于攻击者通过发送大量伪造源IP地址的小UDP包冲击DNS服务器实施攻击的原理,本文通过计算客户机对服务器的正常访问频率确定发现DNS Query Flood攻击的流量阈值,基于加州大学洛杉矶分校的DNS Query Flood攻击实验数据集,利用Neo4j可视化分析检验通过阈值判定攻击的准确性。结果表明,阈值检测的方法在混合流量中对攻击流量的检测成功率高达95.04%。
Aiming at the low-cost, destructive, and difficult-to-defense DNS Query Flood attack, this paper constructs a knowledge graph of UDP requests. Based on the principle that the attacker attacks the DNS server by sending a large number of small UDP packets with forged source IP addresses, this article calculates the normal access frequency of the client to the server to determine the traffic threshold for discovering the DNS Query Flood attack. Based on the DNS query flood attack experiment data set of the University of California, Los Angeles, Neo4j was used to visualize the analysis to test the accuracy of the attack by threshold. The results show that the threshold detection method has a detection success rate of 95.04% for attack traffic in mixed traffic.
出处
《计算机科学与应用》
2021年第5期1349-1356,共8页
Computer Science and Application
