| 大流量下一种基于活跃熵的DDoS攻击检测方法 |
| |
| 引用本文: | 张明明.大流量下一种基于活跃熵的DDoS攻击检测方法[J].计算机应用研究,2016,33(7). |
| |
| 作者姓名: | 张明明 |
| |
| 作者单位: | 国家数字交换系统工程技术研究中心 |
| |
| 基金项目: | 国家科技支撑计划资助项目(2014BAH30B01) |
| |
| 摘 要: | 为了提高在大流量背景下DDoS攻击检测的实时性。本文提出一种在大流量背景下基于活跃熵的DDoS攻击检测方法。在IP流层面通过分析系统活跃熵值来对整个流量进行初探,剔除正常流量。利用多特征广泛权重最小二乘孪生支持向量机算法(WWLSTSVM)对攻击威胁进行攻击确认。通过实验验证方法的可行性,实验表明在合适场景下本方法可以在保证时效性的同时减少系统误报率。大流量背景下该检测方法比一般的机器学习算法具有更好的检测性能。
|
| 关 键 词: | DDoS检测 活跃熵 多特征 最小二乘 孪生支持向量机 |
| 收稿时间: | 5/7/2015 12:00:00 AM |
| 修稿时间: | 2015/6/17 0:00:00 |
A DDoS attack detection method based on alive entropy under the background of large flow |
| |
| zhangmingming.A DDoS attack detection method based on alive entropy under the background of large flow[J].Application Research of Computers,2016,33(7). |
| |
| Authors: | zhangmingming |
| |
| Affiliation: | National Digital Switching System Engineering |
| |
| Abstract: | To improve the real-time performance of DDoS attacks detection under the background of large flow. This paper present a DDoS attack detection method based on active entropy under the background of large flow. In the aspect of IP flow through analysis system active entropy values to make a preliminary study of the entire flow excluding normal traffic. Using the multi-feature weighted least squares wide twin SVM (WWLSTSVM) to confirm the threat of attack. Experimental verification the method is feasible, experimental results show that under the right scenario this method can reduce the false alarm rate while ensuring the timeliness. The approach has a better survivability than the general machine learning algorithms under the background of large flow. |
| |
| Keywords: | DDoS detection alive entropy multi-feature least squares twin support vector machine |
|
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
