| 基于累积和算法的域名系统缓存攻击检测 |
| |
| 引用本文: | 吕卓,范磊.基于累积和算法的域名系统缓存攻击检测[J].计算机工程,2011,37(18):118-120. |
| |
| 作者姓名: | 吕卓 范磊 |
| |
| 作者单位: | 上海交通大学信息安全工程学院,上海,200240 |
| |
| 基金项目: | 国家“863”计划基金资助项目 |
| |
| 摘 要: | 针对域名系统(DNS)缓存攻击,提出一种简单有效的检测机制。为增强对攻击行为的敏感性并减小计算复杂度,通过无参数累积和检测模型改进DNS的协议行为,利用变点检测的相关算法实现对攻击行为的检测。仿真结果表明,该机制能够有效检测DNS缓存攻击,并实现检测准确率和误警率间的平衡。
|
| 关 键 词: | 累积和算法 域名系统缓存攻击 入侵检测 误警率 |
| 收稿时间: | 2011-03-17 |
Detection of Domain Name System Cache Attack Based on Cumulative Sum Algorithm |
| |
| LV Zhuo,FAN Lei.Detection of Domain Name System Cache Attack Based on Cumulative Sum Algorithm[J].Computer Engineering,2011,37(18):118-120. |
| |
| Authors: | LV Zhuo FAN Lei |
| |
| Affiliation: | (School of Information Security Engineering,Shanghai Jiaotong University,Shanghai 200240,China) |
| |
| Abstract: | Aiming at the Domain Name System(DNS) attack,this paper proposes a simple and robust detection mechanism.The core of this mechanism is based on the inherent DNS protocol behaviors and applies an instance of change point detection algorithm to detect attack behavior.To make the detection mechanism insensitive to attack and low computational complexity,based on the nonparametric Cumulative Sum(CUSUM) algorithm,it makes some improvements in view of DNS protocol behavior.Simulation results show the mechanism can detect the DNS attack,it makes good compromise between the detection rate and the false alarm rate. |
| |
| Keywords: | Cumulative Sum(CUSUM) algorithm Domain Name System(DNS) cache attack intrusion detection false alarm rate |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
|
