DDoS攻击的检测和控制方法

在当前计算机应用环境中开展DDoS攻击检测控制工作,技术人员应该积极尝试不同的方法,从而显著提高应对攻击的有效性。根据不同攻击位置,制定不同的攻击控制侧率,才能够提高DDoS攻击检测控制的精准性。技术人员应该注意检测工具的软件升级,提高检测的灵敏程度。从攻击源端、骨干层过滤和攻击终端过滤三个方面,对攻击对象进行分析,从而显著提高DDoS攻击检测控制的应对效率。本文从DDoS攻击防御的方式进行分析,提出几点有利于应对攻击活动的可行性建议。     

基于隐马尔可夫模型的医院通信网络DDoS攻击检测方法

常规的医院通信网络DDoS攻击检测矩阵结构一般设定为独立形式,致使攻击检测范围的扩大受到限制,进而一定程度上导致DDoS攻击检测召回率下降。针对上述问题,文章提出了一种基于隐马尔可夫模型的医院通信网络DDoS攻击检测方法。该方法根据当前的测定需求及标准对DDoS攻击进行特征提取,采用多目标的方式设计检测矩阵,解析DDoS攻击方向具体位置以及攻击的范围。在此基础上,构建隐马尔可夫医院通信网络DDoS攻击检测模型,采用多元识别+组合处理的方式来实现DDoS攻击的检测目标。测试结果表明：采用本文所设计的方法,DDoS攻击检测召回率可以达到80%以上,对于医院通信网络的攻击检测效率更高,泛化能力明显提升,具有实际的应用价值。     

一种新的DDoS攻击检测算法

为了准确及时的进行DDoS攻击检测,提出了一种新的DDoS攻击检测算法。该算法在基于传统的小波分析检测DDoS攻击的基础上融入了主成分分析法和小波分析法中DDoS检测方法,并根据该算法设计相应的模型和算法来检测 DDoS 攻击,并且引入信息论中的信息熵对源IP地址的分散程度进行度量,根据初始阶段Hurst指数及熵值的变化自适应地设定阈值以检测攻击的发生。实验结果表明,该方法大幅度的提高了DDoS检测的速度。     

DDoS攻击原理与防御

分布式拒绝服务攻击(Distributed Denial of Serviece Attack)是目前黑客用的比较多的攻击手段,这种攻击对网络造成的危害性越来越大.为了更好地了解这种攻击的特点,从而避免产生更大的损失,这里从DoS和DDoS的攻击原理进行探讨研究,研究常见的DDOS攻击的类型如Smurf攻击、Trinoo攻击等.根据这些攻击的特点,提出DDoS攻击的检测方法即基于特征的攻击检测和基于异常的攻击检测.这两种检测技术各有所长,在实际使用中往往需要将两者结合起来,共同提高DDoS检测的准确性.     

DDoS攻击原理及其防御机制的研究

DDoS攻击是一种被黑客广泛应用的攻击方式,它以破坏计算机系统或网络的可用性为目标,危害性极大。本文首先介绍了DDoS攻击的攻击原理,接着从DDoS攻击的攻击手段和攻击方式两个方面对DoS攻击进行分类介绍,然后针对DDoS攻击的方式,提出了一种检测和防御DDoS攻击的模型,最后利用入侵检测技术和数据包过滤技术,设计了一个针对DDoS攻击的检测与防御系统,该系统具有配置简单、易于扩展、实用性较强等优点。     

基于小波分析的网络低速率DDoS攻击检测方法

为减少网络DDoS（分布式拒绝服务）攻击检测误报率,实现对网络DDoS攻击的精准检测,有针对性地调节网络的运行速率,文章设计一种基于小波分析的网络低速率DDoS攻击检测方法。提取DDoS攻击特征,布设异常攻击定位节点,识别异常波段进行同步处理,构建小波分析DDoS攻击检测模型。最终的测试结果表明,对比于传统攻击检测小组,文章设计的小波分析DDoS攻击检测小组误差较小,检测效率较高,具有一定的应用价值。     

基于SNMP和神经网络的DDoS攻击检测

DDoS（Distributed Denial of Service）已经严重威胁计算机网络安全。对DDoS攻击检测的关键是找到能反映攻击流和正常流区别的特征,设计简单高效的算法,实时检测。通过对攻击特点的分析,总结出15个基于SNMP（Simple Network Management Protocol）的检测特征。利用BP神经网络高效的计算性能,设计了基于SNMP和神经网络的DDoS攻击检测模型,提高了检测实时性和准确性。实验表明：该检测模型对多种DDoS攻击都具有很好的检测效果。     

基于OpenFlow与sFlow的DDoS攻击防御方法

分布式拒绝服务(DDoS)攻击是目前比较流行的网络攻击,其破坏力大并且难以防范追踪,对互联网安全造成了极大的威胁。针对此问题提出了一种基于OpenFlow与sFlow的入侵检测方法,通过sFlow采样技术实时检测网络流量,依据网络正常流量设定流量阈值,并通过对超过阈值的异常流量进行攻击检测、判断攻击流,最终使用OpenFlow协议阻断攻击源。该方法可以在几秒内自动检测、处理多种DDoS攻击。实验结果表明,与现有方案对比,该方法能够实时检测并阻止DDoS攻击,有效降低网络资源消耗。     

基于小波和分形原理的DDoS攻击检测方法

提出一种基于离散小波变换和分形原理的DDoS攻击检测方法.该方法通过高散小波变换的多分辩率分析突现DDoS攻击特征,对小波变换系数进行盒分形维计算,将经实验确定的关键盒维数作为多维空间的向量序列,最后使用经过样本训练的K-nn（K最近邻）分类器进行攻击识别.实验结果表明分形与小波相结合取得了较好的检测效果,与离散小波检测方法相比,该方法提高了检测精确度.     

一种新的分布式DDoS攻击防御体系

Internet技术的发展和应用,给人们的生产和生活带来了很多便捷,但随之出现的网络安全问题,也成为日益严重的社会问题。针对网络中存在的DDoS攻击进行研究,以分布式并行系统的思想为基础,建立了一种新型DDoS攻击的安全防御体系。该体系通过不同组件间的相互协调、合作,实现了对DDoS攻击的分析及其防御。在对DDoS的攻击流量进行分析的过程中,以数据挖掘的模糊关联规则的方法进行分析,并实现了对攻击源的定位,有效地避免了攻击造成进一步的危害。     

DDoS攻击方式与防御措施浅议

随着Internet互联网络带宽的增加和多种DDoS黑客工具的不断发布,DDoS拒绝服务攻击的实施越来越容易,DDoS攻击事件正在成上升趋势。论文通过对常用的各种DDoS攻击方式进行分类,对攻击的原理进行了探讨,最后在此基础上有针对性地提出了一些防御DDoS攻击的方法。     

DDoS attack detection and defense based on hybrid deep learning model in SDN

Software defined network (SDN) is a new kind of network technology,and the security problems are the hot topics in SDN field,such as SDN control channel security,forged service deployment and external distributed denial of service (DDoS) attacks.Aiming at DDoS attack problem of security in SDN,a DDoS attack detection method called DCNN-DSAE based on deep learning hybrid model in SDN was proposed.In this method,when a deep learning model was constructed,the input feature included 21 different types of fields extracted from the data plane and 5 extra self-designed features of distinguishing flow types.The experimental results show that the method has high accuracy,it’s better than the traditional support vector machine (SVM) and deep neural network (DNN) and other machine learning methods.At the same time,the proposed method can also shorten the processing time of classification detection.The detection model is deployed in SDN controller,and the new security policy is sent to the OpenFlow switch to achieve the defense against specific DDoS attack.     

新网络环境下应用层DDoS攻击的剖析与防御

针对新网络环境下近两年新出现的应用层分布式拒绝服务攻击,本文将详细剖析其原理与特点,并分析现有检测机制在处理这种攻击上的不足.最后,本文提出一种基于用户行为的检测机制,它利用Web挖掘的方法通过Web访问行为与正常用户浏览行为的偏离程度检测与过滤恶意的攻击请求,并通过应用层与传输层的协作实现对攻击源的隔离.     

Research on DDoS detection in multi-tenant cloud based on entropy change

An attacker compromised a number of VMs in the cloud to form his own network to launch a powerful distrib-uted denial of service (DDoS) attack.DDoS attack is a serious threat to multi-tenant cloud.It is difficult to detect which VM in the cloud are compromised and what is the attack target,especially when the VM in the cloud is the victim.A DDoS detection method was presented suitable for multi-tenant cloud environment by identifying the malicious VM at-tack sources first and then the victims.A distributed detection framework was proposed.The distributed agent detects the suspicious VM which generate the potential DDoS attack traffic flows on the source side.A central server confirms the real attack flows.The feasibility and effectiveness of the proposed detection method are verified by experiments in the multi-tenant cloud environment.     

Supervised learning‐based DDoS attacks detection: Tuning hyperparameters

Two supervised learning algorithms, a basic neural network and a long short‐term memory recurrent neural network, are applied to traffic including DDoS attacks. The joint effects of preprocessing methods and hyperparameters for machine learning on performance are investigated. Values representing attack characteristics are extracted from datasets and preprocessed by two methods. Binary classification and two optimizers are used. Some hyperparameters are obtained exhaustively for fast and accurate detection, while others are fixed with constants to account for performance and data characteristics. An experiment is performed via TensorFlow on three traffic datasets. Three scenarios are considered to investigate the effects of learning former traffic on sequential traffic analysis and the effects of learning one dataset on application to another dataset, and determine whether the algorithms can be used for recent attack traffic. Experimental results show that the used preprocessing methods, neural network architectures and hyperparameters, and the optimizers are appropriate for DDoS attack detection. The obtained results provide a criterion for the detection accuracy of attacks.     

DDoS Attack Detection and Wavelets

This paper presents a systematic method for DDoS attack detection. DDoS attack can be considered a system anomaly or misuse from which abnormal behavior is imposed on network traffic. Attack detection can be performed via abnormal behavior identification. Network traffic characterization with behavior modeling could be a good indication of attack detection. Aggregated traffic has been found to be strong bursty across a wide range of time scales. Wavelet analysis is able to capture complex temporal correlation across multiple time scales with very low computational complexity. We utilize energy distribution based on wavelet analysis to detect DDoS attack traffic. Energy distribution over time will have limited variation if the traffic keeps its behavior over time (i.e. attack-free situation) while an introduction of attack traffic in the network will elicit significant energy distribution deviation in a short time period. Our experimental results with typical Internet traffic trace show that energy distribution variance markedly changes, causing a spike when traffic behaviors are affected by DDoS attack. In contrast, normal traffic exhibits a remarkably stationary energy distribution. In addition, this spike in energy distribution variance can be captured in the early stages of an attack, far ahead of congestion build-up, making it an effective detection of the attack.     

Research on low-rate DDoS attack of SDN network in cloud environment

Aiming at the problems of low-rate DDoS attack detection accuracy in cloud SDN network and the lack of unified framework for data plane and control plane low-rate DDoS attack detection and defense,a unified framework for low-rate DDoS attack detection was proposed.First of all,the validity of the data plane DDoS attacks in low rate was analyzed,on the basis of combining with low-rate of DDoS attacks in the aspect of communications,frequency characteristics,extract the mean value,maximum value,deviation degree and average deviation,survival time of ten dimensions characteristics of five aspects,to achieve the low-rate of DDoS attack detection based on bayesian networks,issued by the controller after the relevant strategies to block the attack flow.Finally,in OpenStack cloud environment,the detection rate of low-rate DDoS attack reaches 99.3% and the CPU occupation rate is 9.04%.It can effectively detect and defend low-rate DDoS attacks.     

UDM:NFV-based prevention mechanism against DDoS attack on SDN controller

DDoS attack extensively existed have been mortal threats for the software-defined networking (SDN) controllers and there is no any security mechanism which can prevent them yet.Combining SDN and network function virtualization (NFV),a novel preventing mechanism against DDoS attacks on SDN controller called upfront detection middlebox (UDM) was proposed.The upfront detection middlebox was deployed between SDN switch interfaces and user hosts distributed,and DDoS attack packets were detected and denied.An NFV-based method of implementing the upfront middlebox was put forward,which made the UDM mechanism be economical and effective.A prototype system based on this mechanism was implemented and lots experiments were tested.The experimental results show that the UDM mechanism based on NFV can real-time and effectively detect and prevent against DDoS attacks on SDN controllers.