摘要
DDoS攻击是当今网络包括下一代网络IPv6中最严重的威胁之一,提出一种基于流量自相似的IPv6的实时检测方法。分别采用改进的WinPcap实现"流"数据的实时捕获和监测,和将Whittle ML方法首次应用于DDoS攻击检测。针对Hurst估值方法的选择和引入DDoS攻击流的网络进行对比仿真实验,结果表明:Hurst估值相对误差,Whittle ML方法比小波变换减少0.07%;检测到攻击的误差只有0.042%,准确性达99.6%;增强了DDoS攻击检测的成功率和敏感度。
Even now DDoS attack is still the major threat in network, including IPv6. A real-time detection method based on traffic self-similarity is proposed. It uses the improved WinPcap for the realization of "flow" data real-time capturing and monitoring, and applies Whittle ML method firstly to DDoS attacks detection. Considering choosing of Hurst parameter estimation and introduction of DDoS attacks on network flow, we make compared simulation experiment. The results show that the Whittle ML is less 0.07% than the wavelet transform in the Hurst relative error, and the new method can detect attacks on the only error of 0.042%, up to 99.6% accuracy, can enhance DDoS attacks detection accuracy and sensitivity.
出处
《微计算机信息》
2010年第6期54-56,共3页
Control & Automation
基金
基金申请人:谢冬青
项目名称:IPv6环境下基于P2P的DDoS分布式防御
基金颁发部门:国家自然科学基金委(60673156)
