| RoQ攻击的特征提取和检测 |
| |
| 引用本文: | 文坤,杨家海,李晨曦,程凤娟,尹辉.RoQ攻击的特征提取和检测[J].软件学报,2015,26(S2):90-99. |
| |
| 作者姓名: | 文坤 杨家海 李晨曦 程凤娟 尹辉 |
| |
| 作者单位: | 清华大学网络科学与网络空间研究院, 北京 100084;清华信息科学与技术国家实验室(筹)(清华大学), 北京 100084,清华大学网络科学与网络空间研究院, 北京 100084;清华信息科学与技术国家实验室(筹)(清华大学), 北京 100084,清华大学网络科学与网络空间研究院, 北京 100084;清华信息科学与技术国家实验室(筹)(清华大学), 北京 100084,河南工业大学信息科学与工程学院, 河南郑州 450001,河南工业大学信息科学与工程学院, 河南郑州 450001 |
| |
| 基金项目: | 国家自然科学基金(61170211) |
| |
| 摘 要: | 降质攻击(RoQ)是一种非典型拒绝服务攻击,具有很强的隐蔽性,大多数传统的基于DoS攻击的检测方法不再适用.迄今为止,有不少学者提出了许多新的方法,但这些检测方法在不同程度上存在误报率较高的情况.为此,提出了一种改进的检测方法,它在分析和提取异常突变特征的基础上,对异常突变的局部流量进行了二次频谱分析,提取了攻击的周期特征,从而提高了检测的精确度.模拟实验及对比分析结果表明,该检测方法的检测精度高,其误报率和漏报率都很低.
|
| 关 键 词: | 网络安全 RoQ攻击 异常检测 小波分析 倒频谱 |
| 收稿时间: | 5/2/2014 12:00:00 AM |
| 修稿时间: | 2014/8/22 0:00:00 |
Characteristics Extraction and Detection of RoQ Attack |
| |
| WEN Kun,YANG Jia-Hai,LI Chen-Xi,CHENG Feng-Juan and YIN Hui.Characteristics Extraction and Detection of RoQ Attack[J].Journal of Software,2015,26(S2):90-99. |
| |
| Authors: | WEN Kun YANG Jia-Hai LI Chen-Xi CHENG Feng-Juan and YIN Hui |
| |
| Affiliation: | Institute for the Network Sciences and Cyberspace, Tsinghua University, Beijing 100084, China;Tsinghua National Laboratory for Information Science and Technology(TNList)(Tsinghua University), Beijing 100084, China,Institute for the Network Sciences and Cyberspace, Tsinghua University, Beijing 100084, China;Tsinghua National Laboratory for Information Science and Technology(TNList)(Tsinghua University), Beijing 100084, China,Institute for the Network Sciences and Cyberspace, Tsinghua University, Beijing 100084, China;Tsinghua National Laboratory for Information Science and Technology(TNList)(Tsinghua University), Beijing 100084, China,College of Information Science and Engineering, He'nan University of Technology, Zhengzhou 450001, China and College of Information Science and Engineering, He'nan University of Technology, Zhengzhou 450001, China |
| |
| Abstract: | Reduction of quality (RoQ) attack is an atypical denial of service (DoS) attack, which has a strong concealment. Consequently, most traditional methods of detection are no longer applicable. There are a number of new methods developed recently. However, most of these methods have higher false positive rate in varying degree. In this paper, a novel method is proposed based on the principle of time-frequency analysis with Wavelet multi-resolution and Cepstral technique. First, according to different time-domain characteristics, the potential anomaly is detected and the abrupt change point is located. Secondly, the local traffic around the abrupt change point is analyzed by cepstrum. The potential characteristics of attack periodicity is extracted. By the two-stage detection, this new method ultimately can confirm whether the network is affected by the attack. Results of simulations and real network experiments demonstrate that the presented algorithm can detect RoQ attacks accurately with very low false positive rate and false negative rate. |
| |
| Keywords: | network security RoQ attack anomaly detection wavelet analysis cepstrum |
|
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
