低速率分布式拒绝服务LDDoS(Low-rate Distributed Denial of Service)攻击是一种新型的DDoS攻击.它利用TCP协议超时重传RTO(Retransmission Time Out)机制,向受害者发送周期性的脉冲(Pulse)攻击.LDDoS平均攻击速率较低,因此它能躲避传...低速率分布式拒绝服务LDDoS(Low-rate Distributed Denial of Service)攻击是一种新型的DDoS攻击.它利用TCP协议超时重传RTO(Retransmission Time Out)机制,向受害者发送周期性的脉冲(Pulse)攻击.LDDoS平均攻击速率较低,因此它能躲避传统的检测方法.本文针对LDDoS攻击提出了一种基于卡尔曼(Kalman)滤波的检测方法,采用一步预测与最优估算的误差值作为检测依据.通过模拟仿真和在实际网络环境中测试,得到89.6%的检测率.实验结果表明本文方法能有效地检测出LDDoS攻击.展开更多
As a special type of distributed denial of service(DDoS) attacks, the low-rate DDoS(LDDoS) attacks have characteristics of low average rate and strong concealment, thus, it is hard to detect such attacks by traditiona...As a special type of distributed denial of service(DDoS) attacks, the low-rate DDoS(LDDoS) attacks have characteristics of low average rate and strong concealment, thus, it is hard to detect such attacks by traditional approaches. Through signal analysis, a new identification approach based on wavelet decomposition and sliding detecting window is proposed. Wavelet decomposition extracted from the traffic are used for multifractal analysis of traffic over different time scale. The sliding window from flow control technology is designed to identify the normal and abnormal traffic in real-time. Experiment results show that the proposed approach has advantages on detection accuracy and timeliness.展开更多
文摘低速率分布式拒绝服务LDDoS(Low-rate Distributed Denial of Service)攻击是一种新型的DDoS攻击.它利用TCP协议超时重传RTO(Retransmission Time Out)机制,向受害者发送周期性的脉冲(Pulse)攻击.LDDoS平均攻击速率较低,因此它能躲避传统的检测方法.本文针对LDDoS攻击提出了一种基于卡尔曼(Kalman)滤波的检测方法,采用一步预测与最优估算的误差值作为检测依据.通过模拟仿真和在实际网络环境中测试,得到89.6%的检测率.实验结果表明本文方法能有效地检测出LDDoS攻击.
基金supported by the Joint Funds of National Natural Science Foundation of China and Civil Aviation Administration of China (U1933108)the National Science Foundation for Young Scientists of China (61601467)+1 种基金the Key Program of Natural Science Foundation of Tianjin (17JCZDJC30900)the Fundamental Research Funds for the Central Universities of China (3122019051).
文摘As a special type of distributed denial of service(DDoS) attacks, the low-rate DDoS(LDDoS) attacks have characteristics of low average rate and strong concealment, thus, it is hard to detect such attacks by traditional approaches. Through signal analysis, a new identification approach based on wavelet decomposition and sliding detecting window is proposed. Wavelet decomposition extracted from the traffic are used for multifractal analysis of traffic over different time scale. The sliding window from flow control technology is designed to identify the normal and abnormal traffic in real-time. Experiment results show that the proposed approach has advantages on detection accuracy and timeliness.
