期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于流交互三态模型的DDoS攻击检测

DDoS attack detection using three-state model based on IP flow interaction
在线阅读 下载PDF
导出
摘要 针对传统方法在检测DDoS攻击时的不足,提出了一种新的IP流交互行为特征算法(IFF),该方法利用IP地址和端口表示IP流的交互性。采用IFF特征,将网络流定义为三种状态,即健康、亚健康和异常,提出了基于IFF特征的三态模型检测方法(DASA),该方法采用了基于滑动平均方法的自适应双阈值算法和报警评估机制,提高了检测DDoS攻击的准确度。仿真实验结果表明,该方法不但能快速、有效地检测DDoS攻击,而且具有较低漏报率和误报率。 Aiming at lack using traditional methods in DDoS detection,this paper proposed a novel IP flow interaction behavior feature(IFF) algorithm based on IP flow interaction via IP addresses and ports.It defined the network flow states into three states as the health state,quasi health state,and abnormal state by using IFF,then presented a simple and efficient DDoS attack detection method based on three-state partition of IFF,and the proposed algorithm exploited self-adapting dual threshold and alarm evaluation mechanism(DASA),and it could increase accuracy of DDoS attack detection.The simulation results show that the method not only can effectively detect abnormal flows containing DDoS attack flow,but also detect it more accuracy and lower false alarm rate.
作者 陈雪刚 程杰仁
机构地区 湘南学院计算机科学系
出处 《计算机应用研究》 CSCD 北大核心 2012年第4期1445-1448,共4页 Application Research of Computers
基金 国家自然科学基金资金项目(60603062 61100194) 湖南省教育科学"十二五"规划课题(XJK011BXJ004) 湖南省教育厅科研项目(11C1184)
关键词 分布式拒绝服务 IP流交互 报警评估机制 三态模型 distributed denial of service IP flow interaction alarm evaluation mechanism three-state model
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献14

  • 1HANDLEY M.DoS-resistant Internet subgroup report[R].[S.l.]:Internet Architecture WG,2005:1-27.
  • 2KUMAR V,JAYALEKSHMY P,PATRA G,et al.On remote exploi-tation of TCP sender for low-rate flooding denial-of-service attack[J].IEEE Communications Letters,2009,13(1):46-48.
  • 3CHENG C,KUNG H,TAN K.Use of spectral analysis in defenseagainst DoS attacks[C]//Proc of IEEE GLOBECOM.2002:2143-2148.
  • 4LAKHINA A,CROVELLA M,DIOT C.Diagnosing network-widetraffic anomalies[C]//Proc of ACM SIGCOMM.New York:ACMPress,2004:219-230.
  • 5ABDELSAYED S,GLIMSHOLT D,LECKIE C,et al.An efficientfilter for denial-of service bandwidth attacks[C]//Proc of the 46thIEEE GLOBECOM.2003:1353-1357.
  • 6MIRKOVIC J,REIHER P.D-WARD:a source-end defense againstflooding denial-of-service attacks[J].IEEE Trans on Dependableand Secure Computing,2005,2(3):216-232.
  • 7LAKHINA A,CROVELLA M,DIONT C.Mining anomalies usingtraffic feature distributions[C]//Proc of ACM SIGCOMM.NewYork:ACM Press,2005:217-228.
  • 8PENG T,LECKIE C,KOTAGIRI R.Proactively detecting distribu-ted denial of service attacks using source IP address monitoring[C]//Proc of the 3rd International IFFP-TC6 Networking Conference.2004:771-782.
  • 9FORREST S,HOFMEYR S.Architecture for an artificial immunesystem[J].Evolution Computation,1999,7(1):45-68.
  • 10SHMATIKOV V,WANG M H.Security against probe-response at-tacks in collaborative intrusion detection[C]//Proc of the 2007Workshop on Large Scale Attack Defense.New York:ACM Press,2007:129-136.

二级参考文献2

共引文献5

计算机应用研究
2012年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部