首页 | 本学科首页   官方微博 | 高级检索  
     

基于自适应阈值的DDoS攻击态势预警模型
引用本文:罗逸涵,程杰仁,唐湘滟,欧明望,王天. 基于自适应阈值的DDoS攻击态势预警模型[J]. 浙江大学学报(工学版), 2020, 54(4): 704-711. DOI: 10.3785/j.issn.1008-973X.2020.04.009
作者姓名:罗逸涵  程杰仁  唐湘滟  欧明望  王天
作者单位:1. 海南大学 计算机与网络空间安全学院,海南 海口 5702282. 海南大学 南海海洋资源利用国家重点实验室,海南 海口 570228
基金项目:国家自然科学基金资助项目(61762033);海南省自然科学基金资助项目(2019RC041,2019RC098)
摘    要:为了准确识别分布式拒绝服务(DDoS)攻击态势预警级别,研究DDoS攻击态势预警技术,设计DDoS攻击态势预警模型逻辑结构,定义区域网络安全脆弱性因子(SVF). 基于长短时记忆(LSTM)网络流量预测模型和区域网络安全脆弱性因子,提出基于动态自适应阈值的DDoS攻击态势预警模型. 提取IP数据包统计特征(IPDCF),使用LSTM预测模型对IPDCF序列建模,对正常流进行预测. 根据预测结果和SVF实时动态地计算预警阈值和预警区间,基于预警阈值和预警区间设定态势预警级别. 实验结果表明,利用该模型能够实时、有效地预警DDoS攻击态势,准确地识别DDoS攻击态势安全级别.

关 键 词:分布式拒绝服务(DDoS)  攻击态势  预警模型  长短时记忆(LSTM)  自适应阈值  

Early warning model of DDoS attack situation based on adaptive threshold
Yi-han LUO,Jie-ren CHENG,Xiang-yan TANG,Ming-wang OU,Tian WANG. Early warning model of DDoS attack situation based on adaptive threshold[J]. Journal of Zhejiang University(Engineering Science), 2020, 54(4): 704-711. DOI: 10.3785/j.issn.1008-973X.2020.04.009
Authors:Yi-han LUO  Jie-ren CHENG  Xiang-yan TANG  Ming-wang OU  Tian WANG
Abstract:The distributed denial of service (DDoS) attack situation warning technology was analyzed in order to accurately identify the DDoS attack situation warning level. The logical structure of DDoS attack situation early warning model was designed, and the regional network security vulnerability factor (SVF) was defined. Then a dynamic adaptive threshold based DDoS attacks situation warning model was proposed based on the long-short-time memory (LSTM) prediction model and SVF. IP-data-counts feature (IPDCF) was extracted, which was modeled by using LSTM prediction model to predict the normal traffic flow. The early warning threshold and the early warning interval were dynamically calculated according to the prediction results and the SVF, and the situation warning level was set based on the early warning threshold and the early warning interval. The experimental results show that the model can be used to predict the DDoS attack situation in real time, and accurately identify the DDoS attack situation security level.
Keywords:distributed denial of service (DDoS)  attack situation  early warning model  long-short-time memory (LSTM)  adaptive threshold  
本文献已被 CNKI 等数据库收录!
点击此处可从《浙江大学学报(工学版)》浏览原始摘要信息
点击此处可从《浙江大学学报(工学版)》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号