分布式拒绝服务攻击检测分析与优化

分布式拒绝服务攻击(DDoS)是网络安全的重大威胁之一,易于实施并难以防范。该文描述了目前两类主流的DDoS攻击检测方法:基于协议特征和基于网络流量统计的攻击检测方法,并分析了两类检测方法的优点和存在的问题,提出和归纳出一些优化思想和改进方法。     

TFN2K causes denial-of-service attack

CERT Advisory CA-99-17 reports that all systems connected to the Internet can be affected by denial-of-service attacks. Tools that run on a variety of Unix and Unix-like systems and Windows NT systems have recently been released to facilitate these attacks. Additionally, some MacOS systems can be used as traffic amplifiers to conduct a denial-of-service attack.     

软件定义网络环境下的低速率拒绝服务攻击检测方法

低速率拒绝服务（LDoS）攻击是一种拒绝服务（DoS）攻击改进形式,因其攻击平均速率低、隐蔽性强,使得检测LDoS攻击成为难点。针对上述难点,提出了一种在软件定义网络（SDN）的架构下,基于加权均值漂移-K均值算法（WMS-Kmeans）的LDoS攻击检测方法。首先,通过获取OpenFlow交换机的流表信息,分析并提取出SDN环境下LDoS攻击流量的六元组特征;然后,利用平均绝对值百分比误差作为均值漂移聚类中欧氏距离的权值,以此产生的簇心作为K-Means的初始中心对流表进行聚类,从而实现LDoS攻击的检测。实验结果表明：在SDN环境下,所提方法对LDoS攻击具有较好的检测性能,平均检测率达到99.29%,平均误警率和平均漏警率分别为1.97%和0.69%。     

基于观测器的周期拒绝服务攻击网络化系统动态事件触发控制

针对具有周期拒绝服务(DoS)攻击的网络化系统,设计一种基于观测器的具有动态事件触发策略的控制器.首先,通过DoS攻击对网络化系统的影响建立了DoS攻击模型,采用切换系统的方法,将具有DoS攻击的网络化系统分为DoS攻击活跃子系统和DoS攻击休眠子系统.对不可测的系统状态设计状态观测器,通过在静态事件触发中引入一个内部...     

The denial-of-service dance

By understanding the types of attacks available to an adversary, we can develop more effective defenses against them. A taxonomy of denial-of-service attacks based on a dance-hall metaphor is a step toward gaining such an understanding. This article presents a metaphor for DoS-the dance hall-that helps us toward a comprehensive view of DoS attacks. In this article, "DoS" refers to the set of remote DoS attacks that depend on a network's presence. The article and the taxonomy it presents are the results of a short-term study aiming to explore avenues for defense.     

Discovery method for distributed denial-of-service attack behavior in SDNs using a feature-pattern graph model

Frontiers of Information Technology & Electronic Engineering - The security threats to software-defined networks (SDNs) have become a significant problem, generally because of the open...     

System identification with binary-valued observations under both denial-of-service attacks and data tampering attacks: the optimality of attack strategy

With the development of wireless communication technology, cyber physical systems are applied in various fields such as industrial production and infrastructure, where lots of information exchange brings cyber security threats to the systems. From the perspective of system identification with binary-valued observations, we study the optimal attack problem when the system is subject to both denial of service attacks and data tampering attacks. The packet loss rate and the data tampering rate caused by the attack is given, and the estimation error is derived. Then the optimal attack strategy to maximize the identification error with the least energy is described as a min–max optimization problem with constraints. The explicit expression of the optimal attack strategy is obtained. Simulation examples are presented to verify the effectiveness of the main conclusions.     

System identification with binary-valued observations under both denial-of-service attacks and data tampering attacks:the optimality of attack strategy

With the development of wireless communication technology,cyber physical systems are applied in various fields such as industrial production and infrastructure,where lots of information exchange brings cyber security threats to the systems.From the perspective of system identification with binary-valued observations,we study the optimal attack problem when the system is subject to both denial of service attacks and data tampering attacks.The packet loss rate and the data tampering rate caused by the attack is given,and the estimation error is derived.Then the optimal attack strategy to maximize the identification error with the least energy is described as a min–max optimization problem with constraints.The explicit expression of the optimal attack strategy is obtained.Simulation examples are presented to verify the effectiveness of the main conclusions.     

A multi-layer framework for puzzle-based denial-of-service defense

Client puzzles have been advocated as a promising countermeasure to denial-of-service (DoS) attacks in recent years. However, how to operationalize this idea in network protocol stacks still has not been sufficiently studied. In this paper, we describe our research on a multi-layer puzzle-based DoS defense architecture, which embeds puzzle techniques into both end-to-end and IP-layer services. Specifically, our research results in two new puzzle techniques: puzzle auctions for end-to-end protection and congestion puzzles for IP-layer protection. We present the designs of these approaches and evaluations of their efficacy. We demonstrate that our techniques effectively mitigate DoS threats to IP, TCP and application protocols; maintain full interoperability with legacy systems; and support incremental deployment. We also provide a game theoretic analysis that sheds light on the potential to use client puzzles for incentive engineering: the costs of solving puzzles on an attackers’ behalf could motivate computer owners to more aggressively cleanse their computers of malware, in turn hindering the attacker from capturing a large number of computers with which it can launch DoS attacks.     

IP traceback: a new denial-of-service deterrent?

The increasing frequency of malicious computer attacks on government agencies and Internet businesses has caused severe economic waste and unique social threats. IP traceback-the ability to trace IP packets to their origins-is a significant step toward identifying, and thus stopping, attackers.     

基于统计分析的DDoS攻击检测

分析了分布式拒绝服务（Distributed Denial of Service,DDoS）攻击原理及其攻击特征,从提高检测响应时间和减少计算复杂性的角度提出了一种新的DDoS攻击检测方法。该方法基于DDoS攻击的固有特性,从IP连接数据的统计分析中寻找能够描述系统正常行为的分布规律,建立基于统计分析的DDoS攻击检测模型。实验结果表明,该方法能快速有效地实现对DDoS攻击的检测,并对其他网络安全检测具有指导作用。     

Secure consensus of multi-agent systems under denial-of-service attacks

In this paper, we study the secure consensus problem for multiple-input-multiple-output (MIMO) linear multi-agent systems (MASs) subject to denial-of-service (DoS) attacks, where an attack on an agent will block its associated communication channels until it stops. Firstly, we design an unknown input observer (UIO), based upon which we develop a resilient consensus controller, where the UIO depends only on the relative outputs. By employing a common Lyapunov function (CLF) and using the average dwell-time (ADT) method, we show that secure consensus is achieved if the attack length rate is not greater than a positive threshold. Secondly, we design a resilient consensus controller with different control gains. By using the multiple Lyapunov functions (MLFs) technique, we show that secure consensus is achieved if the attack length rate and the attack frequency are respectively not greater than the corresponding positive thresholds. Finally, we present an example of multiple YF-22 research UAVs to demonstrate the theoretical results.     

Stability of networked control system subject to denial-of-service

Dear editor, In recent years,networked control systems(NCSs)have re-ceived ever-increasing interest from researchers owing to the advantages of improving flexib...     

拒绝服务攻击下网络化非线性系统的采样数据控制

本文研究了在拒绝服务攻击下网络化非线性系统的采样数据输出反馈控制问题.首先,为了避免使用完整的状态信息,在存在拒绝服务攻击的情况下设计了一种新颖的切换观测器.其次,同时考虑两个采样周期和拒绝服务攻击的影响,建立了一个新的切换增广系统模型,包括系统本身和误差系统.利用该模型和分段Lyapunov-Krasovskii泛函方法推导出保证切换增广系统是指数稳定的充分条件.进一步,利用线性矩阵不等式的解给出了观测器和控制器增益的共同设计方案.最后,通过仿真验证所提出控制方法的有效性.     

D-WARD: a source-end defense against flooding denial-of-service attacks

Defenses against flooding distributed denial-of-service (DDoS) commonly respond to the attack by dropping the excess traffic, thus reducing the overload at the victim. The major challenge is the differentiation of the legitimate from the attack traffic, so that the dropping policies can be selectively applied. We propose D-WARD, a source-end DDoS defense system that achieves autonomous attack detection and surgically accurate response, thanks to its novel traffic profiling techniques, the adaptive response and the source-end deployment. Moderate traffic volumes seen near the sources, even during the attacks, enable extensive statistics gathering and profiling, facilitating high response selectiveness. D-WARD inflicts an extremely low collateral damage to the legitimate traffic, while quickly detecting and severely rate-limiting outgoing attacks. D-WARD has been extensively evaluated in a controlled testbed environment and in real network operation. Results of selected tests are presented in the paper.     

拒绝服务攻击下领导-跟随多智能体系统的均方一致性研究

针对带有过程噪声和测量噪声的领导-跟随多智能体系统,研究拒绝服务攻击下多智能体系统的一致性问题.首先,设计基于卡尔曼滤波的状态观测器,对智能体状态进行有效准确的估计;然后,基于预测控制理论提出一种基于状态估计信息的分布式预测控制算法,从而实现领导-跟随多智能体系统的均方一致性控制,并给出拒绝服务攻击环境下实现领导-跟随多智能体系统均方一致性的充分必要条件;最后,通过数值仿真验证所提出方法的正确性和有效性.     

Event-triggered model predictive control of switched systems with denial-of-service attacks

Observer-based model predictive control (MPC) for the discrete-time switched systems suffered by event-triggered mechanism and denial-of-service (DoS) attacks is discussed in this paper. We assume that the switch is slow enough and the attacker's energy is limited. To save network resources, an event-triggered mechanism is designed based on dwell time and triggered error. Under the coupled influence of attack and trigger, a complex mismatch of system mode and controller mode occurs, which brings difficulties to the transformation of MPC optimization problem. To address this problem, a new performance index coefficient is designed by using the increasing/decreasing law of Lyapunov function. On this basis, the transformation of the optimization problem is realized. Then, the controller gain and observer gain for the attack-free case are designed to guarantee the exponential convergence of the closed-loop system. In the presence of attacks, we obtain the upper bound of attack duty cycle, below which the exponential convergence of the system can still be archived. An example is illustrated at last to verify the validity of the main results.     

MANET中分布式拒绝服务攻击研究综述

随着移动自组织网络在各个领域内得到广泛的使用,其安全性研究显得越来越重要。DDoS攻击给有线网络造成了很大的威胁,同样也威胁到了移动自组织网络的安全性。由于移动自组织网络和有线网络存在着结构型差异,因此移动自组织网络中的DDoS攻击研究与有线网络中的DDoS攻击研究有较大的不同。论文首先描述了移动自组织网络的安全状况;然后从移动自组织网络的网络架构出发,分别分析移动自组织网络中针对物理层、MAC层、网络层以及传输层的DDoS攻击,同时总结针对不同网络层次的攻击所需要采取的防御措施;最后为移动自组织网络建设过程中就如何防范DDoS攻击提出参考意见。