Research on the Active DDoS Filtering Algorithm Based on IP Flow 被引量：1

Research on the Active DDoS Filtering Algorithm Based on IP Flow

下载PDF

导出

摘要 Distributed Denial-of-Service (DDoS) attacks against public web servers are increasingly common. Countering DDoS attacks are becoming ever more challenging with the vast resources and techniques increasingly available to attackers. It is impossible for the victim servers to work on the individual level of on-going traffic flows. In this paper, we establish IP Flow which is used to select proper features for DDoS detection. The IP flow statistics is used to allocate the weights for traffic routing by routers. Our system protects servers from DDoS attacks without strong client authentication or allowing an attacker with partial connectivity information to repeatedly disrupt communications. The new algorithm is thus proposed to get efficiently maximum throughput by the traffic filtering, and its feasibility and validity have been verified in a real network circumstance. The experiment shows that it is with high average detection and with low false alarm and miss alarm. Moreover, it can optimize the network traffic simultaneously with defending against DDoS attacks, thus eliminating efficiently the global burst of traffic arising from normal traffic. Distributed Denial-of-Service (DDoS) attacks against public web servers are increasingly common. Countering DDoS attacks are becoming ever more challenging with the vast resources and techniques increasingly available to attackers. It is impossible for the victim servers to work on the individual level of on-going traffic flows. In this paper, we establish IP Flow which is used to select proper features for DDoS detection. The IP flow statistics is used to allocate the weights for traffic routing by routers. Our system protects servers from DDoS attacks without strong client authentication or allowing an attacker with partial connectivity information to repeatedly disrupt communications. The new algorithm is thus proposed to get efficiently maximum throughput by the traffic filtering, and its feasibility and validity have been verified in a real network circumstance. The experiment shows that it is with high average detection and with low false alarm and miss alarm. Moreover, it can optimize the network traffic simultaneously with defending against DDoS attacks, thus eliminating efficiently the global burst of traffic arising from normal traffic.

作者 Rui GUO Hao YIN Dongqi WANG Bencheng ZHANG

机构地区不详

出处《International Journal of Communications, Network and System Sciences》 2009年第7期600-607,共8页 通讯、网络与系统学国际期刊（英文）

关键词 DDOS ATTACK GENETIC Algorithm IP Flow STATISTICS DDoS Attack Genetic Algorithm IP Flow Statistics

分类号 R73 [医药卫生—肿瘤]

引文网络
相关文献

参考文献2

1梁丰,David Yau.利用路由器自适应限流防御分布拒绝服务攻击(英文)[J].软件学报,2002,13(7):1220-1227. 被引量：10
2李旺,吴礼发,胡谷雨.分布式网络入侵检测系统NetNumen的设计与实现[J].软件学报,2002,13(8):1723-1728. 被引量：31

二级参考文献16

1[1]CERT Advisory CA-1996-21 TCP SYN flooding and IP spoofing attacks. http://www.cert.org/ advisories/CA-1996-21.html.
2[2]CERT Advisory CA-1998-01 Smurf IP denial-of-service attacks. http://www.cert.org/ advisories/CA-1998-01.html.
3[3]Banga, G., Drusched, P., Mogul, J. Resource containers: a new facility for resource management in server systems. In: OSDI, ed. Proceedings of the 1999 USENIX/ACM Symposium on Operating System Design and Implementation (OSDI'99). New Orleans, LA: OSDI, 1999. 45～58.
4[4]Spatscheck, O., Peterson, L. Defending against denial of service attacks in scout. In: OSDI, ed., Proceedings of the 1999 USENIX/ACM Symposium on Operating System Design and Implementation (OSDI'99). New Orleans, LA: OSDI, 1999. 59～72.
5[5]Meadows, C. A formal framework and evaluation method for network denial of service. In: PCSFW, ed., Proceedings of the 1999 IEEE Computer Security Foundations Workshop. Mordano: IEEE Computer Society Press, 1999. 4～13.
6[6]Savage, S., Wetherall, D., Karlin, A., et al. Practical network support for IP traceback. In: ACM, ed., Proceedings of the ACM SIGCOMM2000. Sweden: ACM, 2000. 295～300.
7[7]Song, D., Perrig, A. Advanced and authenticated techniques for IP traceback. In: INFOCOM ed., Proceedings of the IEEE INFOCOM2001, Anchorage, Alaska: INFOCOM, 2001.
8[8]Park, K., Lee, H. On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack. In: INFOCOM, ed. Proceedings of the IEEE INFOCOM'2001. Anchorage, Alaska: INFOCOM, 2001.
9[9]Ferguson, P., Senie, D. RFC2827: network ingress filtering: defeating denial of service attacks which employ IP source address spoofing. 2000. http://www.ietf.org/rfc/rfc2827.txt.
10[10]Mahajan, R., Bellovin, S., Floyd, S., et al. Controlling high bandwidth aggregates in the network. Technical Report, ACIRI and AT&T Labs Research, 2001. http://www.icir.org/pushback/pushback-Jul01.pdf.

共引文献36

1郭睿,常桂然,孙宝京,巩瀚云.基于图灵测试的HTTP DDoS防范技术研究[J].计算机研究与发展,2006,43(z2):349-353.
2何慧,张宏莉,张伟哲,方滨兴,胡铭曾,陈雷.一种基于相似度的DDoS攻击检测方法[J].通信学报,2004,25(7):176-184. 被引量：36
3李兵.入侵检测系统体系结构的研究[J].山西焦煤科技,2004(5):41-43. 被引量：1
4李光永,梁丰.网络蠕虫型分布式拒绝服务攻击的原理及防御[J].数据通信,2004(6):8-11. 被引量：7
5童向荣,张伟.一种入侵检测系统的分布式多Agent通信机制[J].计算机工程与应用,2005,41(12):132-133.
6卫瑜,曾凡平,蒋凡.基于相似度分析的分布式拒绝服务攻击检测系统[J].计算机辅助工程,2005,14(2):63-67.
7吴玉.构建基于Snort的入侵检测系统[J].微电子学与计算机,2005,22(7):165-167. 被引量：13
8张红红,王恩波.开放式入侵防御联动模型的研究[J].计算机与数字工程,2005,33(8):68-71. 被引量：4
9姜华斌,江文,谢冬青.一种基于环形结构的新型分布式入侵检测模型[J].计算机工程,2005,31(23):143-145. 被引量：2
10孙知信,唐益慰,张伟,宫婧,王汝传.基于特征聚类的路由器异常流量过滤算法[J].软件学报,2006,17(2):295-304. 被引量：15

同被引文献3

1左青云,陈鸣,赵广松,邢长友,张国敏,蒋培成.基于OpenFlow的SDN技术研究[J].软件学报,2013,24(5):1078-1097. 被引量：421
2肖甫,马俊青,黄洵松,王汝传.SDN环境下基于KNN的DDoS攻击检测方法[J].南京邮电大学学报（自然科学版）,2015,35(1):84-88. 被引量：35
3李蕊,张路桥,李海峰,刘恺.基于熵的网络异常流量检测研究综述[J].计算机系统应用,2017,26(6):36-39. 被引量：8

引证文献1

1王文蔚,肖军弼,程鹏,张悦.基于SDN的DDoS攻击防御系统[J].计算机与现代化,2021(2):117-121. 被引量：4

二级引证文献4

1孙沄,肖军,徐成卫.深圳市蛇口地区互联网医疗服务的现状调查[J].医学信息,2022,35(4):34-36. 被引量：2
2于康存.基于NTP的DDoS攻击防御研究[J].黑龙江科学,2022,13(14):100-102.
3缪祥华,张如雪,张宣琦,蒲鹳雄,王攀,李响,张家临.网络攻击检测技术综述[J].化工自动化及仪表,2022,49(5):557-562. 被引量：2
4夏雪菲,蒋铜,李天尧,顾海艳.基于知识图谱的DNS Query Flood攻击检测研究[J].计算机科学与应用,2021,11(5):1349-1356.

1Bin Liu,Hao Wu,Kuo-Chen Chou.Pse-in-One 2.0: An Improved Package of Web Servers for Generating Various Modes of Pseudo Components of DNA, RNA, and Protein Sequences[J].Natural Science,2017,9(4):67-91. 被引量：12
2Kedir Mamo Basher,Juan-Ivan Nieto-Hipolito,Maria De Los Angeles Cosio Leon,Mabel Vazquez-Briseno,Juan de Dios Sánchez López,Raymundo Buenrostro Mariscal.Major Existing Classification Matrices and Future Directions for Internet of Things[J].Advances in Internet of Things,2017,7(4):112-120.
3Yiru Wu,Yinghong Ma,Hongyan Li,Jiandong Li.Performance Evaluation of Flows with Diverse Traffic and Transmission Rates in IEEE 802.11 WLAN[J].Communications and Network,2013,5(3):634-640.
4Abul Kalam Azad,Jugal K. Das,Imdadul Islam.Signal Detection of Co-Operative Cognitive Radio Network under Neural Network[J].Journal of Computer and Communications,2018,6(9):60-72.
5Su Man Nam,Chung Il Sun,Tae Ho Cho.Secure Path Cycle Selection Method Using Fuzzy Logic System for Improving Energy Efficiency in Statistical En-Route Filtering Based WSNs[J].Wireless Sensor Network,2011,3(11):357-361.
6ZHAO Juanjuan,XU Chengzhong,MENG Tianhui.Big Data-Driven Residents’ Travel Mode Choice Choice: A Research Overview[J].ZTE Communications,2019,17(3):9-14. 被引量：1
7Ramiro Sofronie.On the Seismic Resilience[J].Journal of Geological Resource and Engineering,2019,7(4):132-139.
8Robert L. Shuler Jr..The Twins Clock Paradox History and Perspectives[J].Journal of Modern Physics,2014,5(12):1062-1078.
9Mohammad Bakhtiari,Hassan Ghassemi.Numerical Analysis of Electromagnetic Control of the Boundary Layer Flow on a Ship Hull[J].Open Journal of Fluid Dynamics,2014,4(1):74-82. 被引量：1
10Sanjeev Kumar,Senior Member,Raja Sekhar Reddy Gade.Evaluation of Microsoft Windows Servers 2008 &2003 against Cyber Attacks[J].Journal of Information Security,2015,6(2):155-160.

International Journal of Communications, Network and System Sciences

2009年第7期

浏览历史

内容加载中请稍等...