| 一种新型大规模分布式拒绝服务检测模型研究 |
| |
| 引用本文: | 张健,陈松乔,赵继俊,帅军.一种新型大规模分布式拒绝服务检测模型研究[J].小型微型计算机系统,2007,28(2):255-259. |
| |
| 作者姓名: | 张健 陈松乔 赵继俊 帅军 |
| |
| 作者单位: | 1. 中南大学,信息科学与工程学院,计算机应用技术系,湖南,长沙,410083
2. 国家软件产业基地,湖南,长沙,410074 |
| |
| 摘 要: | 将基于HOPCOUNT的异常数据包过滤技术引入到TaoPeng等人提出的检测方法中,提出了一个新型的DDoS攻击的检测模型.通过判定算法,该模型能够较为准确的区分出正常通信量和异常通信量,并在此基础上,运用CUSUM算法监测两个特征量,实现了DDoS攻击检测.此外,本文将Bloom Filter算法引入到数据库的查找过程中,提高了检测的性能以及检测模型自身的安全性.实验结果证明,该检测模型能够以较高的精确度及时的检测出DDoS攻击行为.
|
| 关 键 词: | 分布式拒绝服务 攻击异常检测 IP欺骗 跳数 |
| 文章编号: | 1000-1220(2007)02-0255-05 |
| 修稿时间: | 2005-10-26 |
Research on a Novel Detection Model for Large-Scale DDoS Attack |
| |
| ZHANG Jian,CHENG Song-qiao,ZHAO Ji-jun,SHUAI Jun.Research on a Novel Detection Model for Large-Scale DDoS Attack[J].Mini-micro Systems,2007,28(2):255-259. |
| |
| Authors: | ZHANG Jian CHENG Song-qiao ZHAO Ji-jun SHUAI Jun |
| |
| Affiliation: | 1 Department of Information Science an Engineering Institute of Computer Application Techology, Center-South University, Changsha 410083. China; 2 National Soft.rare Industry Base, Changsha 410083. China |
| |
| Abstract: | This paper,we propose a new DDoS detection model by introducing the abnormal packet filtering based on HOP COUNT into the Tao Peng's DDoS detection method. The proposed model can differentiate the normal traffics from abnormal traffics by a determinant algorithm. On the basis we implement DDoS attack detection using the CUSUM algorithm to inspect two detection features. Furthermore, we introduce the Bloom Filter algorithm into the database lookup processing, which can improve the detection performance and self-security. The experiment demonstrates this model can detect DDoS attack as early as possible with high detection accuracy. |
| |
| Keywords: | DDoS abnormal detection IP spoofing HOP COUNT |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
