| 网络DDoS攻击流的小波分析与检测 |
| |
| 引用本文: | 顾俊佳,李宁.网络DDoS攻击流的小波分析与检测[J].计算机工程与应用,2006,42(5):127-130. |
| |
| 作者姓名: | 顾俊佳 李宁 |
| |
| 作者单位: | 中山大学电子与通信工程系,广州,510275 |
| |
| 基金项目: | 中国科学院资助项目;广东省博士启动基金 |
| |
| 摘 要: | 将小波分析中的小波变换模极大方法用于检测分布式拒绝服务攻击引起的突发流量。在探讨如何运用小波模极大对突发流量进行判定的基础上,设计了一个检测突发攻击流量的方法,并对实际采集到的网络流量和仿真攻击流量的混合流作了计算机模拟验证。结果表明,当攻击流的突变幅度为正常流量的2倍 ̄3倍时,检测漏判率不超过5%;当攻击流的突变幅度提升为正常流量均值的3倍 ̄5倍时,检测漏判率不超过1%。攻击越强,检测漏判率越小。
|
| 关 键 词: | 网络流量 分布式拒绝服务攻击 突发攻击流 小波分析 奇异点检测 |
| 文章编号: | 1002-8331-(2006)05-0127-04 |
| 收稿时间: | 2005-06 |
| 修稿时间: | 2005-06 |
Detection of DDoS Attack Flow in Web Traffic Based on Wavelet Analysis |
| |
| Gu Junjia,Li Ning.Detection of DDoS Attack Flow in Web Traffic Based on Wavelet Analysis[J].Computer Engineering and Applications,2006,42(5):127-130. |
| |
| Authors: | Gu Junjia Li Ning |
| |
| Affiliation: | Department of Electronics and Communication Technology,Zhong-Shan University,Guangzhou 510275 |
| |
| Abstract: | The DDoS(Distributed Denial of Service) flooding attack sends a large number of useless packets to a website to jam or even crash the victim network.Several proposals have been proposed to prevent the DDoS attacks.In fact,this kind of attacks will cause flash crowds in the web traffic.Here we have used WTMM(Wavelet Transform Modulus Maxima) to detect the starting point of the flash crowds made by the DDoS attack flow mixed with the normal web traffic.Then,we have validated and simulated the detection method for a real data set collected from a web server mixed with DDoS attack traffic.The results show that the false positives and negatives is under 5% when the volume of the attack flow is 2~3 times over the normal web traffic,and under 1% when 4~5 times.The stronger the attack flow is,the smaller the ratio of false alert is. |
| |
| Keywords: | web traffic DDoS flash crowd wavelet analysis singularity detection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
