As a new type of Denial of Service(DoS)attacks,the Low-rate Denial of Service(LDoS)attacks make the traditional method of detecting Distributed Denial of Service Attack(DDoS)attacks useless due to the characteristics ...As a new type of Denial of Service(DoS)attacks,the Low-rate Denial of Service(LDoS)attacks make the traditional method of detecting Distributed Denial of Service Attack(DDoS)attacks useless due to the characteristics of a low average rate and concealment.With features extracted from the network traffic,a new detection approach based on multi-feature fusion is proposed to solve the problem in this paper.An attack feature set containing the Acknowledge character(ACK)sequence number,the packet size,and the queue length is used to classify normal and LDoS attack traffics.Each feature is digitalized and preprocessed to fit the input of the K-Nearest Neighbor(KNN)classifier separately,and to obtain the decision contour matrix.Then a posteriori probability in the matrix is fused,and the fusion decision index D is used as the basis of detecting the LDoS attacks.Experiments proved that the detection rate of the multi-feature fusion algorithm is higher than those of the single-based detection method and other algorithms.展开更多
In frequency domain,the power spectrum of Low-rate denial of service(LDoS) attacks is totally spread into the spectrum of normal traffic.It is a challenging task to detect and filter LDoS attack flows from the normal ...In frequency domain,the power spectrum of Low-rate denial of service(LDoS) attacks is totally spread into the spectrum of normal traffic.It is a challenging task to detect and filter LDoS attack flows from the normal traffic.Based on the analysis of LDoS attack flows and legitimate TCP traffic in time and frequency domains,the periodicity of the TCP traffic and LDoS attack flows is explored to facilitate the research of network traffic processing.Hence,an approach of LDoS attack flow filtering based on frequency spectrum analysis is proposed.In this approach,the TCP traffic and LDoS attack flows are transformed from the time domain into the frequency domain.Then the round-trip time(RTT) is estimated by using frequency domain search method.Analysis of amplitude spectrum shows that TCP traffic energy is mainly concentrated on the points of n/RTT.Therefore,a comb filter using infinite impulse response(IIR) filter is designed to filter out the LDoS attack flows in frequency domain,while most legitimate TCP traffic energy at the points of n/RTT are pass through.Experimental results show that the maximum pass rate for legitimate TCP traffic reaches 92.55%,while the maximum filtration rate of LDoS attack flows reaches 81.36%.The proposed approach can effectively filter the LDoS attack flows while less impact on the legitimate TCP traffic.展开更多
针对网联车队列系统易受到干扰和拒绝服务(Denial of service, DoS)攻击问题,提出一种外部干扰和随机DoS攻击作用下的网联车安全H∞队列控制方法.首先,采用马尔科夫随机过程,将网联车随机DoS攻击特性建模为一个随机通信拓扑切换模型,据...针对网联车队列系统易受到干扰和拒绝服务(Denial of service, DoS)攻击问题,提出一种外部干扰和随机DoS攻击作用下的网联车安全H∞队列控制方法.首先,采用马尔科夫随机过程,将网联车随机DoS攻击特性建模为一个随机通信拓扑切换模型,据此设计网联车安全队列控制协议.然后,采用线性矩阵不等式(Linear matrix inequality, LMI)技术计算安全队列控制器参数,并应用Lyapunov-Krasovskii稳定性理论,建立在外部扰动和随机DoS攻击下队列系统稳定性充分条件.在此基础上,分析得到该队列闭环系统的弦稳定性充分条件.最后,通过7辆车组成的队列系统对比仿真实验,验证该方法的优越性.展开更多
多传感器网络化线性离散系统的每个传感器基于自己的观测数据可进行局部状态估计。当局部估值被传输给融合中心时,可能遭受DoS(Denial of service)攻击。为了补偿DoS攻击引起的数据丢失,采用丢失数据的预报器进行补偿。应用线性无偏最...多传感器网络化线性离散系统的每个传感器基于自己的观测数据可进行局部状态估计。当局部估值被传输给融合中心时,可能遭受DoS(Denial of service)攻击。为了补偿DoS攻击引起的数据丢失,采用丢失数据的预报器进行补偿。应用线性无偏最小方差矩阵加权融合算法获得分布式融合状态滤波器。所提出的分布式融合滤波器改善了局部估计的精度,且比协方差交叉融合算法具有更高的估计精度。仿真例子验证了算法的有效性。展开更多
传统电力系统容易受到网络干扰和攻击,系统中某一部分受到攻击可能会导致整个电力系统瘫痪。由于现代电力系统的广域性和灵活性会导致出现更多的网络攻击点,因此针对新领域研究更多的防御策略变得至关重要。基于此,利用连续时域模型对...传统电力系统容易受到网络干扰和攻击,系统中某一部分受到攻击可能会导致整个电力系统瘫痪。由于现代电力系统的广域性和灵活性会导致出现更多的网络攻击点,因此针对新领域研究更多的防御策略变得至关重要。基于此,利用连续时域模型对各种攻击策略进行建模,并分析电力系统防御拒绝服务(Denial of Service,DoS)攻击的机制。展开更多
随着网络规模的不断扩大以及复杂程度的不断增加,网络中拒绝服务(Denial of Service,DoS)攻击和分布式拒绝服务(Distributed Denial of Service,DDoS)攻击的发生频率越来越高。一般方法很难同时保证检测的实时性和准确性。针对上述问题...随着网络规模的不断扩大以及复杂程度的不断增加,网络中拒绝服务(Denial of Service,DoS)攻击和分布式拒绝服务(Distributed Denial of Service,DDoS)攻击的发生频率越来越高。一般方法很难同时保证检测的实时性和准确性。针对上述问题,对网络流量中的DoS和DDoS攻击流量进行分析,提出了一种将过滤法和嵌入法结合的集成特征选择算法。首先使用过滤法中的相关系数法进行特征排序,按一定比例抽取特征序列组成特征子集。随后通过嵌入法中的随机森林算法对特征子集进行二次特征选择。最后通过决策树和随机森林分类器验证所提算法的分类准确率与分类效率。实验结果表明,与单一嵌入法相比,运用集成特征选择算法后,各项评价指标平均提升6%。与单一过滤法相比,仅需其特征总量的1/6即可达到同样效果。展开更多
基金the National Natural Science Foundation of China-Civil Aviation joint fund(U1933108)the Fundamental Research Funds for the Central Universities of China(3122019051).
文摘As a new type of Denial of Service(DoS)attacks,the Low-rate Denial of Service(LDoS)attacks make the traditional method of detecting Distributed Denial of Service Attack(DDoS)attacks useless due to the characteristics of a low average rate and concealment.With features extracted from the network traffic,a new detection approach based on multi-feature fusion is proposed to solve the problem in this paper.An attack feature set containing the Acknowledge character(ACK)sequence number,the packet size,and the queue length is used to classify normal and LDoS attack traffics.Each feature is digitalized and preprocessed to fit the input of the K-Nearest Neighbor(KNN)classifier separately,and to obtain the decision contour matrix.Then a posteriori probability in the matrix is fused,and the fusion decision index D is used as the basis of detecting the LDoS attacks.Experiments proved that the detection rate of the multi-feature fusion algorithm is higher than those of the single-based detection method and other algorithms.
基金supported in part by the National Natural Science Foundation under grant No.U1533107the Major Program of Natural Science Foundation of Tianjin under grant No.17JCZDJC30900+1 种基金the Fundamental Research Funds for the Central Universities of CAUC under grant No.3122016D003the graduate program of curriculum development project of Civil Aviation University of China(2050070515)
文摘In frequency domain,the power spectrum of Low-rate denial of service(LDoS) attacks is totally spread into the spectrum of normal traffic.It is a challenging task to detect and filter LDoS attack flows from the normal traffic.Based on the analysis of LDoS attack flows and legitimate TCP traffic in time and frequency domains,the periodicity of the TCP traffic and LDoS attack flows is explored to facilitate the research of network traffic processing.Hence,an approach of LDoS attack flow filtering based on frequency spectrum analysis is proposed.In this approach,the TCP traffic and LDoS attack flows are transformed from the time domain into the frequency domain.Then the round-trip time(RTT) is estimated by using frequency domain search method.Analysis of amplitude spectrum shows that TCP traffic energy is mainly concentrated on the points of n/RTT.Therefore,a comb filter using infinite impulse response(IIR) filter is designed to filter out the LDoS attack flows in frequency domain,while most legitimate TCP traffic energy at the points of n/RTT are pass through.Experimental results show that the maximum pass rate for legitimate TCP traffic reaches 92.55%,while the maximum filtration rate of LDoS attack flows reaches 81.36%.The proposed approach can effectively filter the LDoS attack flows while less impact on the legitimate TCP traffic.
文摘多传感器网络化线性离散系统的每个传感器基于自己的观测数据可进行局部状态估计。当局部估值被传输给融合中心时,可能遭受DoS(Denial of service)攻击。为了补偿DoS攻击引起的数据丢失,采用丢失数据的预报器进行补偿。应用线性无偏最小方差矩阵加权融合算法获得分布式融合状态滤波器。所提出的分布式融合滤波器改善了局部估计的精度,且比协方差交叉融合算法具有更高的估计精度。仿真例子验证了算法的有效性。
文摘传统电力系统容易受到网络干扰和攻击,系统中某一部分受到攻击可能会导致整个电力系统瘫痪。由于现代电力系统的广域性和灵活性会导致出现更多的网络攻击点,因此针对新领域研究更多的防御策略变得至关重要。基于此,利用连续时域模型对各种攻击策略进行建模,并分析电力系统防御拒绝服务(Denial of Service,DoS)攻击的机制。
文摘随着网络规模的不断扩大以及复杂程度的不断增加,网络中拒绝服务(Denial of Service,DoS)攻击和分布式拒绝服务(Distributed Denial of Service,DDoS)攻击的发生频率越来越高。一般方法很难同时保证检测的实时性和准确性。针对上述问题,对网络流量中的DoS和DDoS攻击流量进行分析,提出了一种将过滤法和嵌入法结合的集成特征选择算法。首先使用过滤法中的相关系数法进行特征排序,按一定比例抽取特征序列组成特征子集。随后通过嵌入法中的随机森林算法对特征子集进行二次特征选择。最后通过决策树和随机森林分类器验证所提算法的分类准确率与分类效率。实验结果表明,与单一嵌入法相比,运用集成特征选择算法后,各项评价指标平均提升6%。与单一过滤法相比,仅需其特征总量的1/6即可达到同样效果。