一种基于小波特征提取的低速率DoS 检测方法

低速率拒绝服务攻击(low-rate denial-of-service,简称LDoS)比传统的DDoS(distributed DoS)攻击更具隐蔽 性和欺骗性,依据其周期性脉冲突发特点,设计实现了一种基于小波特征提取的LDoS 检测系统DSBWA(detection system based on wavelet analysis).该系统以到达检测节点的数据包数目为研究对象,通过小波多尺度分析,结合 LDoS 的攻击规律提取5 个特征指标,在此基础上采用BP 神经网络进行综合诊断.一旦检测出LDoS 攻击,系统定位 攻击脉冲数据的到达时刻以获得攻击者的相关信息.NS-2 模拟实验结果表明,DSBWA 具有高检测率和低误警率,并 且能够检测出LDoS 变种攻击,消耗计算资源少,具有良好的实用价值.

A Low-Rate DoS Detection Method Based on Feature Extraction Using Wavelet Transform

LDoS (low-rate denial-of-service) attacks are stealthier and trickier than the traditional DDoS (distributed DoS) attacks. According to the characteristic of periodicity and short burst in LDoS flows, a detectionsystem DSBWA (detection system based on wavelet analysis) against LDoS attacks has been designed andimplemented based on feature extraction using wavelet transform. The proposed system, focusing on the number ofarriving packets at the monitoring node, extracts five feature indices of LDoS flows through wavelet multi-scaleanalysis of network traffic. Then a synthesis diagnosis is made by a trained BP neural network. Once the attack isverified, the information related to attackers can be obtained by locating malicious pulses. Simulation results in NS-2 show that the scheme DSBWA, capable of detecting the variants of LDoS attack, achieves high detection rate with low computation cost, and hence has good practical value.