共查询到19条相似文献,搜索用时 125 毫秒
1.
近些年来,分布式拒绝攻击DDoS(Distributed Denial of Service)因其实施简单、破坏力及危害性巨大,已经成为目前网络安全中最大的威胁之一,如何有效的防范DDoS攻击、减少DDoS攻击带来的危害已成为当前的研究热点。本文重点分析了基于包标记算法的DDoS攻击源追踪技术,对于各种基于包标记算法的攻击源追踪技术进行了原理研究,并对其各自优缺点分别进行了分析与总结。根据各种基于包标记算法的攻击源追踪技术原理,给出了其算法流程。同时,通过模拟实验,对相关的基于流量模式匹配技术的攻击源追踪技术进行了对比与分析,验证了本文提出的算法的性能。 相似文献
2.
DDoS攻击已经成为当今网络安全的最大隐患。文中提出了基于IP地址分段的DDoS路由追踪技术,分析了边界路由器IP地址重叠分段方法以及在地址重构过程中误报的产生,阐述了降低误报率的方法。最后.通过在模拟环境下,验证了该路由追踪技术误报率低、所需边界路由器少、地址重建复杂度小。 相似文献
3.
4.
针对DoS攻击的IP跟踪技术研究 总被引:1,自引:0,他引:1
IP追踪技术是检测和防御分布式拒绝服务攻击的重要手段,它的主要目的是想办法追踪到攻击数据包的源地址,弥补IP协议的不足。成熟的IP追踪技术可以有效抑制DDoS攻击的发生,对网络故障的诊断和减少数据包欺骗将有很大的帮助。文中对当前现有的IP追踪和攻击源定位技术作了系统的分类,分别对它们作了全面的分析并比较了相互之间的异同及优缺点。同时,针对当前的IP追踪和攻击源定位技术现状,讨论了其未来的发展趋势。 相似文献
5.
6.
7.
包标记方案作为追踪DoS(DDoS)攻击源的最有前案的技术,有了很多的实现方法,但都有着一些大大小小的缺陷。文中提出了一种新的技术方案,在概率包标记方案自身的安全性能方面有了很大的改进。 相似文献
8.
拒绝服务攻击给网络安全带来了巨大的威胁,防范DDoS攻击一直是安全领域的一个重要课题。介绍了路由器防范拒绝服务攻击的技术,包括IP路径重构技术、在源端防范DDoS策略、防范IP地址欺骗的机制和基于拥塞控制的方法,指出了进一步的研究方向。 相似文献
9.
DDoS攻击是危害巨大且难以防御的一种网络攻击方式,基于自治系统路由器上流量认证的防御技术,可有效地抵御这种攻击,但其也存在_些不足.由此对一些尚不完善的地方进行了改进,提出了基于自治系统的两级认证体制,满足了数据传输效率与安全性的要求,并通过引入数据传输速率与当前剩余生存周期的的关系,扩展了其防御攻击的范围,实现了不但可以抵御洪水DDoS攻击,还可以抵御半开式连接DDoS攻击. 相似文献
10.
分布式拒绝服务(DDoS)攻击是互联网安全的严重威胁,攻击发生时会有大规模流量淹没目标网络和主机。能够准确快速地检测到攻击,区分合法拥塞流量和攻击流量,对攻击流量加以清洗,对于DDoS攻击的防御来说十分重要。采用信息熵对流量参数进行实时统计来检测攻击,用累积和(CUSUM)算法控制熵值连续变化情况。检测到攻击后,依据目的IP数量前后增长情况找出受害者,对流向受害者处的流量进行重点观察。由于大规模的攻击流量与合法的拥塞流量非常相似,难以识别,在此对流本身的相似性进行考察,使用流相关系数算法辨别攻击流量和合法拥塞流量,为流量清洗工作提供依据。 相似文献
11.
Internet技术的发展和应用,给人们的生产和生活带来了很多便捷,但随之出现的网络安全问题,也成为日益严重的社会问题。针对网络中存在的DDoS攻击进行研究,以分布式并行系统的思想为基础,建立了一种新型DDoS攻击的安全防御体系。该体系通过不同组件间的相互协调、合作,实现了对DDoS攻击的分析及其防御。在对DDoS的攻击流量进行分析的过程中,以数据挖掘的模糊关联规则的方法进行分析,并实现了对攻击源的定位,有效地避免了攻击造成进一步的危害。 相似文献
12.
An attacker compromised a number of VMs in the cloud to form his own network to launch a powerful distrib-uted denial of service (DDoS) attack.DDoS attack is a serious threat to multi-tenant cloud.It is difficult to detect which VM in the cloud are compromised and what is the attack target,especially when the VM in the cloud is the victim.A DDoS detection method was presented suitable for multi-tenant cloud environment by identifying the malicious VM at-tack sources first and then the victims.A distributed detection framework was proposed.The distributed agent detects the suspicious VM which generate the potential DDoS attack traffic flows on the source side.A central server confirms the real attack flows.The feasibility and effectiveness of the proposed detection method are verified by experiments in the multi-tenant cloud environment. 相似文献
13.
14.
Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles 总被引:1,自引:0,他引:1
Our work targets a network architecture and accompanying algorithms for countering distributed denial-of-service (DDoS) attacks directed at an Internet server. The basic mechanism is for a server under stress to install a router throttle at selected upstream routers. The throttle can be the leaky-bucket rate at which a router can forward packets destined for the server. Hence, before aggressive packets can converge to overwhelm the server, participating routers proactively regulate the contributing packet rates to more moderate levels, thus forestalling an impending attack. In allocating the server capacity among the routers, we propose a notion of level-k max-min fairness. We first present a control-theoretic model to evaluate algorithm convergence under a variety of system parameters. In addition, we present packet network simulation results using a realistic global network topology, and various models of good user and attacker distributions and behavior. Using a generator model of web requests parameterized by empirical data, we also evaluate the impact of throttling in protecting user access to a web server. First, for aggressive attackers, the throttle mechanism is highly effective in preferentially dropping attacker traffic over good user traffic. In particular, level-k max-min fairness gives better good-user protection than recursive pushback of max-min fair rate limits proposed in the literature. Second, throttling can regulate the experienced server load to below its design limit - in the presence of user dynamics - so that the server can remain operational during a DDoS attack. Lastly, we present implementation results of our prototype on a Pentium III/866 MHz machine. The results show that router throttling has low deployment overhead in time and memory. 相似文献
15.
This paper presents a systematic method for DDoS attack detection. DDoS attack can be considered a system anomaly or misuse from which abnormal behavior is imposed on network traffic. Attack detection can be performed via abnormal behavior identification. Network traffic characterization with behavior modeling could be a good indication of attack detection. Aggregated traffic has been found to be strong bursty across a wide range of time scales. Wavelet analysis is able to capture complex temporal correlation across multiple time scales with very low computational complexity. We utilize energy distribution based on wavelet analysis to detect DDoS attack traffic. Energy distribution over time will have limited variation if the traffic keeps its behavior over time (i.e. attack-free situation) while an introduction of attack traffic in the network will elicit significant energy distribution deviation in a short time period. Our experimental results with typical Internet traffic trace show that energy distribution variance markedly changes, causing a spike when traffic behaviors are affected by DDoS attack. In contrast, normal traffic exhibits a remarkably stationary energy distribution. In addition, this spike in energy distribution variance can be captured in the early stages of an attack, far ahead of congestion build-up, making it an effective detection of the attack. 相似文献
16.
Meejoung Kim 《ETRI Journal》2019,41(5):560-573
Two supervised learning algorithms, a basic neural network and a long short‐term memory recurrent neural network, are applied to traffic including DDoS attacks. The joint effects of preprocessing methods and hyperparameters for machine learning on performance are investigated. Values representing attack characteristics are extracted from datasets and preprocessed by two methods. Binary classification and two optimizers are used. Some hyperparameters are obtained exhaustively for fast and accurate detection, while others are fixed with constants to account for performance and data characteristics. An experiment is performed via TensorFlow on three traffic datasets. Three scenarios are considered to investigate the effects of learning former traffic on sequential traffic analysis and the effects of learning one dataset on application to another dataset, and determine whether the algorithms can be used for recent attack traffic. Experimental results show that the used preprocessing methods, neural network architectures and hyperparameters, and the optimizers are appropriate for DDoS attack detection. The obtained results provide a criterion for the detection accuracy of attacks. 相似文献
17.
对于骨干网中存在的DDoS攻击,由于背景流量巨大,且分布式指向受害者的多个攻击流尚未汇聚,因此难以进行有效的检测。为了解决该问题,本文提出一种基于全局流量异常相关分析的检测方法,根据攻击流引起流量之间相关性的变化,采用主成份分析提取多条流量中的潜在异常部分之间的相关性,并将相关性变化程度作为攻击检测测度。实验结果证明了测度的可用性,能够克服骨干网中DDoS攻击流幅值相对低且不易检测的困难,同现有的全局流量检测方法相比,该方法能够取得更高的检测率。 相似文献
18.
为了准确及时的进行DDoS攻击检测,提出了一种新的DDoS攻击检测算法。该算法在基于传统的小波分析检测DDoS攻击的基础上融入了主成分分析法和小波分析法中DDoS检测方法,并根据该算法设计相应的模型和算法来检测 DDoS 攻击,并且引入信息论中的信息熵对源IP地址的分散程度进行度量,根据初始阶段Hurst指数及熵值的变化自适应地设定阈值以检测攻击的发生。实验结果表明,该方法大幅度的提高了DDoS检测的速度。 相似文献
19.
首先建立DDoS攻击特征的选择、表示、分析以及模型求解。然后,在此基础上研究基于敏感访问参数可变阈值约束的DDoS攻击防御方法。最后,研究基于可变概率标记的DDoS攻击流量清洗技术。 相似文献