共查询到20条相似文献,搜索用时 78 毫秒
1.
“内容中心网络”(Content Centric Networking,CCN)是未来互联网架构体系群中极具前景的架构之一。尽管CCN网络的全新设计使其能够抵御目前网络存在的大多数形式DoS攻击,但仍引发了新型的DoS攻击,其中危害较大的两类攻击是兴趣包泛洪攻击和缓存污染攻击。这两类DoS攻击利用了CCN网络自身转发机制的安全逻辑漏洞,通过泛洪大量的恶意攻击包,耗尽网络资源,并导致网络瘫痪。与传统IP网络中DoS攻击相比,CCN网络中的内容路由、内嵌缓存和接收者驱动传输等新特征,对其DoS攻击的检测和防御方法都提出了新的挑战。本文首先介绍CCN网络的安全设计和如何对抗已有的DoS攻击,然后从多角度描述、比较CCN中新型DoS攻击的特点,重点阐述了兴趣包泛洪攻击和缓存污染攻击的分类、检测和防御方法,以及它们所面临的问题挑战,最后对全文进行总结。 相似文献
2.
3.
ABSTRACTIntrusion detection systems are one of the necessities of networks to identify the problem of network attacks. Organizations striving to protect their data from intruders are often challenged by attackers, who find new ways to attack and compromise the security of the network. The detection process becomes quite difficult while dealing with high-speed and distributed attacks that are performed using botnets. These attacks threat both the confidentiality of legitimate users and the infrastructure of the network and to protect them, early discovery of network attacks is important. In this paper, an open source Intrusion Detection System (IDS), Snort is presented as a solution to detect DoS and Port Scan network attacks in a high-speed network. A set of custom rules has been proposed for Snort to detect DoS and Port Scan attacks in high-speed network. The rules are compared and tested using different attack generators like Scapy, Hping3, LOIC and Nmap. Snort’s efficiency in detecting the DoS and Port Scan attacks using the new rules is experimentally proved to be around 99% for all the attacks except for Ping of Death. The proposed system works well for different attack generators in a high-speed network. 相似文献
4.
入侵检测技术是网络安全领域中的新技术,但它发展还不成熟,很多攻击方法利用它的缺陷进行攻击。其中小IP报文攻击利用Windows和Linux对有数据重叠的报文处理方式不一样进行攻击。论文提出了小IP报文攻击的入侵检测方法,并采用Snort工具进行实验,使得Snort和被保护主机对有数据重叠的报文的处理方式一致,从而使Snort发生误报、漏报的次数明显减少,为实现网络安全提供了有益的借鉴。 相似文献
5.
6.
入侵检测技术是一种主动保护网络资源免受黑客攻击的安全技术。可以弥补防火墙的不足,帮助网络快速发现网络攻击的发生,起着主动防御的作用,为网络安全提供实时的入侵检测及采取相应的防护手段。本文对提高Snort性能的核心技术进行分析,提出一种能够有效提高匹配效率的AC—wM的模式匹配算法,并对改进后的Snort系统进行测试,显著提高了系统的性能。 相似文献
7.
Jing Wang Xiangyu Lei Qisheng Jiang Osama Alfarraj Amr Tolba Gwang-jun Kim 《计算机系统科学与工程》2023,45(2):1727-1742
Software-Defined Network (SDN) decouples the control plane of network devices from the data plane. While alleviating the problems presented in traditional network architectures, it also brings potential security risks, particularly network Denial-of-Service (DoS) attacks. While many research efforts have been devoted to identifying new features for DoS attack detection, detection methods are less accurate in detecting DoS attacks against client hosts due to the high stealth of such attacks. To solve this problem, a new method of DoS attack detection based on Deep Factorization Machine (DeepFM) is proposed in SDN. Firstly, we select the Growth Rate of Max Matched Packets (GRMMP) in SDN as detection feature. Then, the DeepFM algorithm is used to extract features from flow rules and classify them into dense and discrete features to detect DoS attacks. After training, the model can be used to infer whether SDN is under DoS attacks, and a DeepFM-based detection method for DoS attacks against client host is implemented. Simulation results show that our method can effectively detect DoS attacks in SDN. Compared with the K-Nearest Neighbor (K-NN), Artificial Neural Network (ANN) models, Support Vector Machine (SVM) and Random Forest models, our proposed method outperforms in accuracy, precision and F1 values. 相似文献
8.
随着互联网时代的发展,内部威胁、零日漏洞和DoS攻击等攻击行为日益增加,网络安全变得越来越重要,入侵检测已成为网络攻击检测的一种重要手段。随着机器学习算法的发展,研究人员提出了大量的入侵检测技术。本文对这些研究进行了综述。首先,简要介绍了当前的网络安全形势,并给出了入侵检测技术及系统在各个领域的应用。然后,从数据来源、检测技术和检测性能三个方面对入侵检测相关技术和系统进行已有研究工作的总结与评价,其中,检测技术重点论述了传统机器学习、深度学习、强化学习、可视化分析技术等方法。最后,讨论了当前研究中出现的问题并展望该技术的未来发展方向和前景。本文希望能为该领域的研究人员提供一些有益的思考。 相似文献
9.
WLAN中基于规范的自适应DoS攻击检测* 总被引:1,自引:0,他引:1
无线网络由于其传输介质及通信规程的特殊性,除了要面对有线网络中存在的各种拒绝服务(denial of service, DoS)攻击之外,还面临着一些在无线环境下特有的DoS攻击。针对由伪造协议会话中使用的管理帧和EAP帧发起的DoS攻击,提出了一种基于规范的自适应检测方法(WSBA),为无线局域网所执行的安全协议建立在正常运行时的状态转移模型连同网络安全策略约束定义作为检测规范,作为检测此类DoS攻击的依据。给出了检测阈值的自适应调整算法,分析了算法参数设置对检测性能的影响。实验测试结果表明该方法是正确而有效的。 相似文献
10.
首先分析了Snort网络入侵检测系统,然后剖析了ARP协议工作原理及ARP欺骗攻击的过程.根据校园网的网络结构特点,在网关上安装Snort,通过修改Snort配置文件,添加输出ARR头部信息的Snort输出插件,实现对校园网ARP欺骗的检测预防. 相似文献
11.
《Computer Networks》2007,51(12):3564-3573
In most network security analysis, researchers mainly focus on qualitative studies on security schemes and possible attacks, and there are few papers on quantitative analysis in the current literature. In this paper, we propose one queueing model for the evaluation of the denial of service (DoS) attacks in computer networks. The network under DoS attacks is characterized by a two-dimensional embedded Markov chain model. With this model, we can develop a memory-efficient algorithm for finding the stationary probability distribution which can be used to find other interesting performance metrics such as the connection loss probability and buffer occupancy percentages of half-open connections for regular traffic and attack traffic. Different from previous works in the literature, this paper gives a more general analytical approach to the study of security measures of a computer network under DoS attacks. We hope that our approach opens a new avenue to the quantitative evaluation of more complicated security schemes in computer networks. 相似文献
12.
随着网络应用日益普及,随之而来的网络安全问题日益凸显,本文针对校园网所面临的安全威胁,通过对入侵检测技术的简单介绍,结合校园网的实际情况提出一种新的基于遗传算法的BP神经网络实时入侵检测系统,它有效地增强了校园网的安全防护。 相似文献
13.
14.
在分析传统入侵检测系统不足的基础上,提出了基于Linux操作系统的DoS攻击检测和审计系统。网络安全检测模块通过统计的方法检测内网发起的DoS攻击行为,网络行为规范模块过滤用户对非法网站的访问,网络行为审计模块则记录内网用户的非法行为。实验证明,相比传统的入侵检测系统,该系统能够有效地检测出DoS攻击,并能规范网络用户行为和有效审计非法网络行为。 相似文献
15.
本文针对校园网中对网络安全和性能影响较大的几种网络行为:ARP攻击、DoS攻击、蠕虫病毒攻击、P2P、私接网络造成网络拓扑环路、黑客入侵等的特点进行了分析,得出其行为特征,为进一步规范网络行为提供了依据。 相似文献
16.
分布式高速网络入侵防御系统研究 总被引:5,自引:0,他引:5
网络的安全问题日益严重,DoS,DDoS等暴力攻击成为千兆级别高速网络上的主要攻击手段,蠕虫的传播占据了大量的网络带宽.传统的入侵检测系统不能有效地处理大量的网络数据,且无法及时阻断检测到的攻击行为.本文针对以上问题,提出了一种可有效运行在高速网络上的分布式入侵检测与阻断系统.此类系统也称为入侵防御系统IPS(Intrusion Prevention System). 相似文献
17.
Gu Hsin Lai Chia-Mei Chen Bing-Chiang Jeng Willams Chao 《Expert systems with applications》2008,34(4):3071-3080
The denial-of-service (DoS) attacks with the source IP address spoofing techniques has become a major threat to the Internet. An intrusion detection system is often used to detect DoS attacks and to coordinate with the firewall to block them. However, DoS attack packets consume and may exhaust all the resources, causing degrading network performance or, even worse, network breakdown. A proactive approach to DoS attacks is allocating the original attack host(s) issuing the attacks and stopping the malicious traffic, instead of wasting resources on the attack traffic.
In this paper, an ant-based traceback approach is proposed to identify the DoS attack origin. Instead of creating a new type or function or processing a high volume of fine-grained data used by previous research, the proposed traceback approach uses flow level information to identify the origin of a DoS attack.
Two characteristics of ant algorithm, quick convergence and heuristic, are adopted in the proposed approach on finding the DoS attack path. Quick convergence efficiently finds out the origin of a DoS attack; heuristic gives the solution even though partial flow information is provided by the network.
The proposed method is evaluated through simulation on various network environments and two simulated real networks, NSFNET and DFN. The simulation results show that the proposed method can successfully and efficiently find the DoS attack path in various simulated network environments, with full and partial flow information provided by the networks. 相似文献
18.
19.
20.
针对存在拒绝服务(DoS)攻击与执行器故障的工业信息物理融合系统(ICPS),将机理解析与数据驱动方法相结合,在新型自适应事件触发通信机制下,研究双重安全控制问题.首先,设计自适应事件触发机制,能够触发参数随系统行为动态自适应变化,节约更多网络通信资源;其次,基于系统最大允许时延建立攻击检测机制,可以有效区分大、小能量DoS攻击;再次,基于极限学习机算法(ELM)建立时序预测模型,用于大能量DoS攻击时重构修正控制量,以主动容侵攻击的影响,并给出与小能量攻击时机理解析的弹性被动容侵来提升系统对攻击的防御能力;然后,借助T-S模糊理论、时滞系统理论、新型Bessel-Legendre不等式等,推证得到系统鲁棒观测器及双重安全控制器的解析求解方法,使双重安全控制与通讯性能得到折衷协同提升;最后,通过实例仿真验证所提出方法的有效性. 相似文献