共查询到18条相似文献,搜索用时 343 毫秒
1.
2.
随着软件定义网络(SDN)研究的发展,其安全性越来越受到重视。由于集中控制和软件可编程的特点,使得SDN容易遭受分布式拒绝服务攻击(DDo S)攻击的威胁。针对基于信息熵的DDo S攻击检测方法的改进,文章提取了流表项中的TTL和源IP地址,得到相同TTL值下源IP地址的条件熵,进一步使用滑动窗口非参数CUSUM算法来分析熵值变化以检测DDo S攻击,最后运用仿真实验验证了其有效性。该方法拥有更低的误报率和更高的敏感度,占用资源少,检测速度快,非常适合SDN环境。 相似文献
3.
异常流量攻击一直是互联网防御中的一个软肋.随着科技的日新月异,数据流量越来越廉价,网络带宽在逐渐增加,而异常流量攻击也在不断的发展,规模在不断扩大,方式上也层出不穷.异常流量攻击的特征识别和防御系统的研究主要提出在特征识别上判断异常流量攻击的数据包和源IP,使用新IP地址的方法进行特征识别,基于CDN来进行流量清洗,对其实现防御. 相似文献
4.
高速网络中入侵检测的抽样方法 总被引:2,自引:1,他引:1
提出了一个面向主干网入侵检测,以内存瓶颈消耗量为测度的动态自适应抽样方法IDSampling.通过分析攻击流量的流长和熵聚类信息特征指导抽样,过滤掉攻击可疑性低的报文,采取"节流"方法解决万兆网络入侵检测存在的性能和精度不平衡问题.在大规模异常发生时采用基于单报文属性熵的单一抽样策略,其他情况下采用带反馈指导的混合抽样策略,试图用尽可能小的检测代价来取得同样的检测效果.实验结果表明①IDSampling可以大幅减低IDS处理输入,同时保证对主干网人规模攻击趋势性信息的检测精度;②相较于随机报文抽样和随机流抽样方法,IDSampling凭借流长、熵聚类信息和后期检测结果等启发式信息的指导,其抽取攻击报文的准确性高于前2种方法,尤其是在大规模、高强度攻击情况下IDSampling抽中攻击报文的数目甚至高于其他2种方法一个数量级. 相似文献
5.
随着数据中心网络流量的迅速增长,如何提高数据中心网络性能和服务质量成为了研究热点。然而现有的流量调度算法在网络负载加大时,一方面会导致网络带宽碎片化从而使得网络吞吐量降低,另一方面忽视了流量应用需求导致网络服务质量较差。为此,该文提出一种面向带宽碎片最小化和QoS保障的动态流量调度算法,算法综合考虑了带宽敏感的大流、时延与丢包敏感的小流的不同需求,首先根据待调度流的源地址和目的地址建立最短路径集,其次从中筛选出满足待调度流的带宽需求的所有路径,然后根据路径剩余带宽信息和小流应用需求情况为每条路径建立权重函数,最后根据权重函数值利用轮盘赌算法选择转发路径。实验仿真结果显示,与其它算法相比,所提算法降低了小流的丢包率和时延,同时在网络负载较大时提升了网络吞吐量。 相似文献
6.
针对一种草图指导公平抽样(SGS)算法对小流估计误差大的问题,该文提出一种基于大小流区分计数的包公平抽样算法(DCMFS),并给出哈希冲突对SGS算法估计误差影响的定量分析结果。DCMFS采用大小流区分计数器,对小流采用逐流精确计数,对大流采用哈希计数。理论分析及实际的数据仿真结果均表明,DCMFS算法对小流能够实现逐流精确统计,对大流的估计标准差接近公平抽样估计标准差理论值上限。算法采用不等长位宽计数器结构,保证其空间复杂度较SGS和自适应非线性抽样方法(ANLS)没有增加;引入计数器置换使得算法时间复杂度略有提高,但仍能满足10 Gbps线速处理要求。 相似文献
7.
降质服务(Reduction of Quality, RoQ)攻击比传统的拒绝服务攻击(Denial of Service, DoS)攻击更具有隐秘性和多变性,这使得检测该攻击十分困难。为提高检测准确率并及时定位攻击源,该文将攻击流量提取建模为一个盲源分离过程,提出了基于快速ICA (Independent Component Analysis)的攻击流特征提取算法,从若干观测网络和终端设备中分离出RoQ攻击流,然后提取表征攻击流的特征参数。接着设计了一种基于支持向量机的协同检测系统和检测算法,通过用已标记的有攻击和无攻击的样本训练SVM分类器,最终实现RoQ攻击的检测。仿真结果表明该方法能够有效检测并定位伪造IP地址的RoQ攻击,检测率达到90%以上,而选取合适的ICA参数会提高检测效果。 相似文献
8.
9.
10.
11.
This paper proposes a traffic anomaly detector, operated in postmortem and in real-time, by passively monitoring packet headers of traffic. The frequent attacks on network infrastructure, using various forms of denial of service attacks, have led to an increased need for developing techniques for analyzing network traffic. If efficient analysis tools were available, it could become possible to detect the attacks, anomalies and to take action to contain the attacks appropriately before they have had time to propagate across the network. In this paper, we suggest a technique for traffic anomaly detection based on analyzing correlation of destination IP addresses in outgoing traffic at an egress router. This address correlation data are transformed using discrete wavelet transform for effective detection of anomalies through statistical analysis. Results from trace-driven evaluation suggest that proposed approach could provide an effective means of detecting anomalies close to the source. We also present a multidimensional indicator using the correlation of port numbers and the number of flows as a means of detecting anomalies. 相似文献
12.
Hyogon Kim Inhye Kang Saewoong Bahk 《IEEE network》2004,18(5):30-39
This article shows that malicious traffic flows such as denial-of-service attacks and various scanning activities can be visualized in an intuitive manner. A simple but novel idea of plotting a packet using its source IP address, destination IP address, and the destination port in a 3-dimensional space graphically reveals ongoing attacks. Leveraging this property, combined with the fact that only three header fields per each packet need to be examined, a fast attack detection and classification algorithm can be devised. 相似文献
13.
分布式拒绝服务(DDoS)攻击是互联网安全的严重威胁,攻击发生时会有大规模流量淹没目标网络和主机。能够准确快速地检测到攻击,区分合法拥塞流量和攻击流量,对攻击流量加以清洗,对于DDoS攻击的防御来说十分重要。采用信息熵对流量参数进行实时统计来检测攻击,用累积和(CUSUM)算法控制熵值连续变化情况。检测到攻击后,依据目的IP数量前后增长情况找出受害者,对流向受害者处的流量进行重点观察。由于大规模的攻击流量与合法的拥塞流量非常相似,难以识别,在此对流本身的相似性进行考察,使用流相关系数算法辨别攻击流量和合法拥塞流量,为流量清洗工作提供依据。 相似文献
14.
Abstract In this article the emphasis is placed on the evaluation of the impact of intelligent flow sampling techniques on the detection and classification of network anomalies. Based on the observation that for specific-purpose applications such as anomaly detection a large fraction of information is contained in a small fraction of flows, we demonstrate that by using sampling techniques that opportunistically and preferentially sample traffic data, we achieve ?magnification? of the appearance of anomalies within the sampled data set and therefore improve their detection. Therefore, the inherently ?lossy? sampling process is transformed to an advantageous feature in the anomaly detection case, allowing the revealing of anomalies that would be otherwise untraceable, and thus becoming the vehicle for efficient anomaly detection and classification. The evaluation of the impact of intelligent sampling techniques on the anomaly detection process is based on the application of an entropy-based anomaly detection method on a packet trace with data that has been collected from a real operational university campus network. 相似文献
15.
We investigate the structure of addresses contained in IPv4 traffic-specifically, the structural characteristics of destination IP addresses seen on Internet links, considered as a subset of the address space. These characteristics have implications for algorithms that deal with IP address aggregates, such as routing lookups and aggregate-based congestion control. Several example address structures are well modeled by multifractal Cantor-like sets with two parameters. This model may be useful for simulations where realistic IP addresses are preferred. We also develop concise characterizations of address structures, including active aggregate counts and discriminating prefixes. Our structural characterizations are stable over short time scales at a given site, and different sites have visibly different characterizations, so that the characterizations make useful "fingerprints" of the traffic seen at a site. Also, changing traffic conditions, such as worm propagation, significantly alter these fingerprints 相似文献
16.
Packet filtering allows a network gateway to control the network traffic flows and protect the computer system. Most of the recent research works on the filtering systems mainly concern the performance, reliability and defence against common network attacks. However, since the gateway might be controlled by red an untrusted attacker, who might try to infer the identity privacy of the sender host and mount IP tracking to its data packets. IP spoofing is another problem. To avoid data packets to be filtered in the packet filtering system, the malicious sender host might use a spoofed source IP address. Therefore, to preserve the source IP privacy and provide source IP authentication simultaneously in the filtering system is an interesting and challenging problem. To deal with the problem, we construct a data packet filtering scheme, which is formally proved to be semantic secure against the chosen IP attack and IP guessing attack. Based on this filtering scheme, we propose the first privacy-preserving packet filtering system, where the data packets whose source IP addresses are at risk are filtered, the privacy of the source IP is protected and its correctness can be verified by the recipient host. The analysis shows that our protocol can fulfil the objectives of a data packet filtering system. The performance evaluation demonstrates its applicability in the current network systems. We also presented a packet filtering scheme, where the data packets from one subnet can be filtered with only one filter policy. 相似文献
17.
《Networking, IEEE/ACM Transactions on》2009,17(1):15-25
18.
A parameterizable methodology for Internet traffic flow profiling 总被引:16,自引:0,他引:16
Claffy K.C. Braun H.-W. Polyzos G.C. 《Selected Areas in Communications, IEEE Journal on》1995,13(8):1481-1494
We present a parameterizable methodology for profiling Internet traffic flows at a variety of granularities. Our methodology differs from many previous studies that have concentrated on end-point definitions of flows in terms of state derived from observing the explicit opening and closing of TCP connections. Instead, our model defines flows based on traffic satisfying various temporal and spatial locality conditions, as observed at internal points of the network. This approach to flow characterization helps address some central problems in networking based on the Internet model. Among them are route caching, resource reservation at multiple service levels, usage based accounting, and the integration of IP traffic over an ATM fabric. We first define the parameter space and then concentrate on metrics characterizing both individual flows as well as the aggregate flow profile. We consider various granularities of the definition of a flow, such as by destination network, host-pair, or host and port quadruple. We include some measurements based on case studies we undertook, which yield significant insights into some aspects of Internet traffic, including demonstrating (i) the brevity of a significant fraction of IP flows at a variety of traffic aggregation granularities, (ii) that the number of host-pair IP flows is not significantly larger than the number of destination network flows, and (iii) that schemes for caching traffic information could significantly benefit from using application information 相似文献