| 基于流交互三态模型的DDoS攻击检测* |
| |
| 引用本文: | 陈雪刚,程杰仁.基于流交互三态模型的DDoS攻击检测*[J].计算机应用研究,2012,29(4):1445-1448. |
| |
| 作者姓名: | 陈雪刚 程杰仁 |
| |
| 作者单位: | 湘南学院计算机科学系,湖南郴州,423000 |
| |
| 基金项目: | 国家自然科学基金资金项目(60603062,61100194);湖南省教育科学“十二五”规划课题(XJK011BXJ004);湖南省教育厅科研项目(11C1184) |
| |
| 摘 要: | 针对传统方法在检测DDoS攻击时的不足,提出了一种新的IP流交互行为特征算法(IFF),该方法利用IP地址和端口表示IP流的交互性。采用IFF特征,将网络流定义为三种状态,即健康、亚健康和异常,提出了基于IFF特征的三态模型检测方法(DASA),该方法采用了基于滑动平均方法的自适应双阈值算法和报警评估机制,提高了检测DDoS攻击的准确度。仿真实验结果表明,该方法不但能快速、有效地检测DDoS攻击,而且具有较低漏报率和误报率。
|
| 关 键 词: | 分布式拒绝服务 IP流交互 报警评估机制 三态模型 |
DDoS attack detection using three-state model based on IP flow interaction |
| |
| CHEN Xue-gang,CHENG Jie-ren.DDoS attack detection using three-state model based on IP flow interaction[J].Application Research of Computers,2012,29(4):1445-1448. |
| |
| Authors: | CHEN Xue-gang CHENG Jie-ren |
| |
| Affiliation: | (Dept. of Computer Science, Xiangnan University, Chenzhou Hunan 423000, China) |
| |
| Abstract: | Aiming at lack using traditional methods in DDoS detection, this paper proposed a novel IP flow interaction behavior feature (IFF) algorithm based on IP flow interaction via IP addresses and ports. It defined the network flow states into three states as the health state, quasi health state, and abnormal state by using IFF, then presented a simple and efficient DDoS attack detection method based on three-state partition of IFF, and the proposed algorithm exploited self-adapting dual threshold and alarm evaluation mechanism(DASA), and it could increase accuracy of DDoS attack detection. The simulation results show that the method not only can effectively detect abnormal flows containing DDoS attack flow, but also detect it more accuracy and lower false alarm rate. |
| |
| Keywords: | distributed denial of service IP flow interaction alarm evaluation mechanism three-state model |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
|
