| 基于宏观网络流相关性的DDoS攻击检测 |
| |
| 引用本文: | 许晓东,范艳华,朱士瑞.基于宏观网络流相关性的DDoS攻击检测[J].计算机工程,2011,37(10):134-136. |
| |
| 作者姓名: | 许晓东 范艳华 朱士瑞 |
| |
| 作者单位: | 江苏大学网络中心,江苏,镇江,212013 |
| |
| 基金项目: | 江苏省教育厅高校科学研究基金资助项目 |
| |
| 摘 要: | 针对现行分布式拒绝服务(DDoS)攻击检测方法存在检测效率低、适用范围小等缺陷,在分析DDoS攻击对网络流量大小和IP地址相关性影响的基础上,提出基于网络流相关性的DDoS攻击检测方法。对流量大小特性进行相关性分析,定义Hurst指数方差变化率为测度,用以区分正常流量与引起流量显著变化的异常性流量。研究IP地址相关性,定义并计算IP地址相似度作为突发业务流和DDoS攻击的区分测度。实验结果表明,对网络流中流量大小和IP地址2个属性进行相关性分析,能准确地区分出网络中存在的正常流量、突发业务流和DDoS攻击,达到提高DDoS攻击检测效率的目的。
|
| 关 键 词: | 分布式拒绝服务攻击 自相似性 突发业务流 相似度 |
DDoS Attack Detection Based on Correlation of Macro Network Flow |
| |
| XU Xiao-dong,FAN Yan-hua,ZHU Shi-rui.DDoS Attack Detection Based on Correlation of Macro Network Flow[J].Computer Engineering,2011,37(10):134-136. |
| |
| Authors: | XU Xiao-dong FAN Yan-hua ZHU Shi-rui |
| |
| Affiliation: | (Network Center,Jiangsu University,Zhenjiang 212013,China) |
| |
| Abstract: | Aiming at the defects such as detection efficiency is still low,the application scope is narrow in currently detection methods,based on analyzing the impact of the correlation of traffic size and IP address caused by Distributed Denial of Service(DDoS) attacks,this paper proposes a method of detecting DDoS attacks based on the correlation of network flow,analyses the correlation of traffic size,defines the rate of variance of hurst exponent as the measure to distinguish the normal traffic and abnormal traffic which cause the original traffic increase notable.The correlation of IP address is analysed,flash traffic and DDoS attacks through the measure of degree of similarity are distinguished.Result shows that through combine correlation analysis of traffic size and IP address,it can distinguish DDoS attacks traffic from normal traffic and burst traffic,and raise the detection efficiency. |
| |
| Keywords: | Distributed Denial of Service(DDoS) attack self-similarity burst traffic degree of similarity |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
|
