期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于熵的DDoS攻击实时检测算法 被引量:3

A real-time DDoS attacks detection method based on entropy
在线阅读 下载PDF
导出
摘要 提出一种轻量级的DDoS(distributed denial of service)攻击检测的有效方法.首先基于滑动窗口技术的熵算法实时检测网络数据包中目的IP地址出现的随机性,然后使用VTP(variance-time plot)方法进行异常检测.实验结果表明,该方法能够实时检测出各种DDoS攻击的存在,特别是能够发现大流量背景下攻击流量没有引起整个网络流量显著变化的DDoS攻击. An efficient light-weight method for defending against DDoS attacks is designed in this paper. The entropy method based on a sliding window is used to compute the randomness of destination IP address of network packets in time. Then, VTP technology is used to detect abnormity. This method can detect the existence of DDoS attacks on line. According to experiments, the method in this paper can find out the DDoS intrusion against the large scale network, which does not arouse the sharp changes of the network traffic.
作者 王佳佳 严芬 殷新春
机构地区 扬州大学信息工程学院 南京大学计算机软件新技术国家重点实验室
出处 《扬州大学学报(自然科学版)》 CAS CSCD 北大核心 2009年第1期56-60,共5页 Journal of Yangzhou University:Natural Science Edition
基金 国家高技术研究发展计划项目(863-2003AA142010) 国家自然科学基金资助项目(60473093) 江苏省高技术研究计划项目(BG2004030)
关键词 DDOS 熵算法 实时检测 HURST参数 DDoS entropy method on-line detection Hurst parameter
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1严芬,王佳佳,赵金凤,殷新春.DDoS攻击检测综述[J].计算机应用研究,2008,25(4):966-969. 被引量:36
  • 2FEINSTEIN L, SCHNACKENBERG D, BALUPARI R, et al. Statistical approaches to DDoS attack detection and response [C]// Proc of the DARPA Information Survivability Conf and Exposition. [S.l. ]: IEEE, 2003: 303-314.
  • 3孙钦东,张德运,高鹏.基于时间序列分析的分布式拒绝服务攻击检测[J].计算机学报,2005,28(5):767-773. 被引量:55
  • 4KUMAR K, JOSHI R C, SINGH K. A distributed approach using entropy to detect DDoS attacks in ISP domain [C]// IEEE-ICSCN 2007. Chennai, India: MIT Campus, Anna University, 2007: 331-337.
  • 5SPEIDEL U, EIMANN R, BROWNLEE N. Detecting network events via T-entropy[C]// Information, Communication & Signal Processing, 2007 6th International Conference on 10-13 Dec. Singapore: IEEE, 2007 : 1-5.
  • 6CHANG R K C. Defending against flooding-based distributed denial-of service attacks: a tutorial[J].IEEE Commun Mag, 2002, 40(10):42-51.
  • 7孙知信,姜举良,焦琳.DDOS攻击检测和防御模型[J].软件学报,2007,18(9):2245-2258. 被引量:34
  • 8MIT Lincoln Laboratory. DARPA intrusion detection evaluation[DB/OL]. 1999[2008-01-15]. http://www.ll. mit.edu/IST/ideval/.
  • 9MIT Lincoln Laboratory. LLS DDOS_1.0[Z/OL]. 2000[2008-01-15]. http://www. ll. mit. edu/IST/ideval/ data/2000/LLS_DDOS_1.0html.
  • 10PAXSON V. Fast approximation of self-similar network traffic [R]. Technical Report LBL36750. Berkeley: University of California, 1995.

二级参考文献44

共引文献117

同被引文献27

  • 1夏士雄,李文超,周勇,张磊,牛强.Improved k-means clustering algorithm[J].Journal of Southeast University(English Edition),2007,23(3):435-438. 被引量:16
  • 2LAU F, RUBIN S H, SMITH M H, et al. Distributed denial of service attacks [C]// 2000 IEEE International Conference on Systems, Man, and Cybernetics. Nashville, TN: IEEE, 2000,3 : 2275-2280.
  • 3TAMARU A, GILHAM F, JAGANNATHAN R, et al. A real- time intrusion detection expert system (IDES) [R]. CA: Com- puter Science Laboratory, 1992.
  • 4KUMAR S, SPAFFORD E H. A software architecture to sup- port misuse intrusion detection [C]// Proceedings of the 18th National Information Security Conference. [S.1.]: NISC, 1995: 194-204.
  • 5CANNADY J. Artificial neural networks for misuse detection [C]// Proceedings of the 1998 National Information Systems Se- curity Conference. [S.1.]: NISSC, 1998: 443-456.
  • 6LAKHINA A, CROVELLA M, DIOT C. Mining anomalies using traffic feature distributions [C]// Proceedings of ACM SIGCOMM 2005. Philadelphia, Pennsylvania, USA: ACM, 2005: 111-121.
  • 7CHEN W, YEUNG D Y. Defending against TCP SYN flooding attacks under different types of IP spoofing [C]// Proceedings of International Conference on Mobile Communications and Learn- ing Technologies. [S.1.]: ICMCLT, 2006: 38-48.
  • 8SHIN Scung-won, KIM Ki-young, JANG Jong-soo. D-SAT: de- tecting SYN flooding attack by two-stage statistical approach [C]// Proceedings of the 2005 Symposium on Applications and the Internet. [S.1.]: SAINT, 2005: 430-436.
  • 9JIN S, YEUNG D. A covariance analysis model for DDoS at- tack detection[C]// Proceedings of the Int'l Conf. on Communi- cations. [S.1.]: IEEE, 2004: 1882-1886.
  • 10YU Shui, ZHOU Wan-lei, JIA Wei-jia, et al. Discriminating DDoS attacks from flash crowds using flow correlation coeffi- cient [J]. IEEE Transactions on Parallel and Distributed Sys- tems, 2012, 23(6) : 1073-1080.

引证文献3

二级引证文献9

扬州大学学报(自然科学版)
2009年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部