DDoS攻击检测分析

分布式拒绝服务是一种网络攻击手段,以消耗目标计算机网络资源或者系统资源为目的,从而瘫痪目标计算机.由于易攻难守和低廉的成本,深得黑客喜爱.目前的安全工具大多具有一定的DDoS检测与过滤.但因为DDoS的攻击特性,能轻易地绕开防火墙系统.所以如何更有效地获得DDoS攻击信息,成为了现阶段防御DDoS攻击主要面临的问题.     

基于VTP方法的DDoS攻击实时检测技术研究

为了能及时准确检测DDoS攻击的发生,在对方差－时间图(VTP,Variance－Time Plots)方法分析的基础上,对基于VTP的实时在线计算Hurst参数技术进行了性能分析,得出了其具有高效性的结论,并利用这种技术,对MIT的林肯实验室数据进行了分析,总结出了DDoS攻击过程中,网络流量的自相似模型的Hurst参数变化规律,即DDoS攻击刚开始时,Hurst参数具有较快的上升趋势,然后在参数值很高水平的基础上具有缓慢下降趋势,直到计算Hurst参数的网络流量全部是DDoS攻击流量时,有一个突然下降的现象(从0.95以上降至0.45左右),并由此总结出一种基于Hurst参数实时检测DDoS攻击发生的技术.     

DDoS攻击检测研究综述

DDoS攻击作为当前网络安全最严重的威胁之一,近年来随着僵尸网络的盛行,其攻击影响日趋扩大,因此对DDoS攻击进行检测变得尤为重要。本文按照攻击层次和检测位置的不同,对于不同的DDoS攻击检测方法给出了详细的分类,同时在此基础上对各类检测方法进行分析和性能比较,明确了各种检测方法的特点和应用范围,最后讨论了当前攻击检测存在的问题及进一步研究的方向。     

基于自相似检测DDoS攻击的小波分析方法

针对传统检测方法不能有效检测弱DDoS攻击和区分繁忙业务和攻击的问题,在研究 DDOS攻击对网络流量自相似性影响的基础上,提出了小波分析检测DDoS攻击的方法,并设计了采用该方法检测DDoS攻击的模型,解决了方法实现过程中小波选择、求解Hurst参数的一些关键问题,实验表明,提出的方法能够识别繁忙业务、检测到弱DDoS攻击引起的Hurst参数值的变化,比传统的检测方法准确灵敏.     

基于链路特征的DDoS攻击检测方法

提出了一种基于链路特征的DDoS攻击检测方法,利用极大似然估计技术推出网络内部链路特征分布,应用自组织映射神经网络进行链路特征活动轮廓学习和异常链路检测。实验结果表明,该方法有效,具有一定的发展潜力,对于DDoS攻击的检测和预防具有重要现实意义。     

智胜DDoS攻击解析

纵观网络安全攻击的各种手段和方法，DoS(Denial of Service)拒绝服务类攻击危害巨大，有报道说黑客每周发起的DoS类网络攻击达到4000次之巨，据此看来，网络上将无时不刻的在承受DoS打击。而DDos(Distributed Denial of Service)分布式拒绝服务攻击的出现无疑是一场网络的灾难，它是DoS攻击的演变和升级，是黑客手中惯用的攻击方式之一，破坏力极强，往往会带给网络致命的打击。     

DC中DDoS攻击预防与防御

DDoS攻击是Internet面临的最大威胁之一。论文综合分析了近年来DDoS防御与反应技术的研究成果,指出了现有方法的不足,并根据IDC业务的实际情况,阐述了IDC中对DDoS攻击的预防与防御对策。     

基于动态布鲁姆过滤器的DDoS攻击检测方法

基于传统的布鲁姆过滤器在异常流量检测方面存在的不足,提出了动态布鲁姆过滤器的异常流量检测的结构,在检测率和误码率上都有所提高,从而更有效的预防了DDOS攻击.     

基于流媒体服务DDoS攻击防范研究

分布式拒绝服务（Distributed Deny of Service,DDoS）攻击是目前最难解决的网络安全问题之一。在研究RTSP（Real-Time Streaming Protocol）协议漏洞基础上,提出一种有效防御流媒体服务DDoS攻击防御方案。该方案基于时间方差图法（Variance-TimePlots,VTP）,计算自相似参数Hurst值,利用正常网络流量符合自相似模型的特性来进行DDoS攻击检测,并综合采用黑白名单技术对流量进行处理。最后通过MATLAB仿真工具进行了模拟实验,并对结果进行了分析,在协议分析基础上能合理控制流量,使得DDoS攻击检测准确率、实时性高,目标流媒体服务器带宽和资源得到了有效保护。     

一种检测DDoS攻击主控端的方法

文章利用分布式拒绝服务攻击(DDoS)主控端通过控制大量傀儡机进行攻击的特点,以蜜罐技术为基础提出一种新的检测DDoS中主控端的方法。将蜜罐机伪装成受控制的傀儡机,通过监视其与主控端的通信,分析捕获的数据包,获取主控端及攻击信息,并将这些信息整理分发,便于为攻击目标提供预警,收集入侵证据,阻止攻击行为。     

DDoS attack detection and defense based on hybrid deep learning model in SDN

Software defined network (SDN) is a new kind of network technology,and the security problems are the hot topics in SDN field,such as SDN control channel security,forged service deployment and external distributed denial of service (DDoS) attacks.Aiming at DDoS attack problem of security in SDN,a DDoS attack detection method called DCNN-DSAE based on deep learning hybrid model in SDN was proposed.In this method,when a deep learning model was constructed,the input feature included 21 different types of fields extracted from the data plane and 5 extra self-designed features of distinguishing flow types.The experimental results show that the method has high accuracy,it’s better than the traditional support vector machine (SVM) and deep neural network (DNN) and other machine learning methods.At the same time,the proposed method can also shorten the processing time of classification detection.The detection model is deployed in SDN controller,and the new security policy is sent to the OpenFlow switch to achieve the defense against specific DDoS attack.     

Detection and defense of DDoS attack–based on deep learning in OpenFlow‐based SDN

Distributed denial of service (DDoS) is a special form of denial of service attack. In this paper, a DDoS detection model and defense system based on deep learning in Software‐Defined Network (SDN) environment are introduced. The model can learn patterns from sequences of network traffic and trace network attack activities in a historical manner. By using the defense system based on the model, the DDoS attack traffic can be effectively cleaned in Software‐Defined Network. The experimental results demonstrate the much better performance of our model compared with conventional machine learning ways. It also reduces the degree of dependence on environment, simplifies the real‐time update of detection system, and decreases the difficulty of upgrading or changing detection strategy.     

一种基于资源感知的小流量DDoS攻击防御方法

分布式拒绝服务攻击（DDoS）对网络具有极大的破坏性,严重影响现网的正常运营。虽然现网已经部署针对DDoS的流量清洗系统,然而小流量的攻击较洪水型攻击更难以被感知,进而不能得到有效的清洗。本文分析了网络中小流量DDoS攻击的原理和防御现状,并提出一种基于资源感知的小流量DDoS攻击防御方法。     

A deep learning approach with Bayesian optimization and ensemble classifiers for detecting denial of service attacks

Detecting malicious behavior is important for preventing security threats in a computer network. Denial of Service (DoS) is among the popular cyber attacks targeted at web sites of high‐profile organizations and can potentially have high economic and time costs. In this paper, several machine learning methods including ensemble models and autoencoder‐based deep learning classifiers are compared and tuned using Bayesian optimization. The autoencoder framework enables to extract new features by mapping the original input to a new space. The methods are trained and tested both for binary and multi‐class classification on Digiturk and Labris datasets, which were introduced recently for detecting various types of DDoS attacks. The best performing methods are found to be ensembles though deep learning classifiers achieved comparable level of accuracy.     

BotCatcher:botnet detection system based on deep learning

Machine learning technology has wide application in botnet detection.However,with the changes of the forms and command and control mechanisms of botnets,selecting features manually becomes increasingly difficult.To solve this problem,a botnet detection system called BotCatcher based on deep learning was proposed.It automatically extracted features from time and space dimension,and established classifier through multiple neural network constructions.BotCatcher does not depend on any prior knowledge which about the protocol and the topology,and works without manually selecting features.The experimental results show that the proposed model has good performance in botnet detection and has ability to accurately identify botnet traffic .     

基于深度学习的图像显著对象检测

显著区域检测可应用在对象识别、图像分割、视 频/图像压缩中,是计算机视觉领域的重要研究主题。然而,基于不 同视觉显著特征的显著区域检测法常常不能准确地探测出显著对象且计算费时。近来,卷积 神经网络模型在图像分析和处理 领域取得了极大成功。为提高图像显著区域检测性能,本文提出了一种基于监督式生成对抗 网络的图像显著性检测方法。它 利用深度卷积神经网络构建监督式生成对抗网络,经生成器网络与鉴别器网络的不断相互对 抗训练,使卷积网络准确学习到 图像显著区域的特征,进而使生成器输出精确的显著对象分布图。同时,本文将网络自身误 差和生成器输出与真值图间的 L1距离相结合,来定义监督式生成对抗网络的损失函数,提升了显著区域检测精度。在MSRA 10K与ECSSD数据库上的实 验结果表明,本文方法 分别获得了94.19%与96.24%的准确率和93.99%与90.13%的召回率,F -Measure值也高达94.15%与94.76%,优于先 前常用的显著性检测模型。     

Software-defined networking QoS optimization based on deep reinforcement learning

To solve the problem that the QoS optimization schemes which based on heuristic algorithm degraded often due to the mismatch between parameters and network characteristics in software-defined networking scenarios,a software-defined networking QoS optimization algorithm based on deep reinforcement learning was proposed.Firstly,the network resources and state information were integrated into the network model,and then the flow perception capability was improved by the long short-term memory,and finally the dynamic flow scheduling strategy,which satisfied the specific QoS objectives,were generated in combination with deep reinforcement learning.The experimental results show that,compared with the existing algorithms,the proposed algorithm not only ensures the end-to-end delay and packet loss rate,but also improves the network load balancing by 22.7% and increases the throughput by 8.2%.     

基于深度学习的路面缺陷自动检测系统北大核心CSCD

路面缺陷自动检测对公路养护和路况等级评估具有重要意义。为此,使用YOLOv5x结合透视变换和图像分割设计了路面缺陷检测系统。首先,为证明系统可行性采集并制作了多类型路面缺陷数据集(pavement defect dataset,PDD)。然后,使用SSD(single shot multibox detector)、Faster R-CNN、YOLOv5x(you only look once v5x)和YOLOX 4种模型对PDD进行训练检测。经过训练,4种模型的mAP(mean average precision)均超过了77%,其中YOLOv5x的结果最优,mAP达到了91%,同时证明创建的数据集PDD有效。最后,使用YOLOv5x作为系统主要检测方法结合透视变换、图像分割和骨架提取获取缺陷的长度、宽度和面积等信息,进而计算路面状况指数(pavement condition index,PCI)得到路面破损等级,以及相应的维修建议,提高了路面缺陷检测的实用性。