| 基于流量分析的App-DDoS攻击检测 |
| |
| 引用本文: | 李锦玲,汪斌强,张 震.基于流量分析的App-DDoS攻击检测[J].计算机应用研究,2013,30(2):487-490. |
| |
| 作者姓名: | 李锦玲 汪斌强 张 震 |
| |
| 作者单位: | 国家数字交换系统工程技术研究中心,郑州,450002 |
| |
| 基金项目: | 国家“863”计划资助项目(2011AA01A103) |
| |
| 摘 要: | 针对当前应用层分布式拒绝服务攻击(App-DDoS)检测方法高度依赖于系统日志,且检测攻击类型单一的问题,提出了基于卡尔曼滤波和信息熵的联合检测模型DFM-FA(detection and filtering model against App-DDoSattacks based on flow analysis),将应用层的行为异常检测映射为网络层的流量异常检测,最大限度地保证了合法用户的优先正常访问.实验证明,DFM-FA既不依赖于系统日志,同时又能检测到FTP、DNS等多种App-DDoS攻击.
|
| 关 键 词: | 应用层分布式拒绝服务攻击 DFM-FA 卡尔曼滤波 信息熵 |
Detecting App-DDoS attacks based on flow analysis |
| |
| LI Jin-ling,WANG Bin-qiang,ZHANG Zhen.Detecting App-DDoS attacks based on flow analysis[J].Application Research of Computers,2013,30(2):487-490. |
| |
| Authors: | LI Jin-ling WANG Bin-qiang ZHANG Zhen |
| |
| Affiliation: | National Digital Switching System Engineering & Technological R&D Center, Zhengzhou 450002, China |
| |
| Abstract: | Aiming at the shortcomings of current methods which highly depend on system logs and fail to detect attacks against FTP or DNS servers, this paper proposed a novel model named DFM-FA that based on Kalman filtering and information entropy. The DFM-FA model mapped behaviour anomaly detection to network anomaly detection, maximizing the priority of legitimate users' access. This model can also detect attacks against FTP or DNS or other servers with no need for system logs. |
| |
| Keywords: | |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
