| 基于Multi-stream Combined隐马尔柯夫模型源端检测DDoS攻击 |
| |
| 引用本文: | 康健,李强,张原.基于Multi-stream Combined隐马尔柯夫模型源端检测DDoS攻击[J].计算机应用,2007,27(8):1884-1887. |
| |
| 作者姓名: | 康健 李强 张原 |
| |
| 作者单位: | 吉林大学,计算机科学与技术学院,长春,130012 |
| |
| 摘 要: | 提出了一种新颖的综合考虑多维观测特征的DDoS攻击源端检测方法。该方法引入S-D-P特征概念,并抽取TCP/IP包头中的标志位和ID字段构成多维观测特征,采用Multi-stream Combined隐马尔可夫模型(MC-HMM)在源端网络检测DDoS攻击。大量实验表明,MC-HMM方法克服了基于一维观测特征的检测算法信息量过小的固有缺陷,能够有效降低检测的误报率和漏报率,提高DDoS攻击源端检测精度。
|
| 关 键 词: | 分布式拒绝服务攻击 隐马尔柯夫模型 源端检测 |
| 文章编号: | 1001-9081(2007)08-1884-04 |
| 收稿时间: | 2007-02-13 |
| 修稿时间: | 2007-02-13 |
Detecting DDoS attacks based on multi-stream combined HMM in source-end network |
| |
| KANG Jian,LI Qiang,ZHANG Yuan.Detecting DDoS attacks based on multi-stream combined HMM in source-end network[J].journal of Computer Applications,2007,27(8):1884-1887. |
| |
| Authors: | KANG Jian LI Qiang ZHANG Yuan |
| |
| Affiliation: | Department of Computer Science and Technology, Jilin University, Changchun Jilin 130012, China |
| |
| Abstract: | A new approach for DDoS attacks detection was proposed in source-end network. This approach used Multi-stream Combined Hidden Markov Model (MC HMM) for integrating multi-features simultaneously. The multi-features included the S-D-P feature, TCP header control flags, and IP header ID field. Experiments show that the approach effectively reduces false positive rate and false negative rate, and detection precision of MC-HMM based on multiple detection features is clearly higher than that of the algorithms based on single-feature. |
| |
| Keywords: | DDoS attacks Hidden Markov Model (HMM) source-end detection |
| 本文献已被 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
